[:en]
A large number of phishing e-mails are arriving in university mailboxes from GMail accounts with subjects like “DOCS” or “PAYMENT”.
The e-mail reads “Hello, Please find attached, Thanks.” or something similar.
The attachment is usually a PDF. When you attempt to open it, it seems to be encrypted and asks you to enter personal details to access the document.
The PDF is in fact an executable file that installs malware on your computer to steal personal details, such as passwords etc. This way the scammers can get hold of personal details and defraud you.
Earlier this week a person at Tygerberg campus was defrauded of over R6000 when they sent an EFT payment to a catering supplier who was using a hijacked GMail account.
The scammer intercepted the victim’s mail and inserted their own bank account details into the attached invoice. The EFT was then paid to the scammer’s account instead of the supplier.
Compromised GMail, Yahoo!Mail and Hotmail accounts are often used by fraudsters, so it is imperative that you do not respond to mails such as these.
If someone wants to send you a document, they should at least contact you and tell you that they are sending the mail before sending it, usually not unannounced.
It is far too easy for scammers to defraud people, because we are not alert enough and too trusting. Please be careful.
Also read more on phishing and other security risks on our blog.
[ARTICLE BY DAVID WILES]
[:af]
Gedurende die afgelope week het ʼn groot aantal phishing e-posse, vanaf Gmail-rekeninge, in universiteitsposbusse beland.
Die e-posse se onderwerpveld bevat die woorde “DOCS” of “PAYMENT” en die e-pos se inhoud lees “Hello, Please find attached, Thanks.”, of iets soortgelyk.
Die aanhangsel is gewoonlik ʼn PDF, lyk of dit enkripteer is en vra dat jy persoonlike inligting invul om toegang tot die dokument te kry.
Die PDF is inderwaarheid ʼn uitvoerbare program wat malware op jou rekenaar installeer sodat dit persoonlike inligting, soos wagwoorde, kan bekom. Op so ʼn manier kan die kuberkrakers jou persoonlike inligting gebruik om jou te beroof.
Vroeër die week het ʼn persoon op Tygerberg-kampus R6000 verloor toe hulle ʼn EFT-betaling gedoen het aan ʼn spysenieringsverskaffer wat ʼn gekaapte Gmail-rekening gebruik het.
Die kuberkraker het die slagoffer se e-pos onderskep en sy eie bankdetails in die aangehegte kwitansie ingevul. Gevolglik is die EFT-betaling in die verkeerde rekening betaal.
Gmail, Yahoo!Mail en Hotmail-rekeninge word gereeld deur krakers gebruik, so dis belangrik dat jy nie reageer op e-posse met hierdie kenmerke nie. Indien iemand vir jou ʼn belangrike dokument wil stuur, veral waar betaling betrokke is, behoort hulle jou eers te kontak om te laat weet hulle stuur dit.
Ongelukkig maak tegnologie en ons blinde vertroue daarin, dit vir kuberkriminele geweldig maklik om mense te besteel. Wees asseblief versigtig.
Lees ook meer oor phishing en ander sekuriteitsrisikos op ons blog.
[ARTIKEL DEUR DAVID WILES]
Tags: phishing