• Recent Posts

  • Categories

  • Archives


Phishing scam from a forged email

Thursday, May 14th, 2020

We are almost all in lock down and less careful with cyber security. The scammers know this and are launching numerous attacks taking advantage of the “work-from-home” situation we find ourselves in. A number of personnel have reported getting e-mails from “Prof. Jimmy Volmink” asking for assistance and are not spotting the tell-tale signs of a phishing scam.

Here is the mail:

  1. Notice that although it looks like Prof Volmink sent it, the email address is not correct.
  2.  Secondly Prof Jimmy is a very approachable person, but he is always professional in his communication so he would never say “Are you free for now”. Nor would he say something like this: (if you did respond to his mail)
    “I am currently in a meeting and I don’t know when the meeting will round off. I would have called you but phone is not allowed. I will want you to handle something for me right away and I will be glad if you can do that for me as soon as possible”.

This is a spear-phishing attack where an institution is directly attacked by impersonating prominent or public figures within the university (like the Dean) to gain access to the university network. This is an especially effective means of attack with everybody at home in lock down, where our guard is down and we are more relaxed. There was a very similar attack in September 2019, using the same tactics.  

Prof Volmink’s account has not been compromised. Phishers are just trying to fool us into thinking that prominent members in our leadership are emailing us asking for assistance, but they are not. It is a scam.

Over the next few days be on the lookout for similar mails that look like they coming from other people within the university.

If you do get mail like this be sure to report it to IT ASAP so they can block the attack and help people who have become victims.

Please immediately report such phishing scams and spam by reporting it on the ICT Partner Portal.​​

Go to​​

Fill in your information and add the email as an attachment. Your request will automatically be logged on the system.​​

If you have accidentally clicked on the link and already given any personal details to the phishers it is vitally important that you immediately go to the USERADM page (either  or ) and change your password immediately. Make sure the new password is completely different, and is a strong password that will not be easily guessed, as well as changing the passwords on your social media and private e-mail accounts, especially if you use the same passwords on these accounts.


Phishing attack from compromised staff account with attached “Secure Message”

Wednesday, May 6th, 2020

With most students and personnel all working from home during the national lockdown, and with the reduced security (and watchfulness) of home computers and personnel/students in their home environment, and with many forced to use unfamiliar means of communication and collaboration like Teams, Zoom, Skype and Skype For Business, the environment is ripe for exploitation by phishers.

The following e-mail (with an infected attachment) is making its rounds at the moment from  a staff email.

If you get an email that look like the following do not open or respond to it. It is quite likely that the personnel doesn’t even know his account is compromised.

Please be careful when opening up attachments “sent” by colleagues especially if they are unannounced or the e-mail makes you feel a bit suspicious. Always trust your instincts.

“Sextortion” scams

Tuesday, April 28th, 2020

There has been a resurgence of “sextortion” phishing scams recently but with a slight twist.

“Extortion phishing” or “sextortion” is an aggressive form of a phishing attack that targets potential victims in an e-mail demanding bitcoin in exchange for a promise of non-disclosure of an alleged sexual offence.

The aim of these sextortion e-mails is clear – to force their intended victims to pay up for their silence, or the footage will be shared on social networks. Ultimately this is a typically insidious scam that could easily snare an unsuspecting user.

This variant however has an added twist, in that the phishing scammers are displaying a stolen password (from other websites) that their victims use, to grab their victim’s attention.

It is usually those other websites (e,g,. hotmail, Instagram, Paycity or Facebook) that hackers use to gain access to our data, so changing those passwords are very important.

As in the example below we received earlier this week:
















Several students and personnel say that they have also received similar phishing e-mails, and that password that they had used were displayed in the subject line. They were all concerned that their network account was under attack.

If you receive such a mail, there is little danger to you UNLESS you

  1. respond to the sender
  2. still use that same password for other non-university accounts and use a variation of that password.

If it is an old password that they are displaying, then the danger to you is relatively small, but if you are still using it on a different website or application please change and update immediately.


Phishing emails, SMS and WhatApp messages offering payment relief during lock down

Wednesday, April 1st, 2020

A new potential threat has emerged as we enter the 2nd week of the national lock down and facing the beginning of the new month with bills  to be paid.

Phishers are already targeting the South African public with so-called COVID-19 phishing scams, attaching malware infected attachments and encouraging victims to click on a link to download “important information about the COVID-19 pandemic”.

However this week’s scam involves emails, SMS and WhatsApp messages being sent with information about “Payment Relief” from South African banks.

While it is true that most major South African banks are offering payment relief measures to their customers, phishing scammers have grasped this opportunity and adapted their tactics to send emails with content like the following:

“Dear Valued Customer,

“At ABSA Bank, we realise that this is a difficult time for our customers and businesses whose financial means are being negatively affected. After careful consideration and engagements with The Minister of Finance the, Hon. Tito Titus Mboweni, we are pleased to offer you, as a valued customer, a once-off access to a comprehensive relief programme. Please click on the following link to see if you qualify for payment relief.


This is a once-off offer made to selected customers and will close at midnight on 2 April 2020.”

This is one such e-mail, but similar scams with forged identities from other South African banks, as well as Whatsapp and SMS messages will also surface. Note the specific deadline and the call to verify your account. Your bank won’t ever ask you to verify your account by email and certainly won’t give you a day to make such a decision. 

If you need to make use of a relief programme, rather contact your bank directly than reply to an online message. 

Here is a collection of the current verified details for payment relief from South Africa’s 4 major banks:

















Reactivate your network access before 1 April

Thursday, February 20th, 2020

Network access for staff will expire at the end of March unless you reactivate your username.

We suggest that you reactivate yours as soon as possible to ensure uninterrupted access to IT services (internet, email, SUN-e-HR etc.). Keep in mind that the cost centre manager still has to approve your request before your username is reactivated; allow sufficient time for this to be done to avoid disruption of your service.

You will receive an email from indicating that your username (“engagement”) will expire soon. Three notifications will be sent before the end of March. Alternatively, you can go directly to the reactivation page.

Once logged into the reactivation page, you can select the services you want to reactivate.  You are encouraged to read the ECP (Electronic Communication Policy) before reactivating.

Choose the services (network / email usernames and internet usernames) you want to register for (see images below).



Make sure you select the correct costpoints and if you’re unsure ask your cost centre manager. Click Accept and Reactivate.

 You will receive a notification stating that your request has been submitted, as well as a confirmation email. 

The webpage will indicate that it will be activated as soon as it has been approved by the cost centre manager. When the cost centre manager approves the reactivation request access will be extended to the end of March next year.

If you have completed these steps successfully and still receive emails from urging you to reactivate, please go back to the reactivation page and make sure the appropriate boxes are checked: Your Network / Email usernames Your Internet usernames

 If you are still not able to reactivate, please raise a request at


© 2013-2020 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.