Phishing scam disguised as a “server warning”

Friday, March 10th, 2017

There are reports that some students and personnel have already received this mail in their mailboxes. It is a typical phishing scam but uses a different tactic to trick the recipient into divulging personal details like passwords and should not be responded to in any way. That mail was sent by a “throwaway” mail account. It started making its appearance in June last year in Yahoo!Mail accounts.

According to this e-mail, which claims to be a “Server Message”, telling the potential victim that they recently initiated an action to shut down their e-mail account. The e-mail advises that, if they did not initiate the supposed shut down action, they should click a ‘Cancel De-activation’ link to restore your account to its normal settings.

However, the e-mail is not from the university, and no account shut down action has been initiated. The e-mail is just a crude phishing scam designed to steal your university account login details. The scammers hope that at least a few recipients will click the cancel link in the mistaken belief that they must do so to save their account.

If you do click the link, you will be taken to a fraudulent web page that has been built to emulate a genuine login screen. A form on the page asks you to enter your e-mail address and account password and click a button labelled ‘Sign in to Cancel De-activation”.  After signing in on the fake page, you will be automatically redirected to the university webmail website.

Meanwhile, the scammers can collect the login details you entered and use them to hijack your university e-mail account. Once they have gained access to your account, they can use it to send out spam and scam e-mails in your name. (as has been happening in recent weeks)

E-mail phishing scams like this one are very common. Be very wary of any e-mail that claims that you must click a link or open an attached file to rectify a supposed account problem. It is always safer to log into all of your online accounts by entering the address into your browser’s address bar or via an official app.

Here is an example of the mail that is in circulation with the dangerous parts removed. 



Spam e-mail distributed on campus

Friday, February 10th, 2017

If you receive an e-mail resembling the one shown below, please ignore and/or delete it. We will never send an e-mail requesting you to upgrade your mailbox. 

Note that the malicious links have been removed and replaced with fake ones.

—–Original Message—–

From: Mr Spammer []

Sent: 10 February 2017 10:34 AM


Subject: Fw: Sun Help Desk

Dear SUN Mail User,

You have exceeded the 5GB allocated to your mailbox follow this to upgrade your mailbox CLICK HERE <> to avoid deactivation in 7 hours.

SUN IT Service Desk Support

Learn What It Takes to Refuse the Phishing Bait!

Wednesday, February 1st, 2017

Cybercriminals know the best strategies for gaining access to your institution’s sensitive data. In most cases, it doesn’t involve them rappelling from a ceiling’s skylight and deftly avoiding a laser detection system to hack into your servers; instead, they simply manipulate one staff member or student.

According to IBM’s 2014 Cyber Security Intelligence Index, human error is a factor in 95 percent of security incidents. Following are a few ways to identify various types of social engineering attacks and their telltale signs.

  • Phishing isn’t relegated to just e-mail! Cyber criminals will also launch phishing attacks through phone calls, text messages, or other online messaging applications. Don’t know the sender or caller? Seem too good to be true? It’s probably a phishing attack.
  • Know the signs. Does the e-mail contain a vague salutation, spelling or grammatical errors, an urgent request, and/or an offer that seems impossibly good? Click that delete button.
  • Verify the sender. Check the sender’s e-mail address to make sure it’s legitimate. If it appears that our help desk is asking you to click on a link to increase your mailbox quota, but the sender is “,” it’s a phishing message.
  • Don’t be duped by aesthetics. Phishing e-mails often contain convincing logos, links to actual company websites, legitimate phone numbers, and e-mail signatures of actual employees. However, if the message is urging you to take action — especially action such as sending sensitive information, clicking on a link, or downloading an attachment — exercise caution and look for other telltale signs of phishing attacks. Don’t hesitate to contact the company directly; they can verify legitimacy and may not even be aware that their name is being used for fraud.
  • Never, ever share your password. Did we say never? Yup, we mean never.Your password is the key to your identity, your data, and your classmates’ and colleagues’ data. It is for your eyes only. The IT department will never ask you for your password.
  • Avoid opening links and attachments from unknown senders. Get into the habit of typing known URLs into your browser. Don’t open attachments unless you’re expecting a file from someone. Give them a call if you’re suspicious.
  • When you’re not sure, call to verify. Let’s say you receive an e-mail claiming to be from someone you know — a friend, colleague, or even the rector of the university. Cyber criminals often spoof addresses to convince you, then request that you perform an action such as transfer funds or provide sensitive information. If something seems off about the e-mail, call them at a known number listed in the university’s directory to confirm the request.
  • Don’t talk to strangers! Receive a call from someone you don’t know? Are they asking you to provide information or making odd requests? Hang up the phone and report it to the helpdesk.
  • Don’t be tempted by abandoned flash drives. Cyber criminals may leave flash drives lying around for victims to pick up and insert, thereby unknowingly installing malware on their computers. You might be tempted to insert a flash drive only to find out the rightful owner, but be wary — it could be a trap.
  • See someone suspicious? Say something. If you notice someone suspicious walking around or “tailgating” someone else, especially in an off-limits area, call campus safety.


Latest WhatsApp hoax

Monday, January 9th, 2017

If you are a user of the popular chat app WhatsApp, you should be aware of the latest hoax that states that the chat service will soon start charging a fee.

Here is an example of the current hoax:

Tomorrow at 6 pm they are ending WhatsApp and you have to pay to open it, this is by law. 

This message is to inform all of our users, our servers have recently been very congested, so we are asking you to help us solve this problem. We require our active users to forward this message to each of the people in their contact list to confirm our active users using WhatsApp. 

If you do not send this message to all your contacts WhatsApp will start to charge you. 

The message is allegedly sent from Whatsapp’s chief executive officer – Jim Balsamic.

  1. The real CEO of WhatsApp is Jan Koum.
  2. WhatsApp publically declared that they’ll never charge users for the service. [ ]

This isn’t the first time this sort of hoax has plagued the web – a similar message was sent around in 2013.

In some cases, it was reported that victims of this hoax were “tricked” into opening a legitimate-looking Word, Excel or PDF document attached to a WhatsApp message. The PDF attachment then downloaded malware to devices to steal personal information.

Another student reported that one message they received tried to persuade them to download a R200 Edgars voucher. In reality, the link simply installed cookies and a browser extension on their phone that flooded the phone with adverts.

Always be wary of messages with the following characteristics:

  1. The person sending the message claims to be associated with WhatsApp.
  2. The message contains instructions telling you to forward the message. (Use a bit of common sense here. According to this hoax message, WhatsApp servers are “very congested” and Jim Balsamic want you to add to the congestion by forwarding the message to all your WhatsApp contacts?)
  3. The message says you will suffer some sort of punishment, like account suspension, if you don’t follow the instructions.
  4. The message promises a reward or gift from Whatsapp or another party.
  5. Just because a message was forwarded to you by a friend or family member, doesn’t make it legitimate. (friends and family can be just as gullible as any other person)


Scam warning: UPS Parcel Receipt with infected attachment

Wednesday, November 30th, 2016

The holiday season is upon us and there is a lot of activity around this time of the year with parcels being delivered both at home and at the university. This is being exploited by the scammers.

There is currently a UPS scam making its rounds in university mailboxes, where victims are lured into clicking a download link.

If you have received a package via the parcel company like UPS or DHL, you might be tempted open up an e-mail that seems to come from them, saying they have a package for you. There might be an attachment that you are asked to open to confirm your address or to fill in your personal details for “verification”.

The whole thing is a scam. Clicking on the attachment will download a Trojan virus onto your computer which will just sit there doing its nefarious work — reading your files, including confidential information, then transmitting the details to a server somewhere that is controlled by the criminals.

It seems there are two main variations of this “parcel delivery” scam – both looking like a genuine notification.

  • The first one tells you the parcel service tried, but was unable to deliver a package to you because of an incorrect address. The subject heading usually has a phony tracking number. The attachment is supposedly a copy of a waybill or invoice for you to print and use to collect the parcel from a UPS office.
  • The second is a customs notification and may even seem to come from “US Customs Service” rather than UPS. It says you have an international package (usually from Europe) and that you need to complete the attached customs form so it can be delivered.

In both these cases, the attachment is a compressed ZIP file (that is, one with a name that ends in “.zip”), even though the icon may look like a Word document. As soon as you double click on it, it will install a program onto your computer will then download and install several files on your system. These may disable your firewall, look for and steal credit card and bank account details, make screen snapshots and allow hackers full access to your machine.

This attack underlines the danger of opening an attached file in an email, even if it appears to come from a person or organization you know or frequently deal with.

Here is an example of one such mail.



From: Usps Parcel []

Sent: 28 November 2016 07:29 AM

To: Recipients <>

Subject: Parcel Receipt


USPS Shipment Notification

A parcel was sent to our office for you and we have tried to deliver it several times to your address on file.

Attached is the receipt via Dropbox, used in sending you the parcel. We advise you DOWNLOAD the document and reconfirm the address on receipt if its your valid address.

For further assistance, please call USPS Customer Service.

For International Customer Service, please use official USPS site.


Copyright © 2016 USPS. All Rights Reserved.

This message has been scanned for viruses and dangerous content by Fair Distribution MailScanner, and is believed to be clean. 


So do not succumb to the temptation of opening up attachments in emails, especially if it comes from couriers and parcel delivery companies like UPS or DHL. It is the end of the year. Our energy and concentration is ebbing and we are all more vulnerable, making us all potential targets of the cyber-criminal.



© 2013-2017 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.