SARS phishing scam from sun email

Monday, August 13th, 2018

If you receive an email with the subject “SARS eFilings” from any university email account, do not respond or click on the link. This is not a legitimate email from SARS.

The suspicious email is being sent from compromised staff email accounts informing users that “An EMP Statement of Account for the tax payer listed below has been issued by SARS” and you “need to log into the google doc with your correct details to view the document”. (as shown in example below):

It is important that you help us by spreading the word, informing us about suspicious mails and letting your colleagues and friends know about the scams. You are our eyes and ears, and your input, information and questions are extremely valuable.

When you click on links and provide your information on phishing emails, criminals will be able to gain access to your personal information. If you clicked on the link of this phishing email, immediately go to the website and change the passwords on all your university accounts.

Remember that once the phishers lose control of one compromised account they might simply move over to another account and they might also close the website they were using once it is blocked by us and would use another one that looks and acts in the same way. Currently, the phishers are servers in Europe to launch their attacks. This is a common tactic with a spear-phishing attack such as this. 

To help us, please:

  • continue to watch out for mail like or similar to this and do NOT respond to it, click on links or provide your email address username or password
  • report the new phishing mail to the correct e-mail addresses of Information Technology Cyber Security using the method added to the bottom of this post
  • remember, just because a mail comes from a “student” or a “personnel” e-mail address and has university branding does not mean in any way that it is legitimate

If you have received mail that looks like this please immediately report it to the Information Technology Security Team using the following method: (especially if it comes from a university address)

  1. Start up a new mail addressed to (CC:
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.


If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

For more information on reporting and combating phishing and spam:

[Information supplied by David Wiles]


GDPR: Protecting your data

Tuesday, July 31st, 2018

The international law of data protection has changed and the General Data Protection Regulation (GDPR) came into effect on the 25 May 2018. There is a great deal of information on GDPR. Unfortunately, a lot of it is legal jargon, which can be overwhelming if you are not a legal expert.

The South African equivalent to GDPR is the Protection of Personal Information Act (POPIA); which has not been finalised yet. This article will explain GDPR, compliance requirements and the key benefits and challenges involved in its implementation.

Quick overview

GDPR is a law that governs data usage, user privacy rights, data risk management and data security systems within private and public organisations. It highlights the rights of individuals, which are 

  1. to control how personal data is collected and managed; and
  2. to place new obligations on organisations to be more accountable for data protection.

Complying with GDPR is not a simple task, and neither will be complying with South Africa’s own Protection of Personal Information Act (POPIA). However, it is unavoidable and cannot be ignored. Managing data privacy is a serious issue. Until the South African Regulations are finalised and enforced, local companies are encouraged to look to the GDPR for guidance. Whilst there are some differences between POPIA and GDPR in requirements, the principles are similar.

How does an organisation comply?

  • Raise awareness

Decision makers and key people in the organisation need to be aware that the law has changed to include GDPR, and need to understand its impact on data management.

  • Information held

An information audit, which includes any personal data held by individuals within the organisation, has to be done. The audit will establish which information the organisation has, who it’s shared with and where it came from.

  • Communication privacy

Review your privacy notices and governance, identify gaps and prepare for the changes required when implementing GDPR.

  • Individual rights

Make sure procedures cover each individual’s rights, including deleting personal data and providing data electronically in all commonly used formats.

  • Subject access requests

Update data management procedures, prepare for handling requests from consumers within the new time-frame and provide additional information.

  • Legalities when processing personal data

Understand the different data processing types, the way the organisation performs and identify the legal basis for carrying out and documenting it appropriately.

  • Consent

The way the organisation seeks, obtains and determines consent may need to be reviewed and changed.

  • Protecting children’s data

Systems to verify ages and can seek parental/guardian consent for a data processing activities should be designed and developed.

  • Data breaches

Procedures for both the customer and regulator need to be in place to detect, report and investigate a personal data breach.

  • Data protection by design

Assessments and control frameworks have to be developed with guidance from the regulator. Processes need to be developed and have governance for their use.

  • Data Protection Officers

Data Protection Officers or a similar role should be appointed to take responsibility for data protection compliance. The organisation has to decide who fits this role best.

  • International work

If the organisation works internationally, it is important to establish which data protection authority is most appropriate and where processors and controllers are located.

Some benefits of GDPR compliance

  • Greater consumer confidence

          GDPR compliance will prove to customers that your organisation is a good custodian of their data. 

  • Improved data security

GDPR compliance lays the groundwork for improved data security.

  • Reduced data maintenance costs

GDPR can help your organisation cut costs by prompting you to retire any data inventory software and legacy applications which are no longer relevant to your business.

  • Increased alignment with evolving technology

GDPR compliance requires that your organisation moves toward improving its network, endpoint, and application security.

  • Better decision-making 

Thanks to the GDPR, your organisation’s data will become more consolidated, ensuring it’s easier to use and you have a greater understanding of its underlying value.

Challenges of GDPR compliance

  • Endless consent prompts for every data process can be time-consuming.
  • High cost to reach GDPR compliance (e.g. in terms of upgrading security systems).
  • More work for developers in terms of upgrading security systems.
  • Massive fines for non-compliance, which amounts to 4% of the organisation’s annual turnover.

GDPR integration in SU IT Department

In many ways, Stellenbosch University’s Information Technology Department has been implementing data and security laws and regulations such as GDPR and POPIA for years.

We are constantly reminding users on our blog and social media to keep their passwords protected and not leave their PC’s unlocked and unattended. We are the first to alert users via email with regards to phishing attacks and send out warnings on a regular basis. We have also moved toward cloud storage and are happy to say, Microsoft is GDPR compliant. Users have been encouraged to use OneDrive for data storage as it is more secure.

Information security is important, therefore we will continue to convey the importance to our users. There is also an Information Security Awareness Training Course available on SUNLearn

In conclusion, GDPR is beneficial to South African organisations in many ways. Since South African organisations deal with large and sensitive amounts of data, GDPR compliance is required and may reduce security threats and data loss to a large degree. Although this law appears to solve and manage data management issues, there is still limited information regarding their long-term sustainability and among South African users. 

More detailed information on EU GDPR guidelines for South African Universities can be found in this document compiled by Universities South Africa (USAf), an association of South Africa’s public universities.


Phishing attempt from SUN email address

Monday, June 25th, 2018

If you receive an email with the subject “Mailbox” or “Urgent Alert !!” from a university account, do not respond to it or click on the link. This is not a legitimate email from Information Technology.

We have received reports that a suspicious email is being sent out from a university account informing users that their email has exceeded its storage limit and they have to click on a link to “avoid blockage or deactivation”(As shown in example)

If you follow the link and give your information, it will be used by phishing criminals to gain access to your personal information, including your bank details. If you did click on the link of this phishing email, immediately go to the website and change the passwords on all your university accounts.

If you have any inquiries, please let us know by logging a request or calling our Service Desk at 808 4367. 

Stricter rules for VPN

Thursday, June 21st, 2018

Many of our staff and students use FortiClient to obtain VPN access to the Stellenbosch University network when they are not on campus. To maintain a safe and secure network, we have to put measures in place for our services to minimise the potential exposure to the University from damages which may result from unauthorised use of university resources.  This is particularly important when it comes to access via VPN to our network.  

From 6 August 2018 new VPN users have to register for VPN usage. If you have used VPN (FortiClient) since 1 January 2018, you are considered a registered user by default and don’t have to reapply for access. However, if you are a new VPN user, please follow the process described below.

If you need VPN access to the SU network via FortiClient, the following simple process is applicable: 

  1. The head of your department needs to send an email to motivating why you require VPN access for work purposes.
  2. You will receive an email confirming your registration with instructions on how to install the FortiClient needed for VPN usage. 

VPN (Virtual Private Network) is a way of connecting your off-site computer directly to the University network and allows you to access internal resources such as other computers, network storage, websites, journals using the applications already installed on your off-site computer. VPN provides an encrypted connection which helps to ensure that sensitive data is safely transmitted and prevents unauthorized people from eavesdropping on the traffic, allowing the user to conduct work remotely.

A secure VPN connection to the SU network with FortiClient is not necessary for standard, web-based services. These include email, library resources, SUNLearn or the SUN-e-HR website. All of these services are already accessible via the internet without a VPN connection.

More information on the use of VPN and FortiClient at SU is also available on our service catalogue.



New variant of BIP Dharma ransomware found

Monday, June 11th, 2018


Ransomware, for example, CryptoLocker, WannaCry or BIP Dharma, is a type of malware that installs itself on a device, takes files on the device or network storage, encrypts them, and then extorts money from the user to unlock the files.  This type of programme can be installed by means of an e-mail attachment, an infected programme or unsafe website with malware installed on it. 

The software “kidnaps” your data by encrypting or limiting your access to it and then sending you a message demanding money to regain your access. The only way access is possible again is by acquiring an encryption key from the creator of the ransomware at a fee. However, paying this fee doesn’t guarantee that you will have access to your data again, so doing this is a huge risk.

According to Sophos security ransomware is one of the most widespread and damaging threats that internet users face today. 


You can practice the following security practices to avoid falling victim to ransomware.

1. Make backups

Ensure that you always have the latest backup of your work somewhere else, preferably off-site. If you do fall for a ransomware attack, you will still have your data. Having your data off-site also protects it from events such as a fire, flood or theft or damage to your device. Additionally, you can encrypt your device to ensure that if it ends up in the wrong hands, they won’t be able to access it. 

2. Do not open attachments

If you receive an attachment from someone you don’t know. And even if you do know the person, first confirm whether they did send it to you. Just because it’s from someone you know, it doesn’t mean it’s safe. Your colleague or friend’s account could have been hacked. 

3. Scan attachments

There are tools such as VirusTotal available for scanning attachments to ensure that they are safe to open. VirusTotal is an online scanning tool and can be found at

4. Keep Windows updated

Make sure all Windows updates are installed as soon as they come out. Also make sure you update all programmes, especially Java, Flash, and Adobe Reader. Older programs contain security vulnerabilities that are commonly exploited by malware distributors. Therefore it is important to keep them updated.

5. Security software

Make sure you have some sort of security software installed. If you are unsure whether you have adequate protection on your device, contact us to assess your security.

6. Difficult password

Use hard passwords and never reuse the same password at multiple sites.





© 2013-2018 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.