Other ways to search: Events Calendar | UTHSC

Cybersecurity Scam of the Week – Hurricane Relief Scams


With two hurricanes in the news currently, be mindful of scammers who want to take advantage of your generosity and willingness to help to scam you into giving them your money, instead of it going to those who need it the most.

Hurricane Fiona hit Puerto Rico, the Bahamas, and even the coast of Canada hard. Hurricane Ian had its sights set on the gulf coast of Florida. When natural disasters hit multiple regions, the calls to help with donations of supplies and money take many different avenues. 

Scammers pose as representatives of charities seeking donations for disaster relief. There are several steps you can take to protect yourself from this type of fraud,  including:

  • donating to only trusted, well-known charities
  • verify all communication channels sent to you
    • don’t assume a phone number in an email will get you to the right people
    • don’t reply to an email, even if it looks legit. They may be spoofing a name or email address
  • don’t open suspicious emails
  • verify information in social media posts

Call the FEMA Disaster Fraud Hotline toll-free to report suspected fraud at 1-866-720-5721. If you need to report other fraudulent activities during or following a natural disaster, please notify FEMA at 1-866-720-5721 or disaster@leo.gov.

What has been reported to abuse@uthsc.edu this past week?

  • [Ext] Invoice Number100118992 – wanting the recipient to open an attachment
  • [Ext] Favor to ask – usually these start by asking if the person is available to do a favor. This one asked if the recipient “shop on amazon”. 
  • UTK UPDATE – from a compromised account from another UT campus, this was offering a part-time job of $550 per week for only 2-3 hours of work. I would call that a too good to be true scam. 
  • OFFICE 365 – same compromised account, but tried a different tactic wanting the recipient to click on a link to “login” to O365. All they wanted was to steal NetID and passwords. 
  • [Ext] uthsc HR Benefits Enrollment Eligibility – word has gotten out it is open enrollment time here at UTHSC. This came, not from HR, but from an outside email wanting the recipient to “review and approve the compliance section so we can proceed”.  All HR correspondence would come from our HR department, not an outside source. 
  • [Ext] Hi, you have 1 VM on 09/20/2022. Refer below to listen – This one stated it was from the “Uthsc | Call System” but came from an outside email wanting the recipient to click on an attachment. 
  • [Ext] ☎ Missed VN Calls 0:56 secs September 22, 2022 at 01:24:48 AM – this is another attempt to have someone click on an attachment to listen to a voicemail that didn’t come from our Ring Central. 
  • [Ext] CHANGE OF DD. – this is getting to be a weekly occurrence when someone is attempting to change the direct deposit information for an employee to an account that a scammer controls. Payroll has specific procedures in place for a change in direct deposit, so these phishes fail. 
  • [Ext] Xerox Scan image from MTC-A3:04 PM381 – this looked like it was a scanned fax from a Xerox machine, but on closer look, the email address was from Indonesia. 
  • [Ext] Notifications (1):9/20/2022 – this was another one trying to spoof Microsoft to get the recipient to click a link to keep the same password for their account. This is against UTHSC policy. 
  • [Ext] Storage Report Limit – this one said the recipient couldn’t send emails because the mailbox was 94% full. It said it was coming from “IT Help Desk” but it was an external email address.
  • [Ext] Your linked card has been debited for the renewed service plan. – a week can’t go by without a report of some type of auto-renewal scam.
  • [Ext] “Thank you for Your order: #OHB745 88HYZ_22”! / – this one has pretty pictures and logos from the Geek Squad and Best Buy to make it look more legitimate. Still the same auto-renewal scam. 

Keep reporting suspicious emails to abuse@uthsc.edu for examination. If you wish to report an incident to the Office of Cybersecurity, use TechConnect.