SEARCH

  • [:en]Recent Posts[:af]Onlangse bydraes

  • [:en]Categories[:af]Kategorieë

  • [:en]Archives[:af]Argiewe

E-mail

« Older Entries
Newer Entries »

[:en]New phishing message distributed on campus [:af]Nuwe phishing boodskap op kampus versprei

Friday, May 6th, 2016

[:en]

This morning we received word of a new phishing e-mail being distributed on campus. (see example below) Please note that the message below is NOT from the University’s IT department. All our e-mails will be branded and in both Afrikaans and English. Ignore these e-mails and delete them. Other signs to look out for are:

1. The e-mail is never addressed to you personally – it’s a generic heading. (e.g. Dear client)
2. It asks the receiver to divulge personal information, for example your ID number, password or username.
3. The e-mail asks you to click on a link to “activate” your account. Don’t click on any links in e-mails (unless it’s an official IT e-mail) and also don’t copy and paste it in your web browser.
4. Usually a short time limit is given, for example “within 24 hours”.
5. Make sure the request is official and legal by calling the company and confirming.
6. Do not send sensitive information by e-mail. Legitimate companies won’t ask you to send data by e-mail.

—————————————————————————————————————————

From: a University staff member [mailto:scammers-email@outlook.com]
Sent: 05 May 2016 11:52 PM
Subject: Outlook WebAccess

Today Thursday 5th  May, 2016. we are upgrading our email system to Outlook Web App 2016. This service creates more space and easy access to email. Please update your account by clicking on Activation below, fill information for activation and submit.

Click for Activation

Inability to complete the information will render your account inactive. 

Thank you.

IT Admin Desk

[:af]

Die IT dienstoonbank is vanoggend in kennis gestel van `n nuwe phishing e-pos wat op kampus versprei word. (sien voorbeeld onder) Neem asseblief kennis dat onderstaande e-pos NIE deur die universiteit se IT-afdeling uitgestuur word nie. Ons e-posse sal altyd ons eie mashoof ophê en in beide Afrikaans en Engels wees. Ignoreer die e-pos en vee dit uit. Ander kenmerke om voor uit te kyk:

1. Die e-pos is nie persoonlik aan jou gerig nie, dis net `n generiese aanhef. (byvoorbeeld “Dear client”)
2. Dit vra persoonlike inligting, byvoorbeeld jou ID-nommer, wagwoord of gebruikersnaam.
3. Dit versoek dat jy op `n skakel kliek om jou rekening te “aktiveer”. Moenie kliek op skakels in e-posse nie (behalwe amptelike IT e-posse) en moet dit nie kopieer en plak in jou webblaaier nie.
4. Daar is gewoonlik `n kort tydsbeperking gekoppel aan die versoek, byvoorbeeld “binne 24 uur”.
5. Maak seker die versoeke is wettig deur die maatskappy se telefoonnommer te skakel en uit te vind.
6. Moenie sensitiewe informasie met e-pos stuur nie. Wettige maatskappye sal nie vra dat jy data per e-pos aan hulle stuur nie.

—————————————————————————————————————————-
Sent: 05 May 2016 11:52 PM
Subject: Outlook WebAccess

Today Thursday 5th  May, 2016. we are upgrading our email system to Outlook Web App 2016. This service creates more space and easy access to email. Please update your account by clicking on Activation below, fill information for activation and submit.

Click for Activation

Inability to complete the information will render your account inactive. 

Thank you.

IT Admin Desk

Email

Posted in E-mail, Security | Comments Off on [:en]New phishing message distributed on campus [:af]Nuwe phishing boodskap op kampus versprei

[:en]Discovery phishing scam

Wednesday, April 6th, 2016

[:en]

Please take note that a new phishing e-mail is being distributed to SU addresses. It seems to be from Discovery, coincidentally also SU staff medical aid, but is in fact a phishing e-mail.

 

Do not be tempted by the promise of R1700. If Discovery owed you money, they would probably deposit the outstanding amount in your bank account directly. They wouldn’t ask you to do anything from your side.

 

Ignore and delete the e-mail. Do not click on the links and do not enter any personal information on the site if you do click on the link. If you’ve already done so, immediately change the relevant password to prevent your accounts from being hacked. 

 

 

 

 

Hello Valued Customer,

 

Your Discovery Card was credited with 17000 Miles (R1700) as a reward for been a loyal customer last  2 weeks today ( Final notice) , but you did not claim it, we are giving you another chance. Follow the instructions below:- 

1. Click this link http://www.discovery.co.za/portal/individual/login  

2. Then enter your www.discovery.co.za Username and Password and click login 

3.  Update your Discovery Credit Card  details and click update after you have completed it( Note:-Do not fail to enter the full details correctly).

 

Regards,

Discovery Miles Team

Email

Posted in E-mail, Security | Comments Off on [:en]Discovery phishing scam

[:en]The history of malware,Trojans and worms (part 3)[:af]Die geskiedenis van malware, Trojane en wurms (deel 3)[:]

Thursday, March 17th, 2016

[:en]

Two weeks ago we explored lesser known malware, Trojans and worms, after 1985. This time around, we look at more recent threats, starting with zombies…

2003 Zombie, Phishing
The Sobig worm gave control of the PC to hackers, so that it became a “zombie,” which could be used to send spam. The Mimail worm posed as an email from Paypal, asking users to confirm credit card information.

2004 IRC bots
Malicious IRC (Internet Relay Chat) bots were developed. Trojans could place the bot on a computer, where it would connect to an IRC channel without the user’s knowledge and give control of the computer to hackers.

2005 Rootkits
Sony’s DRM copy protection system, included on music CDs, installed a “rootkit” on users’ PCs, hiding files so that they could not be duplicated. Hackers wrote Trojans to exploit this security weakness and installed a hidden “back door.”

2006 Share price scams
Spam mail hyping shares in small companies (“pump-and-dump” spam) became common.

2006 Ransomware
The Zippo and Archiveus Trojan horse programs, which encrypted users’ files and demanded payment in exchange for the password, were early examples of ransomware.

2006 First advanced persistent threat (APT) identified 
First coined by the U.S. Air Force in 2006 and functionally defined by Alexandria, Virginia security firm Mandiant in 2008 as a group of sophisticated, determined and coordinated attackers. APTs are equipped with both the capability and the intent to persistently and effectively target a specific entity. Recognized attack vectors include infected media, supply chain compromise and social engineering.

2008 Fake antivirus software
Scaremongering tactics encourage people to hand over credit card details for fake antivirus products like AntiVirus 2008.

2008 First iPhone malware
The US Computer Emergency Response Team (US-CERT) issues a warning that a fraudulent iPhone upgrade, “iPhone firmware 1.1.3 prep,” is making its way around the Internet and users should not be fooled into installing it. When a user installs the Trojan, other application components are altered. If the Trojan is uninstalled, the affected applications may also be removed.

2009 Conficker hits the headlines
Conficker, a worm that initially infects via unpatched machines, creates a media storm across the world.

2009 Polymorphic viruses rise again
Complex viruses return with a vengeance, including Scribble, a virus which mutates its appearance on each infection and used multiple vectors of attack.

2009 First Android malware
Android FakePlayerAndroid/FakePlayer.A is a Trojan that sends SMS messages to premium rate phone numbers. The Trojan penetrates Android-based smartphones disguised as an ordinary application. Users are prompted to install a small file of around 13 KB that has the standard Android extension .APK. But once the “app” is installed on the device, the Trojan bundled with it begins texting premium rate phone numbers (those that charge). The criminals are the ones operating these numbers, so they end up collecting charges to the victims’ accounts.

2010 Stuxnet
Discovered in June 2010 the Stuxnet worm initially spreads indiscriminately, but is later found to contain a highly specialized malware payload that is designed to target only Siemens supervisory control and data acquisition (SCADA) systems configured to control and monitor specific industrial processes. Stuxnet’s most prominent target is widely believed to be uranium enrichment infrastructure in Iran.

2012 First drive-by Android malware
The first Android drive-by malware is discovered, a Trojan called NotCompatible that poses as a system update but acts as a proxy redirect. The site checks the victim’s browser’s user-agent string to confirm that it is an Android visiting, then automatically installs the Trojan. A device infected with NotCompatible could potentially be used to gain access to normally protected information or systems, such as those maintained by enterprise or government.

2013 Ransomware is back
Ransomware emerges as one of the top malware threats. With some variants using advanced encryption that makes recovering locked files nearly impossible, ransomware replaces fake antivirus as malicious actors’ money-soliciting threat of choice.

Take note that information below is an extract from the Sophos Threatsaurus, compiled by Sophos, a security software and hardware company.

[:af]

Twee weke gelede het ons ondersoek ingestel na malware, Trojaanse virusse en wurms na 1985. Dié keer is dit meer onlangse bedreigings se beurt. Ons begin by zombies … 

2003 Zombies en Phishing
Met behulp van die Sobig-wurm kry krakers beheer oor rekenaars, verander dit in `n zombie en stuur daarmee gemorspos uit. Die Mimail-wurm kamoefleer homself as `n Paypal e-pos en vra gebruikers om kredietkaartinligting te bevestig. 

2004 IRC robotte
Kwaadwillige IRC (Internet Relay Chat) robotte word ontwikkel. Trojaanse virusse laai die robotte op rekenaars, laat dit aan `n IRC-kanaal verbind, sonder die gebruiker se medewete en kry beheer oor die rekenaars.

2005 Rootkits
Sony se DRM kopie-beskermingstelsel op musiek CDs, installeer `n rootkit, wat leêrs wegsteek sodat dit nie gedupliseer kan word nie, op rekenaars. Kuberkrakers skryf Trojaanse virusse om hierdie sekuriteit-swakplek te misbruik en `n versteekte back door te installeer.

2006 Aandeleprys-bedrog
Gemorspos wat aandele in klein maatskappye opjaag (pump-and-dump-gemorspos) raak die nuutste kubergevaar.

2006 Ransomware
Die Zippo en Archiveus Trojaanse virusprogramme word die eerste ransomware. Hulle enkripteer leêrs en eis `n losprys in ruil vir die wagwoord.

2006 Eerste moderne bedreiging (APT) identifiseer
APTs is die eerste keer in 2006 deur die Amerikaanse lugmag uitgewys. Hulle is toegerus met beide die vermoë en oogmerk om `n spesifieke teiken effektief en aanhoudend te teiken. Die gesofistikeerde, doelgerigte en gekoördineerde aanvalle word geloods geloods op media en verskaffingskettings en sluit sosiale manipulasie in.

2008 Vervalste anti-virus sagteware
Deur middel van bangmaak-taktieke word gebruikers oortuig om hul kredietkaartinligting te gee vir vervalste anti-virus produkte soos AntiVirus 2008.

2008 Eerste iPhone malware
Die US Computer Emergency Response Team (US-CERT) reik `n waarskuwing uit oor `n misleidende iPhone opgradering, die iPhone firmware 1.1.3 prep. As `n gebruiker die Trojaanse virus installeer, word komponente van die foontoepassing aangepas. As die virus verwyder word, word die toepassings wat aangetas is, daarmee saam verwyder. 

2009 Conficker haal die nuus
Conficker, `n wurm wat aanvanklik versprei word deur middel van verouderde rekenaars, veroorsaak wêreldwye mediadekking.

2009 Polimorfiese virusse is terug
Komplekse virusse maak met mening weer hul verskyning. Een van hulle is Scribble, `n virus wat sy kenmerke met elke infeksie verander en talle metodes gebruik om te versprei.

2009 Eerste Android malware
Android FakePlayer is `n Trojaanse virus wat SMSe na foonnommers stuur en Android slimfone indring omdat dit soos `n gewone toepassings lyk. Gebruikers word versoek om `n klein lêer van ongeveer 13 KB, met die gewone Android uitbreidingnaam .APK, te installeer. Sodra die “toepassing” op die toestel installeer is, begin die Trojaanse virus premium tarief foonnommers SMS. Diegene wat hierdie nommers bestuur, is deel van die kriminele netwerk en vorder die fooie vanaf die slagoffers se rekeninge in.

2010 Stuxnet
Die Stuxnet-wurm, `n hoogs gespesialiseerde malware program wat Siemens se kontrolebeheer- en datawerwingstelsels  (SCADA), verantwoordelik is vir die monitering van spesifieke industriële prosesse, teiken, word in Junie 2010 ontdek. Stuxnet se mees prominente teiken was blykbaar Iran se uraanverryking infrastruktuur.

2012 Eerste drive-by Android malware
`n Trojaanse virus, NotCompatible, word waargeneem. Dit lyk soos `n stelselopdatering, maar tree op as `n proxy herleier na `n ander webwerf. Die webwerf kyk of die gebruiker `n Android-toestel is en installeer dan die Trojaanse virus. `n Toestel wat met NotCompatible besmet is, kan gebruik word om toegang te verkry tot informasie of stelsels wat normaalweg beskerm is, byvoorbeeld dié van groot besighede of die regering. 

2013 Ransomware is terug
Ransomware is terug as een van die grootste malware bedreigings. Sommige variante gebruik gevorderde enkripsie wat die herwinning van gesluite lêers feitlik onmoontlik maak. 

Neem kennis dat al hierdie inligting geneem is van die Sophos Threatsaurus, saamgestel deur Sophos, `n sekuriteit sagte- en hardwaremaatskappy. 

[:]

Email

Tags: , ,
Posted in E-mail, Security | 2 Comments »

[:en]How to avoid spam[:af]Hoe om gemorspos te voorkom[:]

Thursday, March 17th, 2016

[:en]

Spam is unsolicited and often profitable bulk email. Spammers can send millions of emails in a single campaign for very little money. If even one recipient out of 10,000 makes a purchase, the spammer can turn a profit. Unfortunately spam is more than a mere nuisance. It is also used to distribute malware. 

Here are a few tips to prevent your mailbox from being flooded with unwanted, dubious e-mails.

Never make a purchase from an unsolicited email.
By making a purchase, you are funding future spam. Spammers may add your email address to lists to sell to other spammers and you will receive even more junk email. Worse still, you could be the victim of a fraud.

If you do not know the sender of an unsolicited email, delete it.
Spam can contain malware that damages or compromises the computer when the email is opened.

Don’t use the preview mode in your email viewer.
Spammers can track when a message is viewed, even if you don’t click on it. The preview setting effectively opens the email and lets spammers know that you receive their messages. When you check your email, try to decide whether a message is spam on the basis of the subject line only.

Don’t overexpose your email address.
How much online exposure you give your email address is the biggest factor in how much spam you receive. Here are some bad habits that expose your email address to spammers:
– Posting to mailing lists that are archived online
– Submitting your address to online services with questionable privacy practices
– Exposing your address publicly on social networks (Facebook, LinkedIn, etc.)
– Using an easily guessable address based on first name, last name and company
– Not keeping your work and personal email separate

Use the bcc field if you email many people at once.
The bcc or blind carbon copy field hides the list of recipients from other users. If you put the addresses in the To field, spammers may harvest them and add them to mailing lists.

Use one or two secondary email addresses.
 If you fill out web registration forms or surveys on sites from which you don’t want further information, use a secondary email address. 

Opt out of further information or offers.
When you fill out forms on websites, look for the checkbox that lets you choose whether to accept further information or offers. Uncheck if you don’t want to receive any more correspondence.

Take note that information below is an extract from the Sophos Threatsaurus, compiled by Sophos, a security software and hardware company.

[:af]

Gemorspos is ongewensde massa e-pos. Dis dikwels winsgewend vir die versenders aangesien miljoene e-posse in `n enkele veldtog gestuur kan word teen `n lae koste. As slegs een ontvanger uit 10,000 `n aankoop maak, kan die versender `n wins maak. Ongelukkig is gemorspos meer as net `n irritasie. Dit word ook gebruik om malware te versprei. 

Hier is `n paar wenke om te verhoed dat jou posbus oorloop van ongewensde, twyfelagtige e-posse.

Moet nooit iets koop deur gemorspos nie.
Deur iets te koop, befonds jy toekomstige gemorspos. Jy bevestig daarmee dat jou e-pos geldig is en jou e-posadres word dan bygevoeg op `n lys om te herverkoop aan ander gemorsposversenders. Jy sal derhalwe nog meer ontvang en stel jouself bloot aan moontlike bedrog.

Ken jy die persoon wat dit stuur? Nie? Vee dit uit.
Gemorspos kan malware bevat wat jou rekenaar besmet as jy die e-pos oopmaak.

Moenie die voorskou-opsie in jou e-posprogram gebruik nie.
Versenders van gemorspos kan sien of jy na die boodskap gekyk het, al maak jy dit nie oop nie. Die voorskou-verstelling maak inderwaarheid die e-pos oop en laat weet die versender dat die boodskap ontvang is. Wanneer jy e-pos lees, kyk na die onderwerpreël en probeer daarvolgens bepaal of dit gemorspos is.

Moenie jou e-pos onnodig blootstel nie.
Die grootste faktor wat bepaal hoeveel gemorspos jy kry, is hoeveel jy self jou e-posadres aanlyn blootstel. Hier is `n paar slegte gewoontes wat jou risiko verhoog:
– Jy stuur e-posse na adreslyste wat aanlyn gestoor word.
– Jy gee jou adres vir aanlyndienste waarvan die privaatheidspraktyke twyfelagtig is.
– Jy stel jou adres op sosiale netwerke bloot (Facebook, LinkedIn, ens.)
– Jy gebruik `n adres wat gebaseer is op jou naam, van en maatskappy.
– Jy gebruik een e-posadres vir werk en persoonlike sake. 

Gebruik die bcc-veld as jy vir `n groep mense e-pos stuur.
Die bcc of blind carbon copy veld steek die lys ontvangers weg. As jy al die adresse in die To veld sit, kan almal, ook gemorsposversenders, dit lees, en by hul eie adreslyste voeg.  

Gebruik een of twee sekondêre e-posadresse.
Wanneer jy webgebaseerde registrasievorms of opnames invul en daarna nie weer gepla wil word met inligting nie, gebruik `n ander, sekondêre adres vir die doel.

Kies om nie inligting of aanbiedinge te ontvang nie. 
Wanneer jy vorms op webwerwe invul, kyk vir die boksie wat jou die opsie gee om nie verdere inligting of aanbiedinge te ontvang nie. Verwyder die merkie af as jy nie gepla wil wees nie.

Neem kennis dat al hierdie inligting geneem is van die Sophos Threatsaurus, saamgestel deur Sophos, `n sekuriteit sagte- en hardwaremaatskappy. 

[:]

Email

Tags: ,
Posted in E-mail, Security | Comments Off on [:en]How to avoid spam[:af]Hoe om gemorspos te voorkom[:]

[:en]Phishing attack on same day as migration of Tygerberg accounts[:af]Phishing attack on same day as Tygerberg accounts were migrated[:]

Friday, March 4th, 2016

Today, between 07:00-08:00 the Tygerberg personnel accounts were migrated to the STB domain. E-mail, logins, etc. were affected and hopefully most of you were moved with relatively few issues.

The phishers do not stop their attacks and e-mails to try to get you to reveal your usernames, passwords etc,  and still flood many people’s mailboxes.

However, today there was another attack, which is particularly sinister, because apparently it is from from “HELPDESK” and asks you to log in to a page and give your username and password so you can enjoy the *improved* services. It is sent from the “Webmail Upgrade Team”.

An unfortunate coincidence that on the same day we are migrating, we receive a phishing scam about “upgrading”, hence its danger to Tygerberg.

Please don’t respond, or go to the site that you are being asked to go to. Do not fill in your username, password or ANY other details on any site. The Stellenbosch University Information Technology migration took place without there being any need for users to provide user names and passwords. Any issues with the migration can be reported telephonically to the IT Helpdesk at 021-8084367.

Here is an example of the phishing mail that many are receiving. If you are in doubt about any e-mail you receive, call your local computer geek or at least ask the IT HelpDesk.

—–Original Message—–

From: Webmail Upgrade Team [mailto:phisher@scam.com]

Sent: 03 March 2016 12:23 PM

Subject: HELP DESK

ATTN: Outlook Web Access User,

Take note of this important update that our new webmail has been improved with a new messaging system from Outlook Web Access which also include faster usage on email, shared calendar,web-documents and the new 2016 anti-spam version. Please use the outlook web access link below to complete your update for our new Outlook Web Access improved webmail.

http://link.to.phishing.site/

NOTE: Failure to do this within 24 hours of receiving this notice we will immediately render your Outlook Web App account deactivated from our database and you cannot hold us responsible since you fail to adhere to our request.

___________________

Regards,

IT Service Desk Support.

Admin Team

Miss Annie Phisher

[INFORMATION SUPPLIED BY DAVID WILES]

 

 

Email

Tags: ,
Posted in E-mail, Security | Comments Off on [:en]Phishing attack on same day as migration of Tygerberg accounts[:af]Phishing attack on same day as Tygerberg accounts were migrated[:]

« Older Entries
Newer Entries »