SEARCH

  • [:en]Recent Posts[:af]Onlangse bydraes

  • [:en]Categories[:af]Kategorieë

  • [:en]Archives[:af]Argiewe

Security

« Older Entries
Newer Entries »

[:en]Phishing with subject “Email Expired”[:]

Thursday, February 1st, 2018

[:en]

Several students and personnel have informed us of a “new” mail making its rounds on our campuses.

The sender is “Postmaster” with the subject of “Email Expired”. This phishing scam tells you that your e-mail account will shortly expire and uses scare tactics to convince you to “click” on a link to activate your email.

Information Technology will never send you this type of email, ask you to click on a link or provide your username or password. Do not respond to these emails or click on links.

If you have received mail that looks like this please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to the following addresses

help@sun.ac.za and sysadm@sun.ac.za.

Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

IT has set up a website page with useful information on how to report and combat phishing and spam. The address is: https://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

 

[Article by David Wiles]

 

[:]

Email

Tags: ,
Posted in Security | Comments Off on [:en]Phishing with subject “Email Expired”[:]

[:en]PHISHING: “Your Email Account Has Been Compromise”[:]

Monday, January 29th, 2018

[:en]

Please be aware that there are e-mails being sent from an outside e-mail address (@lasell.edu) with the subject  “Your Email Account Has Been Compromise” (including capitalisation of every word and a spelling mistake at the end)

The mail contains only the following:

Verify HERE

This is a phishing scam. Information Technology will never send an email like this, ask you to provide your username or password or require you to click on a link in an e-mail.

Here is an example of the phishing mail:


Many people, including students and staff can be easily fooled and manipulated by the social engineering tricks of the phishing scammers.

Once they fall victim to this phishing scam and the scammers have control of an university account, they will stop using the outside e-mail address.

Don’t become one of these victims. If you receive and e-mail with the subject “Your Email Account Has Been Compromise” and it seems that comes from a university account (like a student number, or even a known university colleague), do not respond to it, forward it or click on the link.

Report it to Information Technology’s Cyber-Security Team (details below) and then delete or move it in your Junk E-mail folder. You can use the Rules function in Outlook and Office365 Mail to delete all mail with those subject lines or senders.

Here are the instructions again:

If you have received mail that looks like this please immediately report it to Information Technology using the following method:

Send the spam/phishing mail to help@sun.ac.za and sysadm@sun.ac.za.

Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe): http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)

2. Use the Title “SPAM” (without quotes) in the Subject.

3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.

4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

IT have set up a website page with useful information on how to report and combat phishing and spam. The address is: https://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

 

[ARTICLE by David Wiles]

[:]

Email

Tags:
Posted in Security | Comments Off on [:en]PHISHING: “Your Email Account Has Been Compromise”[:]

[:en]Protect your personal information[:af]Beskerm jou persoonlike inligting [:]

Monday, January 29th, 2018

[:en]

Data Privacy Day, occurring every year on 28 January, is an international effort to empower individuals and business to respect privacy, safeguard data and enable trust. 

Over the past year the world saw many extensive data breaches across the world. This has accentuated the necessity for creating a greater awareness of protecting information. 

But why should we care about our information?

We are entering the next generation of technological advancement like the Internet of Things, which will connect devices in our schools, home and workplaces. This provides many opportunities, but consumers will have to learn to protect and secure their information. Your devices make it easy to connect to the world around you, but they can also track a lot of information about you and your family. 

How much information do you share online daily? We spend most of our day on the internet where all our actions are tracked and collected by the devices we use. This data is stored indefinitely and can be used at any time. 

The National Cyber Security Alliance in the United States have the following tips:

  1. Personal info is like money: value it, protect it. 
    Be thoughtful about who gets your information and how it’s collected through apps and websites. Delete unused apps, update others and review your app permissions.
  2. Share with care.
    Think before posting about yourself and others online. Review your social network friends and contact lists regularly.
  3. Own your online presence.
    Set the privacy and security settings on websites and apps. You can share information with only friends and family.
  4. Lock down your login.
    Make sure your accounts are secure. Don’t use a password only for bank accounts, email and social media. Use two-step authentication, bio-metrics or security keys.
  5. Keep a clean machine.
    Keep your software, operating systems (mobile and PC), anti-virus and apps updated to prevent data loss, infections and malware.
  6. Apply the golden rule. 
    Post only about others as you would have them post about you.
  7. Secure your devices.
    Every device should be secured with a password or strong authentication – finger swipe, facial recognition, etc. Imagine what someone could do with the information on your device if it got lost?
  8. Think before you app.
    Information about you, such as the games you like to play, your contact lists, where you shop and your location has tremendous value. Apps collect this information. A recent example is activity-tracking app, Strava’s privacy issue. 

FACT AND STATISTICS

  • 41% of Americans have been personally subjected to harassing behaviour online and one in five (18%) has been subjected to particularly severe forms of harassment online. 
  • 82% of cyber-stalkers use social media to find out where their potential victims live, where they go to school, etc.
  • Four in five US physicians have had cyber-attacks in their practices. Keep in mind that medical and health information is among the most sensitive and personal information about people. 

 

[SOURCE: https://staysafeonline.org and www.wikipedia.org]

[:af]

Data Privacy Day, vind elke jaar op 28 Januarie plaas en is ʼn internasionale poging om individue en besighede te bemagtig om privaatheid te beskerm, respekteer en ook om vertroue te bou.

Verlede jaar was daar verskeie omvangryke databreuke regoor die wêreld en vervolgens is daar ‘n groter bewustheid om informasie te beskerm.

Maar hoekom moet ons omgee oor ons inligting?

Met nuwe verwikkelinge soos die Internet of Things, `n fenomeen wat toestelle by die huis, werk en skool verbind, staan ons op die drumpel van nuwe tegnologie  Hoewel hierdie vooruitgang matelose geleenthede bied, beteken dit ook dat ons as gebruikers moet leer om ons inligting te beskerm en beveilig. Binne ʼn oogwink is jy deesdae verbind aan die res van die wêreld, maar dieselfde toestelle samel terselfdertyd inligting oor jou en jou familie in. 

Hoeveel inligting deel jy daagliks aanlyn? Ons bestee die grootste gedeelte van ons dag op die internet en alles wat ons doen word opgeneem en gedokumenteer deur ons toestelle. Hierdie versamelde data word vir ʼn onbepaalde tyd gestoor en kan enige tyd gebruik word. 

Die National Cyber Security Alliance in Amerika gee die volgende wenke: 

  1. Persoonlike inligting is soos geld: ken die waarde daarvan en pas dit op. 
    Wees bedag op wie jou inligting kry en hoe webwerwe en toepassings dit insamel. Verwyder die toepassings wat jy nie gebruik nie, sorg dat die ander op datum is en kyk gereeld na jou toepassings se verstellings. 
  2. Deel versigtig.
    Dink mooi voor jy iets oor jouself of iemand anders aanlyn plaas. Hersien gereeld jou vriende op sosiale netwerke en kontaklyste. 
  3. Bestuur jou aanlynteenwoordigheid.
    Stel die privaatheid- en sekuriteitsverstellings op webwerwe en toepassings na gelang van jou behoeftes. Jy hoef nie altyd alles met almal te deel nie.  
  4. Beskerm jou aantekenbesonderhede.
    Maak seker jou rekening is sekuur. Moenie slegs ʼn wagwoord gebruik vir bankrekeninge, e-pos en sosiale media nie. Gebruik `n twee-stap bekragtigingsproses, biometrie of sekuriteitsleutels. 
  5. Hou jou toestelle skoon.
    Hou die sagteware, bedryfstelsel, anti-virusprogramme en toepassings op jou selfoon en rekenaar op datum om dataverlies, infeksies en malware te voorkom. 
  6. Pas die goue reël toe. 
    As jy nie jou inligting geplaas wil hê nie, moet ook nie ander se inligting plaas nie. 
  7. Beveilig jou toestelle.
    Elke toestel moet beskerm wees met ʼn wagwoord of sterk bekragtigingsproses – vingervee, gesigherkenning, ens. Tot watter inligting sal iemand toegang hê as hulle jou toestel in die hande kry?
  8. Dink voor jy ʼn toepassing gebruik.
    Inligting oor jou, soos die speletjies wat jy speel, jou kontaklys, waar jy koop en waar jy bly, kan waardevol wees vir iemand anders. Toepassings, soos Strava, samel al hierdie inligting in. 

FEITE EN STATISTIEKE

  • 41% van Amerikaners is al aanlyn bedreig en een in elke 5 (18%) is al ernstig geteistering. 
  • 82% van kuberbekruipers gebruik sosiale media om uit te vind waar hulle potensiële slagoffers bly, waar hulle skool toe gaan, ens.  
  • Vier uit vyf US-dokterpraktyke was al slagoffers van kuberaanvalle.  Hou in gedagte dat mediese en gesondheidsinligting onder die mees sensitiewe en persoonlike inligting van ʼn individu tel.

[SOURCE: https://staysafeonline.org and www.wikipedia.org]

[:]

Email

Tags:
Posted in Security, Tips | Comments Off on [:en]Protect your personal information[:af]Beskerm jou persoonlike inligting [:]

[:en]OneDrive for Business: Anonymous file sharing[:af]OneDrive for Business: Anonieme deel van lêers    [:]

Monday, January 22nd, 2018

[:en]

Information Technology recently assessed our OneDrive for Business platform to ensure that no security risks exist for our users and network. During this assessment we identified a number of users who are currently using the anonymous sharing function (“Anyone with the link can view and edit”) on OneDrive.

With anonymous file sharing there is no control or record of who has access to the shared files. Anybody who has the link can access and/or edit the files. This poses a security risk for the University and our users. For this reason we are compelled to switch off anonymous usage.

From Thursday, 1 February 2018 you will no longer be able to share files anonymously on OneDrive. Sharing will still be possible with internal and external users, but at a higher security level.

Guides on best practices for sharing files on OneDrive is available www.sun.ac.za/itselfhelp under the Office365 section or directly on this page. If you are have any enquiries, please contact the IT Service Desk by emailing help@sun.ac.za or calling our Service Desk at 808 4367.

[:af]

Informasietegnologie het onlangs ons OneDrive for Businessplatform herevalueer om te verseker dat daar nie enige sekuriteitsrisiko’s vir ons gebruikers en netwerk is nie. Na aanleiding van die evaluering het ons ʼn aantal gebruikers geïdentifiseer wat die anonieme funksie (“Anyone with the link can view and edit”) op OneDrive gebruik om lêers te deel.

Indien lêers anoniem gedeel word, is daar geen beheer of rekord van wie toegang tot die gedeelde lêers het nie. Enige persoon met die skakel het toegang en kan inhoud verander. Dit bied ʼn hoë sekuriteitsrisiko vir die Universiteit en ons gebruikers. Gevolglik is ons verplig om die anonieme deel van lêers af te skakel.

Vanaf Donderdag, 1 Februarie 2018 sal jy nie meer lêers anoniem kan deel op OneDrive nie. Dit sal steeds moontlik wees om inligting te deel met interne en eksterne gebruikers, maar met ʼn strenger vlak van sekuriteit.

Handleidings vir die beste praktyk vir deel van lêers op OneDrive is beskikbaar by www.sun.ac.za/itselfhelp onder die Office365 afdeling of direk op hierdie bladsy. Indien jy enige navrae het, kontak asb. die IT Dienstoonbank deur e-pos te stuur aan help@sun.ac.za of 808 4367 te skakel.

[:]

Email

Tags:
Posted in Connectivity, General, Internet, Security | Comments Off on [:en]OneDrive for Business: Anonymous file sharing[:af]OneDrive for Business: Anonieme deel van lêers    [:]

[:en]Phishing: PSG “Your profile details will expire”[:]

Monday, January 22nd, 2018

[:en]

There is currently a phishing email making the rounds claiming to be from PSG Wealth.

Be on the lookout for an email requesting you to update your personal information, as your PSG online “profile details will expire”. The link redirects users to a page that looks like the PSG securities trading website, but is a clever forgery.

PSG have assured us that they will never send you an email asking to provide sensitive information online. So it is important to check the validity of any such emails before you respond to requests like these.

Below is an example of one such mail:

There are 3 obvious signs that this mail is fraudulent:

  • The sender´s email address (`from´ address) is disguised to look like it comes from PSG Wealth. The message is actually sent from a different address that does not match our PSG email addresses (using an @psg.com.sa address instead of an @psg.co.za address).
  • The recipient is not specified.
  • The website link provided is not to a PSG domain address and the website is not indicated as being secure. (no little padlock icon or https: in the URL)

What should you do if you have already provided your details in responding to this phishing scam?

If you responded to such an email, login to your account by typing psg.co.za into your browser window and reset your password immediately.

Continue to monitor your account for any unauthorised transactions and alert PSG immediately if you note any suspicious transactions.

Avoid becoming a victim in future: (This applies to all phishing scams, not just this fraudulent scam)

  • Type in website addresses – do not follow links embedded in emails.
  • Do not reuse passwords, especially for financial sites. 
  • Do not click on attachments, unless you know who they are from and are expecting the document in question.
  • Never part with your login details.

If you are not sure that a request for information is legitimate, rather contact the company to verify its authenticity.

~~~

Report the spam/phishing mail to the following addresses:
help@sun.ac.za and sysadm@sun.ac.za. 

Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx
1. Start up a new mail addressed to sysadm@sun.ac.za  (CC: help@sun.ac.za)
2. Use the Title “SPAM” (without quotes) in the Subject.
3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
4. Send the mail.

[Article by David Wiles]

[:]

Email

Tags:
Posted in E-mail, Security | Comments Off on [:en]Phishing: PSG “Your profile details will expire”[:]

« Older Entries
Newer Entries »