%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20240923220201+00'00') /ModDate (D:20240923220201+00'00') /Title (Report 09-2024) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 12 0 R 14 0 R 16 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 3736 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 343.637 521.469 403.097 re f 0.773 0.773 0.773 RG 0.75 w 0 J [ ] 0 d 45.641 344.012 520.719 402.347 re S 0.773 0.773 0.773 rg 61.016 359.387 m 550.984 359.387 l 550.984 360.137 l 61.016 360.137 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(COMPROMISED STUDENT ACCOUNT USED FOR PHISHING)] TJ ET 0.400 0.400 0.400 rg BT 61.016 664.909 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 664.909 Td /F3 9.0 Tf [(January 01,1970)] TJ ET BT 173.588 664.909 Td /F2 9.0 Tf [( by )] TJ ET BT 188.096 664.909 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 637.420 Td /F4 9.0 Tf [(Just because mail seems to come from a university address, doesn’t mean to say that it is legitimate.)] TJ ET BT 61.016 617.431 Td /F4 9.0 Tf [(The latest phishing scam making its rounds at the university is being sent from a compromised student account. The )] TJ ET BT 61.016 606.442 Td /F4 9.0 Tf [(subject line is all in capital letters and is meant to frighten you into clicking on a link and filling in your details. This is )] TJ ET BT 61.016 595.453 Td /F4 9.0 Tf [(probably how the student account that is now sending it was originally compromised.)] TJ ET BT 61.016 575.464 Td /F4 9.0 Tf [(This is a typical phishing scam. Do not respond or click on any of the links. Many thanks to all the observant students who )] TJ ET BT 61.016 564.475 Td /F4 9.0 Tf [(picked it up and pointed it out to us.)] TJ ET BT 61.016 544.486 Td /F4 9.0 Tf [(Below is an example of the mail \(with the dangerous bits removed\))] TJ ET 0.592 0.592 0.592 rg 0.592 0.592 0.592 RG 305.016 534.788 m 306.516 534.788 l 305.766 534.038 l 305.766 534.038 l f 1.000 1.000 1.000 rg 1.000 1.000 1.000 RG 305.016 532.538 m 306.516 532.538 l 305.766 533.288 l 305.766 533.288 l f 306.516 534.788 m 306.516 532.538 l 305.766 533.288 l 305.766 534.038 l f 0.592 0.592 0.592 rg 0.592 0.592 0.592 RG 305.016 534.788 m 305.016 532.538 l 305.766 533.288 l 305.766 534.038 l f 0.153 0.153 0.153 rg BT 61.016 514.747 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 494.758 Td /F1 9.0 Tf [(From: )] TJ ET 0.373 0.169 0.255 rg BT 89.015 494.758 Td /F4 9.0 Tf [(Compromised, Student account <12345678@sun.ac.za>)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 89.015 493.607 m 315.770 493.607 l S 0.153 0.153 0.153 rg BT 61.016 483.769 Td /F1 9.0 Tf [(Sent: )] TJ ET BT 86.018 483.769 Td /F4 9.0 Tf [(Monday, 17 April 2017 12:19 PM)] TJ ET BT 61.016 472.780 Td /F1 9.0 Tf [(To: )] TJ ET 0.373 0.169 0.255 rg BT 77.513 472.780 Td /F4 9.0 Tf [(fake@email.address)] TJ ET 0.18 w 0 J [ ] 0 d 77.513 471.629 m 159.674 471.629 l S 0.153 0.153 0.153 rg BT 61.016 461.791 Td /F1 9.0 Tf [(Subject: )] TJ ET BT 99.023 461.791 Td /F4 9.0 Tf [(YOUR EMAIL ACCOUNT HAS BEEN COMPROMISED)] TJ ET BT 61.016 441.802 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 421.813 Td /F4 9.0 Tf [(Certify Your email )] TJ ET 0.373 0.169 0.255 rg BT 135.032 421.813 Td /F1 9.0 Tf [(HERE)] TJ ET 0.18 w 0 J [ ] 0 d 135.032 420.383 m 160.034 420.383 l S 0.592 0.592 0.592 rg 0.592 0.592 0.592 RG 305.016 412.115 m 306.516 412.115 l 305.766 411.365 l 305.766 411.365 l f 1.000 1.000 1.000 rg 1.000 1.000 1.000 RG 305.016 409.865 m 306.516 409.865 l 305.766 410.615 l 305.766 410.615 l f 306.516 412.115 m 306.516 409.865 l 305.766 410.615 l 305.766 411.365 l f 0.592 0.592 0.592 rg 0.592 0.592 0.592 RG 305.016 412.115 m 305.016 409.865 l 305.766 410.615 l 305.766 411.365 l f 0.153 0.153 0.153 rg BT 432.949 392.074 Td /F4 9.0 Tf [([ARTICLE BY DAVID WILES])] TJ ET 0.400 0.400 0.400 rg BT 61.016 373.585 Td /F2 9.0 Tf [(Posted in:Security | Tagged:Phishing,Security,Spam | With 0 comments)] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Annot /Subtype /Link /A 13 0 R /Border [0 0 0] /H /I /Rect [ 89.0147 493.9252 315.7697 503.0827 ] >> endobj 13 0 obj << /Type /Action /S /URI /URI (mailto:noreply@sun.ac.za) >> endobj 14 0 obj << /Type /Annot /Subtype /Link /A 15 0 R /Border [0 0 0] /H /I /Rect [ 77.5127 471.9472 159.6737 481.1047 ] >> endobj 15 0 obj << /Type /Action /S /URI /URI (mailto:noreply@sun.ac.za) >> endobj 16 0 obj << /Type /Annot /Subtype /Link /A 17 0 R /Border [0 0 0] /H /I /Rect [ 135.0317 420.9802 160.0337 430.1377 ] >> endobj 17 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/en/2016/10/how-to-recognise-a-phishing-e-mail/) >> endobj xref 0 18 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000305 00000 n 0000000334 00000 n 0000000472 00000 n 0000000568 00000 n 0000004356 00000 n 0000004468 00000 n 0000004583 00000 n 0000004703 00000 n 0000004811 00000 n 0000004938 00000 n 0000005014 00000 n 0000005141 00000 n 0000005217 00000 n 0000005345 00000 n trailer << /Size 18 /Root 1 0 R /Info 5 0 R >> startxref 5469 %%EOF Compromised student account used for phishing « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

«
»

Compromised student account used for phishing

Just because mail seems to come from a university address, doesn’t mean to say that it is legitimate.

The latest phishing scam making its rounds at the university is being sent from a compromised student account. The subject line is all in capital letters and is meant to frighten you into clicking on a link and filling in your details. This is probably how the student account that is now sending it was originally compromised.

This is a typical phishing scam. Do not respond or click on any of the links. Many thanks to all the observant students who picked it up and pointed it out to us.

Below is an example of the mail (with the dangerous bits removed)

 

From: Compromised, Student account <12345678@sun.ac.za>
Sent: Monday, 17 April 2017 12:19 PM
To: fake@email.address
Subject: YOUR EMAIL ACCOUNT HAS BEEN COMPROMISED

 

Certify Your email HERE

[ARTICLE BY DAVID WILES]

Email

Tags: , ,

This entry was posted on Tuesday, April 18th, 2017 at 9:27 am and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.

 

© 2013-2024 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.