Two e-mails trying to scam staff out of their information, and potentially money, materialised in our mailboxes last week.
The first is a familiar one attempting to get you to reactivate to increase your webmail quota.
The source of the scam is Russia, and it uses a man-in-the-middle method to send out the mail. This method takes the e-mail credentials from a staff member who has inadvertently given their e-mail details to the scammers. It typically occurs when you respond to a “you have won/inherited X-amount of money in a lucky draw/online survey/death of a unknown relative/government official” e-mail or click on an advert on a compromised website.
The scammers use your e-mail address and, if it is also infected with malware or a virus, your PC, to send an e-mail to all accounts within the same organisation.
The use of a university e-mail as the alleged sender often lulls us into thinking it is legitimate and we respond. We forget that “senders” and most mail details in an e-mail can be forged by these scammers.
The mail below is an example of one such scam. It might be useful to remember that personnel currently have 1Gb of mailbox storage, and students have 50Gb through Office365. The dangerous links have been removed.
The second e-mail targets Pick & Pay clients with an e-mail on Smart Shopper credits. (see example below with active links removed)
Take note of the following:
1. The e-mail is never addressed to you personally – it’s just a generic heading.
2. It asks the receiver to divulge personal information, e.g, Smartshopper number and ID number.
3. The wording is somewhat threatening – “make sure” and “must”.
With the information sourced by the e-mail, Smartshopper cards can be duplicated. Since your ID number is also joined with your Smartshopper card, not only your credits are at risk, but also the possibility of identity theft.
Never respond to this sort of mail. Information Technology will never send such a mail about your mailbox size and Pick & Pay also won’t communicate with its clients in this way. If in doubt phone the IT Service Desk.
From: University, Personnel, Address <faultyaddress@sun.ac.za>
Sent: Wednesday, 14 October 2015 08:24
Subject: 500MB
Dear E-mail User,
Your webmail quota has exceeded the set quota which is 500MB. you are currently running on 1.3GB. To re-activate and increase your webmail quota please verify and update your webmail Account In order to re-activate and increase your webmail quota click link : http://phishing.site.in.russia/ LOGON WITH YOUR LOGIN DETAILS TO COMPLETE UPGRADE.
Failure to do so may result in the cancellation of your webmail account. You may not be able to send or receive new mail until you re-validate your mailbox.
Thanks, and sorry for the inconvenience.
Admin/ Webmaster/ Local host
From: Pick N Pay [mailto:faultyaddress@pnp.co.za]
Sent: Tuesday, 20 October 2015 05:42
Subject: Your R700 Pick N Pay (PNP) Shopping Voucher ready for claim
Attention PNP Smart Card Owner,
You have qualified to receive a shopping voucher of R700 to shop for groceries at any “PNP” outlet near you. Make sure you have your SMART SHOPPER CARD with you before you can proceed.
CLICK HERE TO PROCEED
Regards,
PNP
[INFORMATION SUPPLIED BY DAVID WILES]
Twee e-posse wat hul bes probeer om jou inligting vas te lê, het die week in universiteitsposbusse verskyn.
Die eerste is `n e-pos wat beweer dat jy moet heraktiveer sodat jou webmail spasie vergroot kan word.
Die oorsprong hiervan is Rusland en dit gebruik die “middelman” metode om die e-pos uit te stuur. Die “middelman” metode gebruik die e-pos besonderhede van `n personeellid wat onbewustelik hul e-pos inligting aan kuberkrakers verskaf het. Dit gebeur gewoonlik as `n persoon reageer op `n “jy het X-bedrag gewen/geërf in `n gelukkig trekking/aanlyn opname/afsterwe van `n onbekende familielid/regeringsamptenaar”- e-pos of gekliek op `n webwerf wat besmet is.
Die kuberkrakers gebruik dan die e-posadres en soms ook die rekenaar, indien dit ook besmet is met `n virus of malware, om e-pos te stuur aan al die e-posadresse binne dieselfde organisasie.
Die bekende @sun adres maak ons gerus. Ons dink dis veilig en reageer sonder om twee keer te dink daaroor. Ons vergeet dat skelms slim is en feitlik enigiets kan namaak.
Onder is `n voorbeeld van die e-pos. Die aktiewe skakels is ook verwyder vir jou eie veiligheid.
Onthou dat personeel tans `n 1GB e-pos stoorspasie het en studente 50GB op Office365.
Die tweede teiken Pick & Pay kliënte met `n e-pos oor Smart Shopper-punte.
Let op die volgende:
1. Die e-pos is nie persoonlik aan jou gerig nie, dis net `n generiese aanhef.
2. Dit vra persoonlike inligting soos jou ID-nommer en Smartshopper nommer.
3. Die bewoording is dreigend – “make sure” and “must”.
Met die inligting wat ingewin word deur die e-pos, kan Smartshopper kaarte gedupliseer word. Aangesien jou ID-nommer ook aan jou Smartshopper-kaart gekoppel is, is die risiko nie net dat jy punte of krediet gaan verloor nie, maar dat dit ook verdere implikasies hê.
Sien ook onder `n voorbeeld waar die skadelike skakels reeds verwyder is.
Moet nooit reageer op hierdie tipe e-posse nie. Informasietegnologie sal nooit so `n e-pos stuur oor jou posbus grootte nie en Pick & Pay sal ook nie so met sy kliënte kommunikeer nie . As jy twyfel, skakel eerder die IT Dienstoonbank.
From: University, Personnel, Address <faultyaddress@sun.ac.za>
Sent: Wednesday, 14 October 2015 08:24
Subject: 500MB
Dear E-mail User,
Your webmail quota has exceeded the set quota which is 500MB. you are currently running on 1.3GB. To re-activate and increase your webmail quota please verify and update your webmail Account In order to re-activate and increase your webmail quota click link : http://phishing.site.in.russia/ LOGON WITH YOUR LOGIN DETAILS TO COMPLETE UPGRADE.
Failure to do so may result in the cancellation of your webmail account. You may not be able to send or receive new mail until you re-validate your mailbox.
Thanks, and sorry for the inconvenience.
Admin/ Webmaster/ Local host
From: Pick N Pay [mailto:faultyaddress@pnp.co.za]
Sent: Tuesday, 20 October 2015 05:42
Subject: Your R700 Pick N Pay (PNP) Shopping Voucher ready for claim
Attention PNP Smart Card Owner,
You have qualified to receive a shopping voucher of R700 to shop for groceries at any “PNP” outlet near you. Make sure you have your SMART SHOPPER CARD with you before you can proceed.
CLICK HERE TO PROCEED
Regards,
PNP
[INLIGTING VERSKAF DEUR DAVID WILES]
