Other ways to search: Events Calendar | UTHSC

Cybersecurity Scam of the Week – What You Can Learn From the MGM Cyberattack


This past week, MGM made headlines with the news of a cyberattack costing over 52 million dollars in lost revenue. Nearly all of MGM’s hotels, casinos, and ATMs went offline. This massive attack started with a simple social engineering scam. 

Using information found on a LinkedIn post, a cybercriminal impersonated an MGM employee and called their IT department. They asked to have their password reset, and the IT department reset the employee’s password. This gave the cybercriminal access to the employee’s account and eventually led to the cybercriminal taking over MGM’s entire system. This example shows the importance of learning how to protect yourself and others from similar attacks. 

Follow the tips below to stay safe from similar scams:

  • Be careful with the information you share about yourself online. Cybercriminals can use this information to target you in phishing attacks. 
  • Confirm that the person you’re speaking to is who they say they are. Reach out to them using another form of contact or by meeting face-to-face.

Be suspicious of emails, texts, and social media posts that contain shocking information about this event. These may lead to disinformation, which is false information designed to mislead you. Like natural disasters, any newsworthy event can be used by scammers to get your attention.

What has been reported to abuse@uthsc.edu this past week?

  • [Ext] Your order reference number is 741304DF currently pending – this is an auto-renewal scam hoping the recipient will call a phone number listed in the email to dispute a charge
  • [Ext] Payment for order no. 49612401 is approved – this is the same email as above, to the same recipient
  • [Ext] Your Ticket No. 253936XS has been delivered – the same scam, to the same recipient again, but using a different phone number to call to dispute the charge
  • [Ext] Ticket no 81QFBHSEQ0 status updated on – and another one to the same recipient. All of these listed above used Google Groups to deliver these phishes.
    • This same recipient received approximately 5-6 more of these same scams
  • [Ext] **Name of Recipient** – this is a direct deposit scam, using poor grammar, asking the recipient to “help update my depository details.” 
  • [Ext] Greetings **Name of Recipient** – this phish is asking the recipient for a favor which is usually the start of a gift card scam
  • Memo from HR : Student & staff services alert – this phish did not come from HR, but from a compromised account from another UT campus.
  • Giveaway: Don’t Miss Out!!!! – from another compromised account, this offers a phone number to text to get free stuff
  • ADMINISTRATIVE: GIVING OUT FREE INSTRUMENTS – the same exact email as above with a different Subject line
  • GIVEAWAY-DOWNSIZING MUSICAL INSTRUNMENTS AND ITEMS – from another campus, this compromised account offered another phone number to call
  • [Ext] Authenticator Due Today Wednesday September 2023 – this phish, pretending to be from Microsoft, wanted the recipient to scan a QR code in the email to “reauthenticate”
  • [Ext] Are you accessible?. – yes, they used a question mark and a period. This is attempting to spoof the name of someone on campus asking if the recipient has time to do a favor.

Keep reporting suspicious emails to abuse@uthsc.edu for examination. If you wish to report an incident to the Office of Cybersecurity, use TechConnect.