• Recent Posts

  • Categories

  • Archives


Increase in phishing attacks

Wednesday, April 3rd, 2019

Phishing attacks are on the increase due to staff and students replying to phishing emails or entering their usernames and passwords on suspicious websites.

This not only poses a security risk for the user, but also for their colleagues and more importantly, for the safety of our entire university network.

Please do not reply to any email requesting your username and password, even if it’s seemingly from someone you know. This information is used by phishing attackers to target our students and staff. By supplying your private information you are making it much easier for them to access accounts and the network.

If you think your account has been compromised or notice suspicious activity:

  • Immediately change your password on
  • Contact the IT Service Desk by logging a request or calling 808 4367.
  • More information on phishing is available on our blog and Twitter.

Change your password online

Thursday, February 28th, 2019

In the past, the IT Service Desk was your first stop when you forgot your password (we know, it happens to us too!) or had to change your password. Unfortunately, due to various security risks, as well as the very strict new data protection acts, the Service Desk is no longer allowed to change or reset your password for you. (You can read more about the university’s own Data Privacy Regulation here)

We would like to encourage staff and students to use the Password Selfhelp website in future. We realise that this might be inconvenient, but for your and our own protection, we will have to follow this procedure. 

 The Password Selfhelp website ( offers two options: 

  1. Change Password for users who know what their password is and want to change it. 
  2. Reset Password for users who forgot their password. 

To use the online Password Selfhelp, your cellphone number or an alternative email address has to be on the HR records, otherwise, you will not be able to change your password. You can update this information by logging onto SUN-e-HR though the staff portal, or contacting your department’s HR contact person. 

Select the My Profile link – Personal Information

Log on to SUN-e-HR.

Select Basic Details – Update, Other, Personal Email Address 


Select  Phone Numbers – Update

During the password change process a PIN code, consisting of 8 numbers, will be SMSed or emailed to the user (depending on which option he/she selected) Please use this PIN to change your password on the self help website. As soon as the password has been changed, the user will be notified by means of SMS or email.

If you have not requested a password change, please notify the IT Service Desk immediately at 808 4367.

Filesender – a secure service for sharing large files

Tuesday, February 5th, 2019

SANReN has implemented the latest version of Filesender, a web-based application that allows authenticated users to securely and easily send web-based large files to other users. 

Below are the guidelines for accessing the service and what values it adds to your day to day operations.

What problem does the service solve?

You need to send a file larger than a couple of megabytes to someone and the e-mail comes back: “attachment too big” or “mailbox too full”, that’s where FileSender comes in handy.

How do I use the service?

Upon logging in, you are presented with a user-friendly interface. You can set the file to be available for download for a certain period so that it automatically gets removed when the file reaches its expiry date. You have an option to drag and drop your file when uploading it to the application. You also have an option to get a link to the file after uploading it or send it to a recipient as an e-mail.

The service is integrated with the South African Identity Federation (, which provides a pool of institutions you can authenticate from to use the service. If your institution is not registered on SAFIRE as yet, you can log in with a social media account if you are from an eligible institution.

Where do I access the service?

You can access the service on

Drop us an e-mail on for any queries regarding the service.

Use of sun email for commercial purposes

Tuesday, February 5th, 2019

As staff and students of the University, we use our sun emails every day. But did you know that every year when you reactivate your account, you also agree to the Electronic Communication Policy? 

The ECP explains the acceptable and unacceptable use of the University’s electronic communication facilities, which include the internet and email. (read the full ECP policy here) According to the ECP, point 3.1.3: “The User shall be responsible for using the Facilities only for the purpose for which the User has been authorised.” 

IT facilities and resources are provided to advance the mission of the University. This includes learning, teaching, research, knowledge transfer, public outreach, the commercial activities of the University, or the administration necessary to support all of the above.

The email system is to be used for legitimate institutional purposes only, therefore the use of IT facilities for non-University commercial purposes, or for personal gain, is a violation of this policy.  You may not use the IT Facilities to advertise any trade, service or profession not endorsed by the University. 

Unfortunately, it’s come under our attention that some staff use their sun email address to distribute information regarding beauty products, Tupperware, etc. and acting as agent for the sale of these products. Any bulk unsolicited mail or commercial advertising of other businesses are not allowed on the University network.

If you need to send personal emails, rather consider getting a free email account, for example, Gmail. Separating your business and personal activities is also better security practice in the long run and will protect you and the University network. However, if you use your sun address for personal activities, keep in mind that the University owns any communication sent via email. If needed, University management has the right to access any material in your email or on your computer.  

Phishing attempt: “SARS eFiling Letter notification”

Thursday, January 31st, 2019

An email with the subject “SARS eFiling Letter Notification” was sent from a staff email to staff and students on campus. The email asks you to click on a link to download your SARS documents (See example below)

This is not a legitimate SARS email, but a phishing attempt from a compromised sun email account.

SARS will never ask you to provide any personal information by means of email. By clicking on links and providing your information, you give criminals access to your personal information and your accounts.

If you clicked on the link in this phishing email, immediately change your password on For enquiries contact the IT Service Desk by logging a request or calling 808 4367. More information on phishing is available on our blog and Twitter.

Click for a larger version.

© 2013-2020 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.