Language:
SEARCH

Security

Dropbox phishing scam

Monday, February 5th, 2018

If you receive an email from your bank wanting to share a paper via Dropbox with you, be aware that it’s a phishing scam. 

If you hover your mouse (don’t click on the Dropbox link) over the link the originating server will appear and it is NOT DropBox, but the phisher’s server, currently based in Brazil. No bank would ever use DropBox to send you documents.

This e-mail has some obvious signs of a phishing scam. First, it does not address you personally, but uses your email address. Also, the email sounds urgent, (it from “your bank”) trying to get you to react quickly without thinking and click on the button. Finally, if you hover over the button, your browser will display the link destination (what is called the spammy URL) at the bottom of the window. The URL does not belong to the alleged sender, Dropbox.

Victims who are fooled into clicking on the link will get the following webpage:

 

(Notice the links to Outlook Mail and the name of the server that is not Dropbox’s servers but one based in Brazil.)

These criminals want you to divulge your personal details like usernames, passwords etc.

If you have received emails similar to this please  report it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to help@sun.ac.za and sysadm@sun.ac.za.

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

IT have set up a website page with useful information on how to report and combat phishing and spam. The address is: http://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

[Article by David Wiles]

Virus warning

Monday, February 5th, 2018

If you receive an email with the subject: “URGENT – CCMA Final Reminder: Case GAJK0238819-18 (GAJK) is scheduled for ‘Arbitration’…” allegedly sent by the CCMA, and with an attachment with a .DOC.gz extension, DO NOT try to open it. The attachment is a rather nasty Trojan-variant of a Crypto virus.

This virus opens the “back door” of your computer to hackers once it infects your PC. The trojan is programmed to run at every start-up, giving the hackers, who originated the program, access to your hard drive. In addition, this trojan can re-create itself, making it hard to remove it completely.

If you received this email or any similar ones, please it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to help@sun.ac.za and sysadm@sun.ac.za

Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

IT have set up a website page with useful information on how to report and combat phishing and spam. The address is: http://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

 

[Article by David Wiles]

 

 

Phishing with subject “Email Expired”

Thursday, February 1st, 2018

Several students and personnel have informed us of a “new” mail making its rounds on our campuses.

The sender is “Postmaster” with the subject of “Email Expired”. This phishing scam tells you that your e-mail account will shortly expire and uses scare tactics to convince you to “click” on a link to activate your email.

Information Technology will never send you this type of email, ask you to click on a link or provide your username or password. Do not respond to these emails or click on links.

If you have received mail that looks like this please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to the following addresses

help@sun.ac.za and sysadm@sun.ac.za.

Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

IT has set up a website page with useful information on how to report and combat phishing and spam. The address is: http://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

 

[Article by David Wiles]

 

Change your password

Wednesday, January 31st, 2018

At the start of every new year, the IT Service Desk experience a surge of calls asking for passwords to be reset. 

However, few people are aware of the alternative and faster way to reset your password, namely the Password Self help website. We would like to encourage staff and students to use this functionality as, in future, the IT Service Desk will no longer change users’ passwords. With cyber crime on the increase it has become too high of a security risk to change passwords via the telephone.

The www.sun.ac.za/password website provides two options:

  1. Change Password for users who know what their password is and want to change it.
  2. Reset Password for users who forgot their password.

To change your password you will have to provide the following:

– your cellphone number or
– an external email address.

NB. To use the password self help function your information on HR has to be up to date. Your cellphone number, as well as an alternative email address has to be documented on the system. 

Staff can add this information on SUN-e-HR though the staff portal,  http://my.sun.ac.za

Select the My Profile link – Personal Information

Log on to SUN-e-HR.

Select Basic Details – Update, Other, Personal Email Address 

or

Select  Phone Numbers – Update

During the password change process a PIN code, consisting of 8 numbers, will be SMSed or emailed to the user (depending on which option he/she selected) Please use this PIN to change your password on the self help website. As soon as the password has been changed, the user will be notified by means of SMS or email.

If you have not requested a password change, please notify the IT Service Desk immediately at 808 4367.

PHISHING: “Your Email Account Has Been Compromise”

Monday, January 29th, 2018

Please be aware that there are e-mails being sent from an outside e-mail address (@lasell.edu) with the subject  “Your Email Account Has Been Compromise” (including capitalisation of every word and a spelling mistake at the end)

The mail contains only the following:

Verify HERE

This is a phishing scam. Information Technology will never send an email like this, ask you to provide your username or password or require you to click on a link in an e-mail.

Here is an example of the phishing mail:


Many people, including students and staff can be easily fooled and manipulated by the social engineering tricks of the phishing scammers.

Once they fall victim to this phishing scam and the scammers have control of an university account, they will stop using the outside e-mail address.

Don’t become one of these victims. If you receive and e-mail with the subject “Your Email Account Has Been Compromise” and it seems that comes from a university account (like a student number, or even a known university colleague), do not respond to it, forward it or click on the link.

Report it to Information Technology’s Cyber-Security Team (details below) and then delete or move it in your Junk E-mail folder. You can use the Rules function in Outlook and Office365 Mail to delete all mail with those subject lines or senders.

Here are the instructions again:

If you have received mail that looks like this please immediately report it to Information Technology using the following method:

Send the spam/phishing mail to help@sun.ac.za and sysadm@sun.ac.za.

Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe): http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)

2. Use the Title “SPAM” (without quotes) in the Subject.

3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.

4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

IT have set up a website page with useful information on how to report and combat phishing and spam. The address is: http://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

 

[ARTICLE by David Wiles]

 

© 2013-2018 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.