Other ways to search: Events Calendar | UTHSC

Cybersecurity Scam of the Week – Active Scams on Inactive Accounts

|

Recently, Google announced a change to its inactive account policies. Starting in December 2023, accounts that have been inactive for two or more years will start to get deleted. While this policy is meant to enhance security, cybercriminals could use this news for their phishing scams. 

There is an expectation of seeing an influx of phishing scams based on Google’s new policies. Cybercriminals may send you phishing emails claiming that your Google account will be deleted unless you take immediate action. They may also ask you for your Google login credentials. If your login credentials fall into the wrong hands, cybercriminals could steal your sensitive information or impersonate you to scam others. Remember, Google is not the only organization that can be mimicked to look like a legitimate notification. ANY account you have can be at risk for identity theft or credential stealing. 

Follow the tips below to spot similar scams:

  • If you receive an email claiming that your account will be deleted, consider whether or not you use the account in question and verify the legitimacy of the email.
  • Think before you click. Cyberattacks are designed to catch you off guard and trigger you to click impulsively. 

Be cautious before logging in to accounts through an email link. Instead, navigate to the organization’s official website to log in.

What has been reported to abuse@uthsc.edu this past week?

  • [Ext] ACH Authorization Form – a phish attempting to change the banking information of an employee’s direct deposit.
  • [Ext] ***UPDATE ALERT: Uthsc Important Email Security update for all Employee(s)*** – this phish attempted to look like it was coming from “Uthsc Admin”, it came from an external email address.
  • [Ext] You received a new invoice (#44557444) – a phish wanting the recipient to click a link to pay an invoice.
  • [Ext] Thank you for choosing us-xx6927 – a phish wanting the recipient to open an attachment to view “your plan”. 
  • [Ext] BestBuyTech LLC sent you invoice_805124 – this auto-renewal scam used Dropbox to look more legitimate. 

Keep reporting suspicious emails to abuse@uthsc.edu for examination. If you wish to report an incident to the Office of Cybersecurity, use TechConnect.