Other ways to search: Events Calendar | UTHSC

SPAR – Cybersecurity Scam of the Week – Preparing for Black Friday Scams


This week, instead of reporting a scam that has already happened, we want to prepare you for one you will probably receive – Black Friday Scams.

Researchers report that 30% of the U.S. population reported receiving a phishing email around Black Friday in 2020, via either text message or email. And you know it only gets worse, not better.

Tessian reports “consumers expect to receive more marketing and advertising emails from retailers during this time, touting their deals, along with updates about their orders and notifications about deliveries. Inboxes are noisier-than-usual and this makes it easier for cybercriminals to ‘hide’ their malicious messages. What’s more, attackers can leverage the ‘too-good-to-be-true’ deals people are expecting to receive, using them as lures to successfully deceive their victims. When the email looks like it has come from a legitimate brand and email address, people are more likely to click on malicious links that lead to fake websites or download harmful attachments.”

How to avoid falling for these phishing and smashing attacks?  Here are some simple tips:

  • Inspect emails and text messages to look out for spelling errors; these are a sure sign that it is not from a legitimate source.
  • Take a few seconds to verify that the sender’s name and email address match up, especially if you are reading your emails on your mobile. Cybercriminals typically spoof a brand’s name in the hope that you’ll fail to inspect the email domain.
  • Be wary of business messages from unknown numbers or numbers starting with a local area code such as +44, as these are regularly associated with scam texts.
  • If you’re led to a website, look for the padlock in the URL bar to verify the website is secure or not.
  • And, if in doubt, just don’t click. You can follow up with the delivery company or retailer directly if you have a question that needs to be answered.

The entire report can be found on Tessian’s blog.

What else has been reported to abuse@uthsc.edu this past week?

  • FW: All Staff – this is interesting because it was reported from an outside, but affiliated, email address; however the body of the email is how “Your mailbox is almost full on the UTHSC Server.”
  • [Ext] Purchase order from – a vendor reported that her email address had been compromised, and she did not send any purchase order to UTHSC. This is a wonderful example of not hiding when something goes wrong, but working together to stop the spread of an attack.
  •  [Ext] Payment successfull, Invoice INV03112021 ZW – same old Norton auto-renewal scam (with a typo in the Subject line).
  • [Ext] Job Opportunity – looks like this one was sent to people with a similar name, they only want to hire people named “Jack”?

Keep reporting suspicious emails to abuse@uthsc.edu for examination and any other inquiries for the Office of Cybersecurity should be directed to itsecurity@uthsc.edu.