• Recent Posts

  • Categories

  • Archives


Phishing attempt: “SARS eFiling Letter notification”

Thursday, January 31st, 2019

An email with the subject “SARS eFiling Letter Notification” was sent from a staff email to staff and students on campus. The email asks you to click on a link to download your SARS documents (See example below)

This is not a legitimate SARS email, but a phishing attempt from a compromised sun email account.

SARS will never ask you to provide any personal information by means of email. By clicking on links and providing your information, you give criminals access to your personal information and your accounts.

If you clicked on the link in this phishing email, immediately change your password on For enquiries contact the IT Service Desk by logging a request or calling 808 4367. More information on phishing is available on our blog and Twitter.

Click for a larger version.

Phishing attempt from sun email account

Wednesday, December 5th, 2018

If you receive an email from a sun email account with the subject “To All Faculty\Staff of Stellenbosch University“, asking you to click on a link to upgrade your webmail, please do not respond and provide your information (see example at the bottom of this post).

This is not a legitimate email notification from Information Technology and we will never ask you to give your personal information via an email link. The suspicious email is being sent from a compromised email account and is a clever phishing attempt.

When you click on links and provide your information on phishing emails, criminals will be able to gain access to your personal information. If you clicked on the link of this phishing email, immediately change your password on

For any enquiries please contact the IT Service Desk by logging a request or calling 808 4367. More information on phishing is available on our blog and Twitter.

Click for larger image

Phishing scams requesting quotes and notification about “new message”

Wednesday, November 21st, 2018

Phishing attacks on the university continue with this week’s “flavour” being a return of the old “Request For Quotation” scam. With this scam you might receive an email from a large corporation arrives asking for you to provide a quotation, with an attached PDF that you are asked to fill in and send back to the sender.

Why would an academic department secretary be getting an RFQ to supply industrial supplies like sewage pumps? Scammers often only want to steal information from their victims, and in the case of the Faculty of Health Sciences, the scam RFQ could change to supply something like medical supplies or equipment.

Remember the email may look very convincing, with known company letterheads, VAT certificates etc.

It is important not to respond to the sender or to open up the attachment. Often scammers just need a response so they can identify “live bait” and fine-tune their attack to a particular person.

Another phishing scam that appears to be coming back uses attention-getting subjects like “You have a new message” or “We’ve resolved your dispute” or “SARS refund pending” designed to get your attention. This particular one uses forged “Citibank” branding and informs you that a dispute has been resolved and you will be paid some money, but you are asked to open up a “document” to see the disputed transaction.

The danger is in the document which will be download if you click on the link. In this particular case, it is a document with embedded macros that will install malware on your computer to steal personal information. Normally macros in Microsoft Word are disabled by default, but if you have enabled them for legitimate reasons then there would be a danger to your computer if you attempt to open the attached document.

These phishing scams are sent out to many university email addresses at the same time, so you are not personally being targeted by the phishers. These attacks will continue in various forms, because there are still individuals who fall for these scams, making phishing attacks very profitable.

If you do receive mail like this then please report it to IT Cyber Security. Once you have reported the spam or phishing mail, you can delete it immediately. You can do this in two ways:

  1. By reporting it on the ICT Partner Portal. Go to and select “Report phishing, spam and malware” right at the bottom of the list. Fill in your information and add the email as an attachment. Your request will automatically be logged on the system.
  2. By sending an email
    – Start up a new mail addressed to 
    – Use the Title “SPAM” (without quotes) in the Subject.
    – With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the – New Mail.
    – Send the mail.

[Article by David Wiles]

Cybersecurity Awareness month: Some statistics and common sense advice

Monday, November 5th, 2018

It’s November and Cybersecurity Awareness month is behind us. As a final signoff,  we would like to share a few statistics and give some common sense advice to help you spot phishing scams.

Surely South Africa is not sophisticated or advanced enough to be included in phishing attacks? According to Drew van Vuuren, CEO of 4Di Privaca, South Africa is the second most targeted country globally when it comes to phishing attacks.

The cost of phishing in South Africa amounted to approximately R4.2 billion in 2013 alone and 5% of phishing attacks globally occur in South Africa. It is not a matter of “if” the university is going to be a target, but “when”. Phishing attacks are not Information Technology’s concern, but should also be yours as a user of the internet. 

According to a 2016 survey by Symantec, over 30% of South African internet users share at least three pieces of personal information on their social media profiles which could be used to steal their identity. 

60% of the respondents admitted that they had no idea what their privacy settings were and who could see their personal information on sites like Facebook, Instagram, Twitter etc.

People often become victims of online fraud by using the same password or usernames on multiple sites, including social media sites and internet banking sites. According to Ofcom’s “Adults’ Media Use and Attitudes Report 2013” report, 55% of the poll respondents used the same password for most, if not all, websites.

Here are 10 common-sense tips to help you spot and prevent becoming a victim of a phishing scam:

1. Learn to identify suspected phishing emails

  • They duplicate the images and branding of a real company.
  • They copy the name of a company or an employee of the company.
  • They include sites that are visually similar or identical to a real business.
  • They promote gifts or threaten the closure of an existing account.

2. Check the source of information from incoming email

Your bank, Information Technology, or cell phone provider will never ask you to send your passwords or personal information by mail. Never respond to these questions, and if you have the slightest doubt, call your bank, IT or your cell phone provider directly for clarification.

3. Never go to your bank’s website by clicking on links in emails

Do not click on hyperlinks or attachments, as it will direct you to a fraudulent website. Type in the URL into your browser or use your own bookmarks or favourites if you want to go faster.

4. Beef up the security of your computer

Common sense and good judgement are as vital as keeping your computer protected with a good antivirus and anti-malware software to block this type of attack. In addition, you should always have the most recent update on your operating system and web browsers.

5. Enter your sensitive data on secure websites only

In order for a site to be ‘safe’, the address must begin with ‘https://’ and your browser should show a closed lock icon.

6. Periodically check your accounts

It never hurts to check your bank accounts periodically to be aware of any irregularities in your online transactions.

7. Phishing doesn’t only pertain to online banking

Most phishing attacks are against banks, but can also use any popular website to steal personal data such as eBay, Facebook, PayPal, etc. Even the university’s e-HR site was targeted in 2017.

8. Phishing is international

Phishing knows no boundaries and can reach you in any language. In general, they are poorly written or translated so this may be another indicator that something is wrong. However, don’t be convinced it’s legitimate if it’s in Afrikaans – phishers are getting clever and adapting.

9. Have the slightest doubt? Do not risk it.

The best way to prevent phishing is to consistently reject any email or news that asks you to provide confidential data. Delete these emails and call your bank to clarify any doubts.

10. Keep up to date and read about the evolution of malware

If you want to keep up to date with the latest malware attacks, recommendations or advice to avoid any danger on the network, subscribe to the Information Technology blog or follow them on Twitter. Put your local computer geek or the IT HelpDesk on the speed dial of your cell phone, and don’t be embarrassed or too proud to ask questions from those who are knowledgeable on this topic.

Keep safe out there.

How do I report phishing?

Friday, November 2nd, 2018

You’ve received a suspicious email, what should you do with it? Firstly, don’t click on any links. But just as important, send it to us so we can prevent more staff and students falling prey to the scam. We encourage our customers to submit potential phishing examples for review. Using these submissions, the CSIRT team can learn from the analysis of these messages. This collectively helps to improve the level of virus and spam detection.

What is phishing?

Phishing attacks are designed to steal a person’s login and password details so that the cybercriminal can assume control of the victim’s social network, email, and online bank accounts. Seventy percent of internet users choose the same password for almost every web service they use. This is why phishing is so effective, as the criminal, by using the same login details, can access multiple private accounts and manipulate them for their own good. 

More on how to recognise a phishing email. 

Submitting Examples

Spam or phishing examples must be sent in either.EML or .MSG format as an attachment and must not be forwarded. This ensures the original email can be analysed with its full Internet message headers intact.

 The best way to manually submit a spam example is to:

  1. Create a new message.
  2. Drag and drop the spam email into the new message, so it is added as an attachment.
  3. Send to

 Alternatively, use the mail application to save the email (usually located under File | Save As) as an .EML or .MSG format to a folder location, and attach the saved file to a new email.

Also read: Cybersecurity Awareness month: Some statistics and common sense advice


© 2013-2019 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.