Language:
SEARCH
  • Recent Posts

  • Categories

  • Archives

phishing

How do I report phishing?

Thursday, October 17th, 2019

You’ve received a suspicious email, what should you do with it? Firstly, don’t click on any links. But just as important, send it to us so we can prevent more staff and students falling prey to the scam. We encourage our customers to submit potential phishing examples for review. Using these submissions, the Cyber Security Incident Response Team (CSIRT) can learn from the analysis of these messages. This collectively helps to improve the level of virus and spam detection.

What is phishing?

Phishing attacks are designed to steal a person’s login and password details so that the cyber criminal can assume control of the victim’s social network, email, and online bank accounts. Seventy percent of internet users choose the same password for almost every web service they use. This is why phishing is so effective, as the criminal, by using the same login details, can access multiple private accounts and manipulate them for their own good. 

More on how to recognise a phishing email. 

Report phishing

  1. On the ICT Partner Portal:
  1. By sending an email:​​
  • Start up a new mail addressed to csirt@sun.ac.za.​​
  • Use the Title “SPAM” (without quotes) in the Subject.​​
  • With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure* and a small icon with a light yellow envelope will appear in the attachments section of the – New Mail.​​
  • Send the mail.​​

*Spam or phishing examples must be sent in either.EML or .MSG format as an attachment and must not be forwarded. This ensures the original email can be analysed with its full Internet message headers intact. Alternatively, use the mail application to save the email (usually located under File | Save As) as an .EML or .MSG format to a folder location, and attach the saved file to a new email.

Phishing scam sent from compromised GOV.ZA account

Wednesday, July 17th, 2019

Please be aware of the following phishing e-mail which is now starting to be sent to university accounts and might be thought to be legitimate especially if the department has dealings with the Gauteng Government.

The Subject of the mail is “Payment Notification” and asks its victims to click on a link to “VIEW PROOF OF PAYMENT”.

Firstly the link is not a gov.za website and government departments do not usually send out  e-mails asking you to click on unverified links.

 

The suspicious mail takes you to a site that asks you to download a file. This file has a encoded script (malware) that looks like an ordinary web page that asks you to enter your username,password and your cell number to “confirm” your details and “allow” you to view the encrypted PDF file. Of course this malware, now sitting on your PC sends your login details and password to another server overseas controlled by the scammers, which they will
then use to break into your account at the university in order to do all sorts of nasty things.

So please be very careful, especially in the light of the compromised university accounts that were used earlier this week to launch a phishing attack from within the university.

The university is now a very popular target for phishers because they can easily gain access to personnel and student accounts as the users are not often aware of the dangers of phishing and are not informed about how to spot them.

 

 You can report phishing scams and spam in two ways:​

 

1. By reporting it on the ICT Partner Portal.​​

2. By sending an email.​​

  • Start up a new mail addressed to csirt@sun.ac.za.​​
  • Use the Title “SPAM” (without quotes) in the Subject.​​
  • With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the – New Mail.​​
  • Send the mail.​​ ​​

If you have accidentally clicked on the link and already given any personal details to the phishers it is vitally important that you immediately go to the USERADM page (either
http://www.sun.ac.za/password or www.sun.ac.za/useradm and change your password immediately.) Make sure the new password is completely different, and is a strong password that will not be easily guessed, as well as changing the passwords on your social media and private e-mail accounts, especially if you use the same passwords on these accounts. Contact the IT Service Desk if you are still unsure.

 

Phishing attempt from sun accounts

Tuesday, July 16th, 2019

Staff and students are still falling for this phishing scam, so please be alert when receiving ANY emails from a sun account regarding the request for a quote.

An email with the subject “RFQ” which appears to be from a sun email address was sent to staff and students. The email asks you to click on a link to view a request for a quotation. (also see image below)

This is not a legitimate email, but a phishing attempt from a compromised staff account.

Never provide any personal information by means of email. By clicking on links and providing your information, you give criminals access to your personal information and your accounts.

If you clicked on the link in this phishing email, immediately change your password on www.sun.ac.za/password. For enquiries contact the IT Service Desk by logging a request or calling 808 4367. More information on phishing is available on our blog and Twitter.

How to avoid phishing scams

Friday, May 24th, 2019

We are often asked by staff and students what they can do to stop phishing scams, and what software they should install to prevent them from becoming victims. In some cases students have asked us to fix their computers and to install software to block phishing scams.

Of course that request is impossible to fulfil. Phishing scams are like the common cold. Just like you cannot prevent the common cold, you can only adopt a lifestyle, and take precautionary measures to reduce your risk of infection. They will always be there and will always adapt and change. As long as there are people who are uninformed or careless who fall for these scams, phishing attacks will continue.

The best way to reduce your risk is to report all suspected phishing scams on ICT Partner Portal. (Full details at the end of this post). Here are some basic rules to help you to identify phishing scams:

  • Use common sense
    Never click on links, download files or open attachments in email or social media, even if it appears to be from a known, trusted source.
  • Watch out for shortened links
    Pay particularly close attention to shortened links. Always place your mouse over a web link in an email (known as “hovering”) to see if you’re being sent to the right website.
  • Does the email look suspicious?
    Read it again. Many phishing emails are obvious and will have implausible and generally suspicious content.
  • Be wary of threats and urgent deadlines
    Threats and urgency, especially coming from what claims to be a legitimate company, are a giveaway sign of phishing. Ignore the scare tactics and rather contact the company via phone.
  • Browse securely with HTTPS
    Always, where possible, use a secure website, indicated by https:// and a security “lock” icon in the browser’s address bar, to browse.
  • Never use public, unsecured Wi-Fi, including Maties Wi-Fi, for banking, shopping or entering personal information online
    Convenience should never be more important than safety.

If you do receive a phishing e-mail, please report it as soon as possible. Once you have reported the spam or phishing mail, you can delete it immediately.

You can report this on IT’s request logging system, the ICT Partner Portal.

  • Go to the ICT Partner Portal.
  • Fill in your information and add the email as an attachment. Your request will automatically be logged on the system and the appropriate measures will be taken by the system administrators to protect the rest of campus.

[ARTICLE BY DAVID WILES]

Increase in phishing attacks

Wednesday, April 3rd, 2019

Phishing attacks are on the increase due to staff and students replying to phishing emails or entering their usernames and passwords on suspicious websites.

This not only poses a security risk for the user, but also for their colleagues and more importantly, for the safety of our entire university network.

Please do not reply to any email requesting your username and password, even if it’s seemingly from someone you know. This information is used by phishing attackers to target our students and staff. By supplying your private information you are making it much easier for them to access accounts and the network.

If you think your account has been compromised or notice suspicious activity:

  • Immediately change your password on www.sun.ac.za/password.
  • Contact the IT Service Desk by logging a request or calling 808 4367.
  • More information on phishing is available on our blog and Twitter.
 

© 2013-2019 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.