%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20240511030132+00'00') /ModDate (D:20240511030132+00'00') /Title (IT-artikels) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 12 0 R 14 0 R 16 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 3679 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 282.250 521.469 464.484 re f 0.773 0.773 0.773 RG 0.75 w 0 J [ ] 0 d 45.641 282.625 520.719 463.734 re S 0.773 0.773 0.773 rg 61.016 617.359 m 550.984 617.359 l 550.984 618.109 l 61.016 618.109 l f 1.000 1.000 1.000 rg BT 278.868 698.693 Td /F1 10.5 Tf [(POST LIST)] TJ ET 0.200 0.200 0.200 rg BT 212.789 670.111 Td /F1 14.4 Tf [(INFORMASIETEGNOLOGIE)] TJ ET BT 221.824 643.466 Td /F1 11.7 Tf [(INFORMATION TECHNOLOGY)] TJ ET BT 61.016 583.841 Td /F1 14.4 Tf [(COMPROMISED STUDENT ACCOUNT USED FOR PHISHING)] TJ ET 0.400 0.400 0.400 rg BT 61.016 564.033 Td /F3 9.0 Tf [(Just because mail seems to come from a university address, doesn’t mean to say that it is legitimate.)] TJ ET BT 61.016 544.044 Td /F3 9.0 Tf [(The latest phishing scam making its rounds at the university is being sent from a compromised student account. The )] TJ ET BT 61.016 533.055 Td /F3 9.0 Tf [(subject line is all in capital letters and is meant to frighten you into clicking on a link and filling in your details. This is )] TJ ET BT 61.016 522.066 Td /F3 9.0 Tf [(probably how the student account that is now sending it was originally compromised.)] TJ ET BT 61.016 502.077 Td /F3 9.0 Tf [(This is a typical phishing scam. Do not respond or click on any of the links. Many thanks to all the observant students who )] TJ ET BT 61.016 491.088 Td /F3 9.0 Tf [(picked it up and pointed it out to us.)] TJ ET BT 61.016 471.099 Td /F3 9.0 Tf [(Below is an example of the mail \(with the dangerous bits removed\))] TJ ET 0.592 0.592 0.592 rg 0.592 0.592 0.592 RG 305.016 461.401 m 306.516 461.401 l 305.766 460.651 l 305.766 460.651 l f 1.000 1.000 1.000 rg 1.000 1.000 1.000 RG 305.016 459.151 m 306.516 459.151 l 305.766 459.901 l 305.766 459.901 l f 306.516 461.401 m 306.516 459.151 l 305.766 459.901 l 305.766 460.651 l f 0.592 0.592 0.592 rg 0.592 0.592 0.592 RG 305.016 461.401 m 305.016 459.151 l 305.766 459.901 l 305.766 460.651 l f 0.400 0.400 0.400 rg BT 61.016 441.360 Td /F3 9.0 Tf [( )] TJ ET BT 61.016 421.371 Td /F4 9.0 Tf [(From: )] TJ ET 0.373 0.169 0.255 rg BT 89.015 421.371 Td /F3 9.0 Tf [(Compromised, Student account <12345678@sun.ac.za>)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 89.015 420.220 m 315.770 420.220 l S 0.400 0.400 0.400 rg BT 61.016 410.382 Td /F4 9.0 Tf [(Sent: )] TJ ET BT 86.018 410.382 Td /F3 9.0 Tf [(Monday, 17 April 2017 12:19 PM)] TJ ET BT 61.016 399.393 Td /F4 9.0 Tf [(To: )] TJ ET 0.373 0.169 0.255 rg BT 77.513 399.393 Td /F3 9.0 Tf [(fake@email.address)] TJ ET 0.18 w 0 J [ ] 0 d 77.513 398.242 m 159.674 398.242 l S 0.400 0.400 0.400 rg BT 61.016 388.404 Td /F4 9.0 Tf [(Subject: )] TJ ET BT 99.023 388.404 Td /F3 9.0 Tf [(YOUR EMAIL ACCOUNT HAS BEEN COMPROMISED)] TJ ET BT 61.016 368.415 Td /F3 9.0 Tf [( )] TJ ET BT 61.016 348.426 Td /F3 9.0 Tf [(Certify Your email )] TJ ET 0.373 0.169 0.255 rg BT 135.032 348.426 Td /F4 9.0 Tf [(HERE)] TJ ET 0.18 w 0 J [ ] 0 d 135.032 346.997 m 160.034 346.997 l S 0.592 0.592 0.592 rg 0.592 0.592 0.592 RG 305.016 338.728 m 306.516 338.728 l 305.766 337.978 l 305.766 337.978 l f 1.000 1.000 1.000 rg 1.000 1.000 1.000 RG 305.016 336.478 m 306.516 336.478 l 305.766 337.228 l 305.766 337.228 l f 306.516 338.728 m 306.516 336.478 l 305.766 337.228 l 305.766 337.978 l f 0.592 0.592 0.592 rg 0.592 0.592 0.592 RG 305.016 338.728 m 305.016 336.478 l 305.766 337.228 l 305.766 337.978 l f 0.400 0.400 0.400 rg BT 432.949 318.687 Td /F3 9.0 Tf [([ARTICLE BY DAVID WILES])] TJ ET BT 61.016 300.198 Td /F3 9.0 Tf [(Posted in:Security | Tagged:Phishing,Security,Spam | With 0 comments)] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Annot /Subtype /Link /A 13 0 R /Border [0 0 0] /H /I /Rect [ 89.0147 420.5386 315.7697 429.6961 ] >> endobj 13 0 obj << /Type /Action /S /URI /URI (mailto:noreply@sun.ac.za) >> endobj 14 0 obj << /Type /Annot /Subtype /Link /A 15 0 R /Border [0 0 0] /H /I /Rect [ 77.5127 398.5606 159.6737 407.7181 ] >> endobj 15 0 obj << /Type /Action /S /URI /URI (mailto:noreply@sun.ac.za) >> endobj 16 0 obj << /Type /Annot /Subtype /Link /A 17 0 R /Border [0 0 0] /H /I /Rect [ 135.0317 347.5936 160.0337 356.7511 ] >> endobj 17 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/en/2016/10/how-to-recognise-a-phishing-e-mail/) >> endobj xref 0 18 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000305 00000 n 0000000334 00000 n 0000000469 00000 n 0000000565 00000 n 0000004296 00000 n 0000004408 00000 n 0000004515 00000 n 0000004631 00000 n 0000004751 00000 n 0000004878 00000 n 0000004954 00000 n 0000005081 00000 n 0000005157 00000 n 0000005285 00000 n trailer << /Size 18 /Root 1 0 R /Info 5 0 R >> startxref 5409 %%EOF Compromised student account used for phishing « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

«
»

Compromised student account used for phishing

Just because mail seems to come from a university address, doesn’t mean to say that it is legitimate.

The latest phishing scam making its rounds at the university is being sent from a compromised student account. The subject line is all in capital letters and is meant to frighten you into clicking on a link and filling in your details. This is probably how the student account that is now sending it was originally compromised.

This is a typical phishing scam. Do not respond or click on any of the links. Many thanks to all the observant students who picked it up and pointed it out to us.

Below is an example of the mail (with the dangerous bits removed)

 

From: Compromised, Student account <12345678@sun.ac.za>
Sent: Monday, 17 April 2017 12:19 PM
To: fake@email.address
Subject: YOUR EMAIL ACCOUNT HAS BEEN COMPROMISED

 

Certify Your email HERE

[ARTICLE BY DAVID WILES]

Email

Tags: , ,

This entry was posted on Tuesday, April 18th, 2017 at 9:27 am and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.

 

© 2013-2024 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.