%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20250702051539+00'00') /ModDate (D:20250702051539+00'00') /Title (Report 07-2025) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 12 0 R 14 0 R 16 0 R 18 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 5461 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 198.302 521.469 548.432 re f 0.773 0.773 0.773 RG 0.75 w 0 J [ ] 0 d 45.641 198.677 520.719 547.682 re S 0.773 0.773 0.773 rg 61.016 214.052 m 550.984 214.052 l 550.984 214.802 l 61.016 214.802 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(PHISHING MAIL USING INTIMIDATION AND THREATS)] TJ ET 0.400 0.400 0.400 rg BT 61.016 664.909 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 664.909 Td /F3 9.0 Tf [(January 06,2018)] TJ ET BT 173.588 664.909 Td /F2 9.0 Tf [( by )] TJ ET BT 188.096 664.909 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 637.420 Td /F4 9.0 Tf [(There is no need to panic or be in anyway concerned for your personal safety about the latest batch of “phishing” emails )] TJ ET BT 61.016 626.431 Td /F4 9.0 Tf [(that are going out with “death threats” or extortion regarding your “alleged” online activity around pornography sites etc.)] TJ ET BT 61.016 606.442 Td /F4 9.0 Tf [(A simple Google search using the following term “I Was Paid To Kill You scam” gave me 43 million results, all of the first )] TJ ET BT 61.016 595.453 Td /F4 9.0 Tf [(100 or so pages reporting this mail as a scam. A further search, narrowing the results down to only South Africa and only )] TJ ET BT 61.016 584.464 Td /F4 9.0 Tf [(from last week, resulted in a little over 100 000 results, all of which were reporting as a hoax.)] TJ ET BT 61.016 564.475 Td /F4 9.0 Tf [(A similar scam first surfaced in the USA in 2006. An email from a would-be assassin was sent to a number of users from a )] TJ ET BT 61.016 553.486 Td /F4 9.0 Tf [(Russian e-mail address. The “assassin” apparently appointed by a close acquaintance of his target, offers the victim the )] TJ ET BT 61.016 542.497 Td /F4 9.0 Tf [(opportunity to buy him or herself a new lease on life by paying between $50,000 and $150,000.)] TJ ET BT 61.016 522.508 Td /F4 9.0 Tf [(If you receive mail like this, you should never panic. If you look at the extortion mail there are clues that reveal that the )] TJ ET BT 61.016 511.519 Td /F4 9.0 Tf [(mail is a hoax:)] TJ ET BT 78.360 491.546 Td /F4 9.0 Tf [(1.)] TJ ET BT 91.016 491.530 Td /F1 9.0 Tf [(The subject line:)] TJ ET BT 162.035 491.530 Td /F4 9.0 Tf [( “I Was Paid To Kill You”, “YOU SHOULD BE ASHAMED OF YOURSELF”, “YOUR PRIVACY )] TJ ET BT 91.016 480.541 Td /F4 9.0 Tf [(HAS BEEN COMPROMISED”)] TJ ET BT 91.016 469.552 Td /F4 9.0 Tf [(These are designed to cause anxiety, stress and panic.)] TJ ET BT 78.360 458.579 Td /F4 9.0 Tf [(2.)] TJ ET BT 91.016 458.563 Td /F1 9.0 Tf [(Time limits:)] TJ ET BT 141.029 458.563 Td /F4 9.0 Tf [( “You have 48 Hours to pay…”)] TJ ET BT 91.016 447.574 Td /F4 9.0 Tf [(How can the scammer know that you have received the mail and when you have read the mail and keep track of )] TJ ET BT 91.016 436.585 Td /F4 9.0 Tf [(time to see if “48-hours” has passed?)] TJ ET BT 78.360 425.612 Td /F4 9.0 Tf [(3.)] TJ ET BT 91.016 425.596 Td /F1 9.0 Tf [(Engagement:)] TJ ET BT 148.022 425.596 Td /F4 9.0 Tf [( “Contact me back via e-mail…”)] TJ ET BT 91.016 414.607 Td /F4 9.0 Tf [(Never make contact with the scammers. This immediately alerts them that a “real person” read their mail and they )] TJ ET BT 91.016 403.618 Td /F4 9.0 Tf [(will be able to concentrate their nefarious efforts on you.)] TJ ET BT 61.016 383.629 Td /F4 9.0 Tf [(If you ever receive emails like these, please report is to the Information Technology Cybersecurity Team using the )] TJ ET BT 61.016 372.640 Td /F4 9.0 Tf [(following method:)] TJ ET BT 61.016 352.651 Td /F4 9.0 Tf [(Send the spam/phishing mail to )] TJ ET 0.373 0.169 0.255 rg BT 189.077 352.651 Td /F4 9.0 Tf [(help@sun.ac.za)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 189.077 351.500 m 253.742 351.500 l S 0.153 0.153 0.153 rg BT 253.742 352.651 Td /F4 9.0 Tf [( and )] TJ ET 0.373 0.169 0.255 rg BT 273.758 352.651 Td /F4 9.0 Tf [(sysadm@sun.ac.za.)] TJ ET 0.18 w 0 J [ ] 0 d 273.758 351.500 m 354.920 351.500 l S 0.153 0.153 0.153 rg BT 61.016 332.662 Td /F4 9.0 Tf [(Attach the phishing or suspicious mail on to the message if possible.)] TJ ET BT 61.016 321.673 Td /F4 9.0 Tf [(1. Start up a new mail addressed to )] TJ ET 0.373 0.169 0.255 rg BT 205.088 321.673 Td /F4 9.0 Tf [(sysadm@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 205.088 320.522 m 283.748 320.522 l S 0.153 0.153 0.153 rg BT 283.748 321.673 Td /F4 9.0 Tf [( \(CC: )] TJ ET 0.373 0.169 0.255 rg BT 307.247 321.673 Td /F4 9.0 Tf [(help@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 307.247 320.522 m 371.912 320.522 l S 0.153 0.153 0.153 rg BT 371.912 321.673 Td /F4 9.0 Tf [(\))] TJ ET BT 61.016 310.684 Td /F4 9.0 Tf [(2. Use the Title “SPAM” \(without quotes\) in the Subject.)] TJ ET BT 61.016 299.695 Td /F4 9.0 Tf [(3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It )] TJ ET BT 61.016 288.706 Td /F4 9.0 Tf [(will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of )] TJ ET BT 61.016 277.717 Td /F4 9.0 Tf [(the New Mail.)] TJ ET BT 61.016 266.728 Td /F4 9.0 Tf [(4. Send the mail.)] TJ ET BT 458.968 246.739 Td /F4 9.0 Tf [([Article by David Wiles])] TJ ET 0.400 0.400 0.400 rg BT 61.016 228.250 Td /F2 9.0 Tf [(Posted in:E-mail,Security | Tagged:Phishing,Report Phishing | With 0 comments)] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Annot /Subtype /Link /A 13 0 R /Border [0 0 0] /H /I /Rect [ 189.0767 351.8182 253.7417 360.9757 ] >> endobj 13 0 obj << /Type /Action /S /URI /URI (mailto:help@sun.ac.za) >> endobj 14 0 obj << /Type /Annot /Subtype /Link /A 15 0 R /Border [0 0 0] /H /I /Rect [ 273.7577 351.8182 354.9197 360.9757 ] >> endobj 15 0 obj << /Type /Action /S /URI /URI (mailto:sysadm@sun.ac.za) >> endobj 16 0 obj << /Type /Annot /Subtype /Link /A 17 0 R /Border [0 0 0] /H /I /Rect [ 205.0877 320.8402 283.7477 329.9977 ] >> endobj 17 0 obj << /Type /Action /S /URI /URI (mailto:sysadm@sun.ac.za) >> endobj 18 0 obj << /Type /Annot /Subtype /Link /A 19 0 R /Border [0 0 0] /H /I /Rect [ 307.2467 320.8402 371.9117 329.9977 ] >> endobj 19 0 obj << /Type /Action /S /URI /URI (mailto:help@sun.ac.za) >> endobj xref 0 20 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000305 00000 n 0000000334 00000 n 0000000472 00000 n 0000000575 00000 n 0000006088 00000 n 0000006200 00000 n 0000006315 00000 n 0000006435 00000 n 0000006543 00000 n 0000006671 00000 n 0000006744 00000 n 0000006872 00000 n 0000006947 00000 n 0000007075 00000 n 0000007150 00000 n 0000007278 00000 n trailer << /Size 20 /Root 1 0 R /Info 5 0 R >> startxref 7351 %%EOF report phishing « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

report phishing

Newer Entries »

Phishing mail using intimidation and threats

Friday, June 1st, 2018

There is no need to panic or be in anyway concerned for your personal safety about the latest batch of “phishing” emails that are going out with “death threats” or extortion regarding your “alleged” online activity around pornography sites etc.

A simple Google search using the following term “I Was Paid To Kill You scam” gave me 43 million results, all of the first 100 or so pages reporting this mail as a scam. A further search, narrowing the results down to only South Africa and only from last week, resulted in a little over 100 000 results, all of which were reporting as a hoax.

A similar scam first surfaced in the USA in 2006. An email from a would-be assassin was sent to a number of users from a Russian e-mail address. The “assassin” apparently appointed by a close acquaintance of his target, offers the victim the opportunity to buy him or herself a new lease on life by paying between $50,000 and $150,000.

If you receive mail like this, you should never panic. If you look at the extortion mail there are clues that reveal that the mail is a hoax:

  1. The subject line: “I Was Paid To Kill You”, “YOU SHOULD BE ASHAMED OF YOURSELF”, “YOUR PRIVACY HAS BEEN COMPROMISED”
    These are designed to cause anxiety, stress and panic.
  2. Time limits: “You have 48 Hours to pay…”
    How can the scammer know that you have received the mail and when you have read the mail and keep track of time to see if “48-hours” has passed?
  3. Engagement: “Contact me back via e-mail…”
    Never make contact with the scammers. This immediately alerts them that a “real person” read their mail and they will be able to concentrate their nefarious efforts on you.

If you ever receive emails like these, please report is to the Information Technology Cybersecurity Team using the following method:

Send the spam/phishing mail to help@sun.ac.za and sysadm@sun.ac.za.

Attach the phishing or suspicious mail on to the message if possible.
1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
2. Use the Title “SPAM” (without quotes) in the Subject.
3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
4. Send the mail.

[Article by David Wiles]

Email

Tags: ,
Posted in E-mail, Security | Comments Off on Phishing mail using intimidation and threats

Phishing scam disguised as the university’s single-sign on page

Wednesday, May 16th, 2018

Due to the vigilance of an observant personnel member from the US Business School, we have encountered a dangerous phishing scam being sent from a compromised UNISA account.

The Subject is “Dear SUN E-mail User © Copyright 2018 Stellenbosch University” which should immediately raise eyebrows. The phishing email “warns” you about the pending expiration of your e-mail account and prompts you to click on a link to reactivate it.

See below what the mail looks like:

The danger is that the phishing scammers have perfectly forged the university’s SINGLE SIGN-ON page, that is used by students an personnel to access the portal pages, the my.sun.ac.za page, SUNLearn etc., as you can see below. Not many people will notice that the address is not a university address, neither is it secure.

It is imperative that you do not click on the link in the mail, and do not provide the scammers with your username and password as they might be able to access the university’s systems that are accessible through the Single Sign-On page.

Last year scammers were able to forge the e-HR login page through a phishing scam and several staff members had their bank accounts details and other personal details exposed to the scammers.  In the light of the issues that Tygerberg staff have been having with general network access earlier this month, and this week’s issue with e-mail, the arrival of this sort of mail at this time can fool some people into thinking that it is legitimate and lead to compromised network and e-mail accounts.

Here’s how to report any phishing or spam mail:

Send the spam/phishing mail to help@sun.ac.za and sysadm@sun.ac.za.

Attach the phishing or suspicious mail on to the message if possible.
1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
2. Use the Title “SPAM” (without quotes) in the Subject.
3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
4. Send the mail.

[Information supplied by David Wiles]

Email

Tags: ,
Posted in E-mail, Security | Comments Off on Phishing scam disguised as the university’s single-sign on page

Phishing scam about reaching your mailbox storage limit

Tuesday, March 6th, 2018

Monday started with a phishing scam threatening to close your mailbox, and Monday is ending with another attack, using a similar intimidation tactic about your mailbox size.

The grammar and spelling is very poor on this one so it should be rather easy to spot. However the use of University branding and “STELLENBOSCH HELP DESK” might fool some people.

The Subject will be “We apologies” (sic)

Dear User,

You have reached the storage limit for your mailbox. Please visit the following link to complete your e-mail access restore.

Follow this link to complete the process: Click Restore

STELLENBOSCH HELP DESK

If you do click on the link (which does not go to a university website) …this webpage will appear. 

 

 

Many thanks to all of you who reported this.

Remember these 5 guidelines:

  1. Information Technology will never request sensitive information such as passwords.
  2. Phishing e-mails often appear as an important notice or urgent matter such as threats that your mailbox is over quota.
  3. Use of aggressive or intimidating language such as ‘immediately’ and threats of consequences of not verifying your account.
  4. Misspelled words and poor grammar that take away from the professional context of the e-mail. (this one is quite obvious)
  5. Use of an impersonal greeting. (Dear User)

If you have received mail that looks like this please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to help@sun.ac.za  and sysadm@sun.ac.za

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

IT have set up a website page with useful information on how to report and combat phishing and spam. The address is:https://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

[Article by David Wiles]

 

Email

Tags: ,
Posted in E-mail, Security | Comments Off on Phishing scam about reaching your mailbox storage limit

Phishing with subject “Email Expired”

Thursday, February 1st, 2018

Several students and personnel have informed us of a “new” mail making its rounds on our campuses.

The sender is “Postmaster” with the subject of “Email Expired”. This phishing scam tells you that your e-mail account will shortly expire and uses scare tactics to convince you to “click” on a link to activate your email.

Information Technology will never send you this type of email, ask you to click on a link or provide your username or password. Do not respond to these emails or click on links.

If you have received mail that looks like this please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to the following addresses

help@sun.ac.za and sysadm@sun.ac.za.

Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

IT has set up a website page with useful information on how to report and combat phishing and spam. The address is: https://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

 

[Article by David Wiles]

 

Email

Tags: ,
Posted in Security | Comments Off on Phishing with subject “Email Expired”

Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.