[:en] Earlier this week Tygerberg was subjected to a particularly pervasive attempt by phishing fraudsters to obtain usernames and passwords from users by fooling them to “Activating” their Outlook 2016 account.
Although mostly unsuccessful due to the fact that most personnel are wide awake and sensitive to phishing attacks, this does not stop the attempts. The fraudsters merely change their tactics. Stealing data and gaining access to personal details such as usernames and passwords is very, very profitable!
Today’s phishing scam uses a different method by hiding behind an educational institution’s name and adding a “throw-away” website address at the end.
——————————————————————
Dear Account User,
We are shutting down your Bulk SMS, Cellfindportal today in a course to activate Microsoft Outlook Web access 2016. You need to upgrade your Bulk SMS, Cellfindportal immediately otherwise it will be deactivated.
To activate go to http://bulk-sms-cellfindportal-sun.ac.za.webeden.co.uk
The Information Technology department encourages you to take the following measures to protect your account.
Sincerely
IT Customer Support Center© 2016 CELL FIND LLC. All Rights Reserved
—
The University of Stellenbosch is a charitable body, registered in
Republic of South Africa, with registration number ZA005336.
——————————————————————
We’ve removed the dangerous part of the mail, but you hopefully can see how we can be fooled if we see the “sun.ac.za” address and see the “disclaimer” at the end, and think that it is from the University.
Information Technology will never send you mail like this and if they do mail you, it will always be branded and linked to a sun.ac.za site, and the grammar will be a lot better than this example, and will be bilingual at least!
[ARTICLE BY DAVID WILES]
[:af]
Tygerberg-kampus is vroeër die week blootgestel aan `n besondere deurdringende poging deur phishing kuberkriminele. Hulle doel was om gebruikersname en wagwoorde te bekom deur gebruikers te oortuig dat hulle hul Outlook 2016 rekeninge moet “heraktiveer”.
Gelukkig was dit grotendeels onsuksesvol omdat die meeste personeel wakker en oplettend vir phishing-aanvalle. Dit stop hulle egter nie. Die kriminele verander bloot hulle taktiek. Datadiefstal en toegang tot persoonlike inligting soos gebruikersname en wagwoorde is baie, baie winsgewend!
Vandag se phishing-poging gebruik `n ander metode deur weg te kruip agter `n akademiese instansie se naam en dan `n “weggee” webwerf aan die einde.
——————————————————————
Dear Account User,
We are shutting down your Bulk sms, Cellfindportal today in a course to activate Microsoft Outlook Web access 2016. You need to upgrade your Bulk sms, Cellfindportal immediately otherwise it will be deactivated.
To activate go to: http://bulk-sms-cellfindportal-sun.ac.za.webeden.co.uk
The Information Technology department encourages you to take the following measures to protect your account.
Sincerely
IT Customer Support Center© 2016 CELL FIND LLC. All Rights Reserved
—
The University of Stellenbosch is a charitable body, registered in
Republic of South Africa, with registration number ZA005336.
——————————————————————
Ons het die gevaarlike gedeelte van die e-pos verwyder, maar dis steeds maklik om te sien hoe ons, deur te kyk na die “sun.ac.za” en die “disclaimer”, mislei sou kon word om te dink dat dit deur die Universiteit gestuur is.
Informasietegnologie sal nooit `n e-pos soos hier bo vir jou stuur nie. Indien jy `n e-pos van IT kry, sal dit duidelike kenmerke en `n US logo bevat; die taalgebruik sal hopelik beter wees en dit sal waarskynlik tweetalig wees.
[ARTIKEL DEUR DAVID WILES]