Over the past two weeks we’ve already recorded at least three incidents where phishing e-mails were sent to SU staff. Although we try to warn users against specific e-mails and block these e-mails on server level as soon as we’re aware of them, it’s almost impossible to protect e-mail users against each and every fraudulent e-mail.

The responsibility lies with the e-mail user in recognising the tell-tale signs and establishing whether it’s a phishing e-mail or not. Unfortunately 99% of the time it is and if you’re ever in doubt over clicking on a link, rather don’t. Go directly to the institution’s website and log in from there or contact the company or bank to confirm whether they sent it.

The latest example of such an e-mail is an e-mail which seems to be from Discovery and (of course) promises a reward. This is also a way to entice you into clicking on the links. Also look out for bad spelling, grammar and formatting. The links may look convincing, but when you move the mouse over them, are they really Discovery’s website links? By merely noticing this, you can immediately confirm that this is indeed an attempt at phishing. More hints on recognising fraudulent e-mails can be found here.

Immediately delete the e-mail and don’t click on the links or fill in any information. If you’ve supplied your info, immediately change your password and PIN and contact the institution to inform them of the breach. You can also send an e-mail to  sysadm@sun.ac.za with the subject SPAM and attach the suspect e-mail. IT system administrators will then be able to block the e-mail and protect other staff against it.

EXAMPLE OF “PHISHING” E-MAIL:

Stuur ‘n e-pos aan sysadm@sun.ac.za met Subject: SPAM en heg dan die verdagte e-pos met Insert Item aan.

This entry was posted on Friday, February 13th, 2015 at 12:00 pm and is filed under E-mail, Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.