Language:
SEARCH

spear phishing

Phishing: Email from “Stellenbosch University Helpdesk”

Wednesday, December 13th, 2017

This morning’s spear-phishing attack comes in the form of a fake mail from “HelpDesk” about an alleged “Email Update”

The spear-phishing mail is as follows:

“Notice From Stellenbosch University HelpDesk: 

In an effort to increase the level of security for our  email accounts User, We are implementing a new email password policy for your protection. If you have not update your password recently click here: sun.ac.za to update your password or your e-mail will be temporarily  suspended .

Thanks for your co-operation.”

This is, of course, a phishing scam and you shouldn’t consider it as legitimate even though it allegedly comes from the “Helpdesk”.

The poor grammar, lack of official branding and threatening tone of the mail makes it a classic phishing scam, but with the added danger of students and personnel falling for it because of the  salutation “Notice from the Stellenbosch University HelpDesk:”

We have already blocked access to the server, but there is a high risk that users who are currently on holiday and accessing university mail through their ADSL internet connections or cell phone, will still have access to the scammer’s server and will be fooled by the “forged” login page and provide the scammers with their usernames and passwords. If this happens the scammers will gain control over the personnel or student account and continue their attack from “within” the university network.

Always send the spam/phishing mail to the following addresses:

help@sun.ac.za and sysadm@sun.ac.za.

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords for these accounts.)

IT has set up a website page with useful information on how to report and combat phishing and spam. The address is:

http://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/ As you can see the address has a sun.ac.za at the end of the domain name, so it is legitimate. 

Spear-phishing scam from “university personnel”

Wednesday, December 6th, 2017

Spear-phishing is a targeted form of phishing in which fraudulent emails are sent to specific individuals at an institution, like the university, in an effort to gain access to confidential information.

This morning we are starting to see the spear-phishing scam emails being sent out in the name of known individuals at the university – in Tygerberg’s case – the Dean, Prof Jimmy Volmink.

Below is a mail that is being sent out “in the name” of Prof Volmink, entitled “Invoice Problem”. (click on image to enlarge) It was sent to several university addresses, uses a forged e-mail address from another university, and has been designed to convince people that it is legitimate.

This is a dangerous phishing scam because it seems to come from a known person.Do not respond to it and if you do receive it here is what to do:

Send the spam/phishing mail to the following addresses help@sun.ac.za and sysadm@sun.ac.za.

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (which is safe): http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords for these accounts.)

IT has set up a website page with useful information on how to report and combat phishing and spam. The address is:

http://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

As you can see the address has a sun.ac.za at the end of the domain name, so it is legitimate. I suggest bookmarking this.

[ARTICLE BY David Wiles]

MAILBOX FULL phishing message

Tuesday, August 15th, 2017

A phishing email with the subject MAILBOX FULL has been sent from an internal SU staff member’s account. (See below for example with links removed)

Remember that spear-phishing email always appears to come from a trusted source like a university address and because it might seem to come from someone we know personally, there is a greater potential danger. Note that even if it says Microsoft, there’s no indication of branding. Official communication from IT will always be branded and look the same. Also, note the multiple spelling errors and suspiciously bad language. 

Do NOT click on any of the included links in the email or enter your username or password. You should never do this at any time. If you follow the link and supply your information, it will be used by phishing criminals to gain access to your bank details. 

If you have any inquiries, please let us know by logging a request on ServiceNow or calling our Service Desk at 808 4367. For more information on this and other phishing attacks, refer to our blog and Twitter account.


From: SU Staff, Mev <mevsustaff@sun.ac.za>
Sent: Tuesday, 15 August 2017 12:18 PM
Subject: Mailbox Full

Your mailbox is full and you have 3 mails pending. kindly increase the storage capacity of your mailbox account. Increase the storage capacity by clicking below

             storage increase

Fill out the instruction in order to increase the storage capacity to continue using your email account inorder to avoid being disconnected.

©Copyright 2017 Microsoft

All Right Reserved.

Phishing and whaling

Friday, February 5th, 2016

Recently we gave you some pointers on identifying phishing e-mails. So now that you know all the signs and how to outwit the criminals, there’s another variant – spear phishing. But don’t panic, it’s almost the same, with a bit of a twist.

Spear phishing is an e-mail that seems to be sent from an individual or business you know. Of course it’s really from hackers attempting to obtain you credit card, bank account numbers, passwords and financial information.

These types of attacks focus on a single user or department within an organisation and use another staff member from the organisation’s name to gain the victim’s trust. (Also see our recent article on the incident at Finance.)

They often appear to be from your company’s human resources or IT department, requesting staff to update information, for example passwords or account details. Alternatively the e-mail might contain a link, which will execute spyware when clicked on.

But wait, there are even more fishing comparisons.

When a phishing attack is directed specifically at senior executives, other high profile staff or seemingly wealthy people, it’s called whaling. By whaling cyber criminals are trying to catch the “big phish”, or whale.

phishing

[SOURCE: http://www.webopedia.com]

 
 
 
 

New cyber crime e-mail targets individuals

Wednesday, January 13th, 2016

Over the past two weeks a new e-mail scam has reared its head on campus. Scammers use contact information, available on the internet, to target individuals at the university.

One example is an e-mail which has been sent to various staff at the Finance department with a request to transfer money. (see e-mail with inactive addresses below)

The e-mail is sent from a gmail address, but the display name is a SU staff member’s name. Since the cyber criminal also saw the contact person’s name on the website (in this case Finance’s website), they address the receiver personally as, for example, Karin.

Similar scams use fax numbers available on the internet and then a fax is sent directly to the contact person.

Do not, under any circumstances, react to these e-mails. It is clearly an attempt to attract your attention and convince you to conduct a financial transaction. Delete and ignore the e-mail.

Report suspicious e-mail to sysadm@sun.ac.za and also read our articles on security on our blog, as well as the fortnightly newsletter, Bits & Bytes.


 

FROM: Stellenbosch University staff member name<example@gmail.com>
TO: Stellenbosch University staff member name<example@sun.ac.za>

Karin, 

Let me know if you can process a same day domestic bank transfer to a client. You will code it to professional services

The amount is R870,000, kindly confirm so i can forward the appropriate beneficiary details to enable instant clearance.

Regards

Sent from my iPhone

 

© 2013-2018 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.