[:en]
Over the past two weeks a new e-mail scam has reared its head on campus. Scammers use contact information, available on the internet, to target individuals at the university.
One example is an e-mail which has been sent to various staff at the Finance department with a request to transfer money. (see e-mail with inactive addresses below)
The e-mail is sent from a gmail address, but the display name is a SU staff member’s name. Since the cyber criminal also saw the contact person’s name on the website (in this case Finance’s website), they address the receiver personally as, for example, Karin.
Similar scams use fax numbers available on the internet and then a fax is sent directly to the contact person.
Do not, under any circumstances, react to these e-mails. It is clearly an attempt to attract your attention and convince you to conduct a financial transaction. Delete and ignore the e-mail.
Report suspicious e-mail to sysadm@sun.ac.za and also read our articles on security on our blog, as well as the fortnightly newsletter, Bits & Bytes.
FROM: Stellenbosch University staff member name<example@gmail.com>
TO: Stellenbosch University staff member name<example@sun.ac.za>
Karin,
Let me know if you can process a same day domestic bank transfer to a client. You will code it to professional services
The amount is R870,000, kindly confirm so i can forward the appropriate beneficiary details to enable instant clearance.
Regards
Sent from my iPhone
[:af]
Daar is die afgelope twee weke `n nuwe tendens op kampus waar kubermisdadigers kontakinligting wat op die internet beskikbaar is, gebruik om individue te teiken.
Een voorbeeld hiervan is `n e-pos wat aan verskeie personeel van Finansies gestuur is met `n versoek vir die oorbetaling van gelde. (sien e-pos onder met onaktiewe adresse)
Die e-pos word gestuur vanaf `n gmail adres, maar die display name is `n US personeellid se naam. Omdat die kubermisdadiger die kontakpersoon se naam ook op die internet (in die geval Finansies se webwerf) kon kry, rig hy die e-pos persoonlik aan byvoorbeeld Karin.
Soortgelyke gevalle gebruik ook faksnommers wat op die internet beskikbaar is en stuur dan `n faks aan `n spesfieke persoon.
Moet onder geen omstandighede op hierdie e-posse reageer nie. Hierdie is duidelik `n e-pos wat poog om u aandag te trek en te oortuig om `n finansiële transaksie uit te voer. Verwyder en ignoreer dit bloot.
Meld verdagte e-posse aan by sysadm@sun.ac.za en lees ook artikels oor sekuriteit op ons blog, sowel as die twee-weeklikse nuusbrief, Bits & Bytes.
FROM: Stellenbosch University staff member name<example@gmail.com>
TO: Stellenbosch University staff member name<example@sun.ac.za>
Karin,
Let me know if you can process a same day domestic bank transfer to a client. You will code it to professional services
The amount is R870,000, kindly confirm so i can forward the appropriate beneficiary details to enable instant clearance.
Regards
Sent from my iPhone
[:]
Tags: phishing, spear phishing