Over the past few weeks we’ve recorded an unsettling increase in phishing incidents at IT. This isn’t a new occurrence. Earlier this year a similar incident occurred at Tygerberg campus.
However, the risk of phishing is increasing rapidly due to our increased usage of social media with sites such as Facebook, Twitter, Instagram, etc. These large websites are targeted as they provide an ample amount of user data to be harvested.
To access all these sites you also need a username and password and unfortunately most people have the tendency to consistently use the same password. By doing this, you make it easier for a cyber-criminal to, not only access your social networks, but other information as well. When you also use your sun e-mail address, you expose Stellenbosch University.
If a cyber-criminal gains access to your sun inbox, he not only has access to your own and SU information, but he can also send mass e-mails to anyone from your name. As a result SU e-mail servers are flooded by huge amounts of e-mails and this affects all users on campus negatively.
Secondly, it can also cause damage to your reputation since you’re the sender, even if you’re not responsible. Your address might even be blocked on our servers due to your unknowing behaviour.
In a recent incident IT only became aware of a staff member who fell victim to phishing after the office of the Deputy President, Cyril Ramaphosa, laid a complaint.
Never use your SU username or password to access any external website. Rather register your own, unique address at Google (www.gmail.com), Yahoo or any other free e-mail service. By doing this, you’ll ensure that your private and work information stays separate and the risk of exposing SU systems and sensitive information will be decreased.
Additional information regarding phishing can also be found on our wiki.
Die afgelope tyd word daar toenemend kuberstrikroof-gevalle aangemeld by IT. Die voorkoms hiervan is niks nuut nie, ons het reeds aan die begin van die jaar verslag gedoen oor `n voorval op Tygerberg.
Die risiko van kuberstrikroof, of te wel phishing groei by die dag as gevolg van ons groeiende gebruik van sosiale media soos Facebook, Twitter, Instagram ens. Dis ook hierdie groot webwerwe wat geteiken word omdat daar soveel potensiële data is om te gebruik.
Al hierdie groot webwerwe vereis `n wagwoord en ongelukkig is daar die geneigdheid om dieselfde wagwoord deurlopend te gebruik. Sodra `n kuberkrimineel dus een wagwoord bekom het, het hy toegang tot al jou sosiale netwerke, maar ook tot meer inligting. As jy jou sun-adres op hierdie tipe sosiale netwerke gebruik, stel jy ook die US bloot.
Indien kuberkriminele toegang tot jou sun posbus kry, het hy nie net toegang tot al jou eie en US-inligting nie, maar kan hy ook in jou naam massa e-posse stuur. Die resultaat hiervan is dat die US e-posbedieners lam gelê word deur die onhanteerbare hoeveelheid e-pos en dit implikasies het vir alle gebruikers op kampus.
Tweedens doen dit jou naam skade aangesien jy gesien word as die verantwoordelike persoon, al is jy nie die skuldige nie. Jou adres kan selfs geblok word deur ander bedieners weens hierdie optrede. In `n onlangse geval het IT bewus geword van `n personeellid wat `n slagoffer was van phishing nadat die kantoor van die Vise-President, Cyril Ramaphosa, `n klagte ingedien het.
Moet nooit jou US gebruikersnaam en wagwoord op enige eksterne webwerf gebruik vir toegang nie. Registreer vir jou `n unieke e-pos adres by Google (www.gmail.com), Yahoo of enige gratis e-pos verskaffer. Op so `n manier hou jy jou privaat en werksinligting apart en verminder jy die risiko dat jou e-pos die oorsaak is dat toegang bekom word tot stelsels en sensitiewe inligting.
Addisionele inligting oor phishing kan ook op ons wiki gevind word.
