• Recent Posts

  • Categories

  • Archives


WhatsApp scams

Tuesday, April 23rd, 2019

Several WhatsApp scams are popping up in South Africa at the moment and it might be a good idea to look out for these latest threats. 

  1. WhatsApp Gold
    This hoax has been around for a long time and is a simple phishing attack where you receive a message that WhatsApp has launched a new upgraded service called WhatsApp Gold. Often this app is advertised as free and includes features such as new themes and free voice calls. The message contains a link to download WhatsApp Gold, which installs malware on your cell phone. This malware enables hackers to steal your information or even to spy on your messages and communications. To avoid falling for scams like this never click on unknown links or download unverified software onto your cell phone.

  2. Voucher phishing
    Similar to the WhatsApp Gold scam, these messages are usually sent from a number impersonating a fake contact. They generally state that you have won a free voucher for a local supermarket in return for completing a short survey. The link contained in this message diverts to a fake website impersonating the supermarket’s web page. Once users have entered their details on the website, their information has been compromised and is fed straight to the scammers. Shoprite, OK and Pick ‘n Pay have reported scams using their branding on a fake website.

  3. Spy apps
    While browsing or in a WhatsApp message, you might find a link to download a WhatsApp “spy app” claiming to be able to see what your contacts are saying to each other, along with giving you the ability to intercept their pictures, voice messages, and images. Of course there is no way to intercept WhatsApp messages in this way as all WhatsApp conversations are encrypted. These fake “spy app” applications usually install malware on your phone or sign you up for expensive subscription services. Several students have reported that they have recently fallen victim to these scams. It is important to realise that the Google Play Store is not infallible and can also contain malware-infested spy apps.

  4. Verification request scams
    The last two scams are by far the most popular in South Africa. Verification request scams are spread through compromised accounts. (some of people you might know) You will receive a message from a user on your WhatsApp contact list asking to send your WhatsApp verification code. If you do, scammers will have access to your Whatsapp account and can take over your number. Never divulge your WhatsApp verification code and be wary of strange requests from your contacts.

  5. SIM-swop takeover
    Currently this is by far the biggest threat to South African WhatsApp users. The financial losses incurred by sim-swop victims in 2018 was a whopping R89 million. When SIM-swop fraud happens and the fraudsters take ownership of your number, they can easily and instantly install WhatsApp on their own smartphone and log in to your account. The two-factor authentication message will be sent to the number they now control and using WhatsApp, they can scam your contacts into divulging information or send them money by impersonating you.

    This is also a serious threat to other platforms that use SMS two-factor authentication – including many banking apps. You should check immediately with your cell phone provider if you lose access to your cell phone network for no apparent reason, as this is the first sign that SIM-swop fraud might have been committed.


Sending emails to large groups

Monday, August 6th, 2018

Occasionally it is necessary to send emails to external students or other large groups of people who are not part of the sun domain. If you are currently using Outlook distribution lists we recommend that you switch to the much more user-friendly and functional Sympa mailing list management platform. 

For many years the university has been using Sympa as mass mailing solution successfully. In fact, many of our staff and students use it to administer their lists. 

Sympa is a mailing list management (MLM) software and has its roots in the academic computing community in France. Its name, which is an acronym for Système de Multi-Postage Automatique (i.e. Automatic Mailing System), also means “nice” or “friendly” in French. We’re not sure exactly why the French decided to call their mailing list system “nice”, but we can confirm that it is “friendly” to use.

By using Sympa as a platform for your group emails, you will have better control over your emails and access to handy functions such as:

  • appoint one or several moderators;
  • manage subscriptions and unsubscriptions;
  • add a shared document web space at the subscribers’ disposal;
  • answer questions from subscribers and potential subscribers about the list
  • read the list archive;
  • search in the message archive;
  • review members of the list;

As you can see, Sympa offers much more functionality than your normal Outlook distribution list. Any staff member can use Sympa, simply go to
If you need any assistance in setting up your Sympa distribution list, please send an email to or call us at 808 4367.

A brand new look

Wednesday, June 6th, 2018

In keeping with the University’s centenary celebrations and in an attempt to standardise all our communications for both consistency and safety reasons, we’ve, with the help of Corporate Communication, rebranded all electronic communication sent out by Information Technology.  This includes our newsletter, cyber alerts and notices, for example, change password notifications, internet account statements, etc. 

The new look will also make it easier for our staff and students to recognise official IT communication and only to react to specifically branded messages.

We will never send you an email asking you to verify your account or threaten to close your account. However, remember to still be vigilant and watch out for certain phishing characteristics. If you are ever in doubt of the legitimacy of an email, rather contact us directly to confirm at or x4367. 

Here are the designs to look out for. (downloadable PDF document)

A special thanks to Corporate Communications and Nicolas who worked on the designs.

SMiShing: Now on your phone

Tuesday, August 1st, 2017

According to McAfee SMiShing is:

“…  a version of phishing in which scammers send text messages rather than emails, which appear to have been sent by a legitimate, trusted organization and request that the recipient clicks on a link or provide credentials in a text message reply. The term is a condensed way of referring to “short message service phishing,” or “SMS phishing.””

Over the past few years, we’ve learnt not to trust emails, fearing we’ll become victims of phishing fraud. Most people by now know not to click on links in emails. With SMS’s you can’t preview links as in emails, which increases the possibility of clicking on it out of curiosity. Unfortunately, human behaviour is the greatest threat to cyber security and it’s something that cannot be controlled by IT security staff. 

Criminal hackers had to find another way to trick users into revealing personal information. As we start using more and more mobile devices, the potential for possible platforms increases. Additionally, if you use your devices at home and at work, you also put the university at risk when you are a victim of either phishing or smishing. At the university, there are thousands of staff and students using various devices, all at risk of being infected. 

How do they do it?

Hackers have access to software that generates cell phone numbers based on area codes, they then plug into a cell phone service provider’s extension and generate the remaining numbers with the software. By means of a mass email text message service, messages are distributed. Text messages will contain a link which installs keyloggers or link to malicious websites which harvests your personal information. Other text messages trick the receiver into calling numbers, leading to outrageous phone bills. (Also see the latest Wangiri scam) Yet another type will trick you into thinking you’ve subscribed to a service. When you try to unsubscribe, you’ll be billed for using the service.  Some text messages will download spyware which can see everything you do on your phone.

How to avoid it

  1. Know how this kind of scam works. You’ll be able to recognise it easier. 
  2. Don’t reply to text messages from numbers you don’t know, especially if it asks for personal information.
  3. Even if it’s a message from a friend, make sure it’s legitimate. Your friend could have been hacked. Check with them first.
  4. Install security on your phone, for example, a VPN, anti-virus and spyware.
  5. Never install apps from text messages. Rather go to the app store where you know the software has been tested and verified. (e.g. Google Play)
  6. If you’re unsure if a text message is safe, don’t open it.
  7. If you didn’t sign up for a service, ignore the message.


‘Smishing’ scams target your text messages. Here’s how to avoid them from CNBC.



Wangiri fraud on the rise

Monday, July 31st, 2017

According to MyBroadband Vodacom, MTN, and Cell C have seen an increase in Wangiri phone fraud in South Africa. South African mobile subscribers recently reported that they are receiving an increasing volume of missed calls from unknown international numbers. Calls originate from across Africa and Europe, including Guinea, France, and Belgium.

Wangiri is a form of phone fraud which originated in Japan. Wangiri translates to “one (ring) and cut”. The racketeers hire a premium rate number from a telecom service provider and call random phone numbers via an auto dialer function, letting it ring once and then disconnecting the call. An automatic dialer (auto dialer) is an electronic device or software that automatically dials telephone numbers. Once the call has been answered, the auto dialler either plays a recorded message or connects the call to a live person. (Wikipedia)

A missed call shows on the victim’s phone and he returns the call since he believes the call was intended for him. Subsequently, he ends up paying an exorbitant amount which goes into the account of the scammers.

Both CellC and MTN have sent their customers a warning not to return any missed calls. Do not call back a number you do not recognise. If it is a legitimate call, the caller will call you back or leave a voicemail. 

Wangiri is just one example of phone fraud. Read more on other variations on Wikipedia.



© 2013-2019 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.