SEARCH

  • [:en]Recent Posts[:af]Onlangse bydraes

  • [:en]Categories[:af]Kategorieë

  • [:en]Archives[:af]Argiewe

Security

« Older Entries
Newer Entries »

[:en]Phishing with subject “Verify Your Email To Avoid Disruption”[:]

Friday, June 7th, 2019

[:en]

An email with the subject “Verify Your Email To Avoid Disruption” which looks as if it’s from “Stellenbosch University – Outlook Office 365” was sent to staff and students. The email asks you to click on a link to verify your Outlook account. (see image)

This is not a legitimate email from Information Technology, but a phishing attempt.

We will never ask you to provide any personal information by means of email. By clicking on links and providing your information, you give criminals access to your personal information and your accounts.

If you clicked on the link in this phishing email, immediately change your password on www.sun.ac.za/password. For enquiries contact the IT Service Desk by logging a request or calling 808 4367. More information on phishing is available on our blog and Twitter.

[:]

Email

Tags:
Posted in E-mail, Security | Comments Off on [:en]Phishing with subject “Verify Your Email To Avoid Disruption”[:]

[:en]How to avoid phishing scams[:af]Hoe om phishing-pogings te fnuik[:]

Friday, May 24th, 2019

[:en]

We are often asked by staff and students what they can do to stop phishing scams, and what software they should install to prevent them from becoming victims. In some cases students have asked us to fix their computers and to install software to block phishing scams.

Of course that request is impossible to fulfil. Phishing scams are like the common cold. Just like you cannot prevent the common cold, you can only adopt a lifestyle, and take precautionary measures to reduce your risk of infection. They will always be there and will always adapt and change. As long as there are people who are uninformed or careless who fall for these scams, phishing attacks will continue.

The best way to reduce your risk is to report all suspected phishing scams on ICT Partner Portal. (Full details at the end of this post). Here are some basic rules to help you to identify phishing scams:

  • Use common sense
    Never click on links, download files or open attachments in email or social media, even if it appears to be from a known, trusted source.
  • Watch out for shortened links
    Pay particularly close attention to shortened links. Always place your mouse over a web link in an email (known as “hovering”) to see if you’re being sent to the right website.
  • Does the email look suspicious?
    Read it again. Many phishing emails are obvious and will have implausible and generally suspicious content.
  • Be wary of threats and urgent deadlines
    Threats and urgency, especially coming from what claims to be a legitimate company, are a giveaway sign of phishing. Ignore the scare tactics and rather contact the company via phone.
  • Browse securely with HTTPS
    Always, where possible, use a secure website, indicated by https:// and a security “lock” icon in the browser’s address bar, to browse.
  • Never use public, unsecured Wi-Fi, including Maties Wi-Fi, for banking, shopping or entering personal information online
    Convenience should never be more important than safety.

If you do receive a phishing e-mail, please report it as soon as possible. Once you have reported the spam or phishing mail, you can delete it immediately.

You can report this on IT’s request logging system, the ICT Partner Portal.

  • Go to the ICT Partner Portal.
  • Fill in your information and add the email as an attachment. Your request will automatically be logged on the system and the appropriate measures will be taken by the system administrators to protect the rest of campus.

[ARTICLE BY DAVID WILES]

[:af]

Ons word dikwels deur personeel en studente gevra wat hulle kan doen om phishing-aanvalle te stop en watter sagteware hulle kan installeer om te voorkom dat hulle slagoffers daarvan word. In sommige gevalle het studente selfs versoek dat hulle rekenaars reggemaak moet word en sagteware installeer moet word om phishing-aanvalle te blok.

Ongelukkig is dit ʼn onmoontlike versoek. Net soos jy ʼn gewone verkoue nie kan voorkom nie, maar eerder ʼn spesifieke lewensstyl  en voorkomende maatreëls kan toepas om die risiko vir besmetting te voorkom, geld dieselfde vir phishing-aanvalle. En net soos verkoues, gaan kubersekuriteitsrisiko’s altyd daar wees en sal hulle aanpas en verander. Solank daar mense is wat oningelig of nalatig is, sal phishing-aanvalle voortduur.

Die beste manier om jou risiko te verminder is om alle agterdogtige phishing-pogings aan te meld op die ICT Partner Portal. (Meer volledige inligting aan die einde van hierdie artikel) Intussen is hier `n paar basiese reëls wat jou kan help om phishing uit te ken:

  • Gebruik logika
    Moet nooit op skakels kliek, lêers aflaai or aanhangsels oopmaak in e-pos of sosiale media nie, selfs al lyk dit of dit van ʼn bekende, betroubare bron kom. 
  • Oppas vir kort skakels
    Kyk veral krities na kort skakels. Hou altyd die muis oor `n webskakel in ʼn e-pos (bekend as “hovering”) om te kyk of jy na die regte webwerf herlei word. 
  • Lyk die e-pos verdag?
    Lees dit weer. Baie phishing e-posse is voor-die-hand-liggend en sal onoortuigende en algemeen verdagte inhoud bevat.
  • Wees versigtig vir dreigemente en dringende spertye
    Dreigemente en dringendheid, veral komende van ʼn skynbaar egte maatskappye, gee gou die phishing-poging weg. Ignoreer die bangmaaktruuks en kontak eerder die maatskappy telefonies. 
  • Navigeer eerder veilig met HTTPS
    Gebruik altyd, waar moontlik `n veilige webwerf, aangedui deur https:// en `n “slot” ikoon in die blaaier se adresstaaf.
  • Moet nooit publieke, onsekure Wi-Fi vir banksake, aankope of invoer van persoonlike inligting gebruik nie – dit sluit Maties Wi-Fi in
    Gerief behoort nooit meer belangrik as veiligheid te wees nie. 

Wanneer jy ʼn phishing e-pos ontvang, rapporteer dit so gou as moontlik. Daarna kan jy dit dadelik uitvee. 

Jy kan dit rapporteer op die IT se versoekaantekenstelsel, die ICT Partner Portal.

  • Gaan na die ICT Partner Portal.
  • Vul jou inligting in en heg die e-pos as ʼn aanhangsel aan. Jou versoek sal outomaties aangeteken word en die nodige maatreëls sal getref word deur ons stelseladministrateurs om die res van die kampus te beskerm.

[ARTIKEL DEUR DAVID WILES]

[:]

Email

Tags: , ,
Posted in Security, Tips | Comments Off on [:en]How to avoid phishing scams[:af]Hoe om phishing-pogings te fnuik[:]

[:en]WhatsApp scams[:]

Tuesday, April 23rd, 2019

[:en]

Several WhatsApp scams are popping up in South Africa at the moment and it might be a good idea to look out for these latest threats. 

  1. WhatsApp Gold
    This hoax has been around for a long time and is a simple phishing attack where you receive a message that WhatsApp has launched a new upgraded service called WhatsApp Gold. Often this app is advertised as free and includes features such as new themes and free voice calls. The message contains a link to download WhatsApp Gold, which installs malware on your cell phone. This malware enables hackers to steal your information or even to spy on your messages and communications. To avoid falling for scams like this never click on unknown links or download unverified software onto your cell phone.

  2. Voucher phishing
    Similar to the WhatsApp Gold scam, these messages are usually sent from a number impersonating a fake contact. They generally state that you have won a free voucher for a local supermarket in return for completing a short survey. The link contained in this message diverts to a fake website impersonating the supermarket’s web page. Once users have entered their details on the website, their information has been compromised and is fed straight to the scammers. Shoprite, OK and Pick ‘n Pay have reported scams using their branding on a fake website.

  3. Spy apps
    While browsing or in a WhatsApp message, you might find a link to download a WhatsApp “spy app” claiming to be able to see what your contacts are saying to each other, along with giving you the ability to intercept their pictures, voice messages, and images. Of course there is no way to intercept WhatsApp messages in this way as all WhatsApp conversations are encrypted. These fake “spy app” applications usually install malware on your phone or sign you up for expensive subscription services. Several students have reported that they have recently fallen victim to these scams. It is important to realise that the Google Play Store is not infallible and can also contain malware-infested spy apps.

  4. Verification request scams
    The last two scams are by far the most popular in South Africa. Verification request scams are spread through compromised accounts. (some of people you might know) You will receive a message from a user on your WhatsApp contact list asking to send your WhatsApp verification code. If you do, scammers will have access to your Whatsapp account and can take over your number. Never divulge your WhatsApp verification code and be wary of strange requests from your contacts.

  5. SIM-swop takeover
    Currently this is by far the biggest threat to South African WhatsApp users. The financial losses incurred by sim-swop victims in 2018 was a whopping R89 million. When SIM-swop fraud happens and the fraudsters take ownership of your number, they can easily and instantly install WhatsApp on their own smartphone and log in to your account. The two-factor authentication message will be sent to the number they now control and using WhatsApp, they can scam your contacts into divulging information or send them money by impersonating you.

    This is also a serious threat to other platforms that use SMS two-factor authentication – including many banking apps. You should check immediately with your cell phone provider if you lose access to your cell phone network for no apparent reason, as this is the first sign that SIM-swop fraud might have been committed.

[ARTICLE BY DAVID WILES]

[:]

Email

Posted in Communication, Security | Comments Off on [:en]WhatsApp scams[:]

[:en]Malware warning[:af]Malware-waarskuwing[:]

Tuesday, April 16th, 2019

[:en]

Emails with the subjects “Have you received your payment” and “Apply for a loan” are being distributed to students and staff. Please do not open these since they could contain an embedded file which will infect your device with malware.

When you receive emails with attachments from unknown senders, keep in mind that you should never open attachments as they could contain malicious content.

If you think your account or device has been compromised or you notice suspicious activity:

  1. Immediately change your password on www.sun.ac.za/password.
  2. Contact the IT Service Desk by logging a request or calling 808 4367.
  3. More information is available on our blog and Twitter.

[:af]

E-pos met die onderwerpe “Have you received your payment” en “Apply for a loan” word tans aan studente en personeel versend. Moet asb. nie hierdie e-posse oopmaak nie aangesien dit leêrs met malware bevat wat jou toestel sal besmet.

Wanneer jy e-posse met aanhangsels ontvang van onbekende versenders, hou in gedagte dat jy nie die aanhangsels moet oopmaak nie aangesien dit skadelike inhoud kan bevat.

Indien jy vermoed dat jou rekening of toestel gekompromitteer is of jy agterdogtige aktiwiteite oplet:

  1. Verander dadelik jou wagwoord by www.sun.ac.za/password.
  2.  Kontak die IT Dienstoonbank deur ʼn versoek aan te meld of 808 4367 te skakel.
  3. Meer inligting is beskikbaar op ons blog en Twitter.

[:]

Email

Tags:
Posted in E-mail, Security | Comments Off on [:en]Malware warning[:af]Malware-waarskuwing[:]

[:en]Increase in phishing attacks[:af]Toename in strikroofaanvalle[:]

Wednesday, April 3rd, 2019

[:en]

Phishing attacks are on the increase due to staff and students replying to phishing emails or entering their usernames and passwords on suspicious websites.

This not only poses a security risk for the user, but also for their colleagues and more importantly, for the safety of our entire university network.

Please do not reply to any email requesting your username and password, even if it’s seemingly from someone you know. This information is used by phishing attackers to target our students and staff. By supplying your private information you are making it much easier for them to access accounts and the network.

If you think your account has been compromised or notice suspicious activity:

  • Immediately change your password on www.sun.ac.za/password.
  • Contact the IT Service Desk by logging a request or calling 808 4367.
  • More information on phishing is available on our blog and Twitter.

[:af]

Strikroofaanvalle is besig om skerp toe te neem weens personeel en studente wat steeds reageer op strikroof e-posse en hulle gebruikersname en wagwoorde op verdagte webwerwe intik.

Hierdie optrede is nie net ʼn sekuriteitsrisiko vir die betrokke gebruiker nie, maar ook vir sy/haar kollegas en meer belangrik, vir die veiligheid van die universiteit se netwerk.

Moet asseblief onder geen omstandighede reageer op enige e-posse wat versoek dat jy jou wagwoord en gebruikersnaam intik nie, selfs al lyk dit op die oog af soos iemand wat jy ken. Hierdie inligting word gebruik deur kuberaanvallers om ons personeel en studente te teiken. Deur jou inligting te gee maak jy dit aansienlik makliker vir hulle om toegang tot ons rekeninge en netwerk te kry.

Indien jy vermoed dat jou rekening gekompromitteer is of jy agterdogtige aktiwiteite oplet:

  • Verander dadelik jou wagwoord by www.sun.ac.za/password.
  • Kontak die IT Dienstoonbank deur ʼn versoek aan te meld of 808 4367 te skakel.
  • Meer inligting oor strikroofaanvalle is beskikbaar op ons blog en Twitter.

[:]

Email

Tags:
Posted in E-mail, Security | Comments Off on [:en]Increase in phishing attacks[:af]Toename in strikroofaanvalle[:]

« Older Entries
Newer Entries »