SEARCH

  • [:en]Recent Posts[:af]Onlangse bydraes

  • [:en]Categories[:af]Kategorieë

  • [:en]Archives[:af]Argiewe

Security

« Older Entries
Newer Entries »

[:en]SMiShing: Now on your phone[:af]SMiShing: Nou op jou selfoon[:]

Tuesday, August 1st, 2017

[:en]

According to McAfee SMiShing is:

“…  a version of phishing in which scammers send text messages rather than emails, which appear to have been sent by a legitimate, trusted organization and request that the recipient clicks on a link or provide credentials in a text message reply. The term is a condensed way of referring to “short message service phishing,” or “SMS phishing.””

Over the past few years, we’ve learnt not to trust emails, fearing we’ll become victims of phishing fraud. Most people by now know not to click on links in emails. With SMS’s you can’t preview links as in emails, which increases the possibility of clicking on it out of curiosity. Unfortunately, human behaviour is the greatest threat to cyber security and it’s something that cannot be controlled by IT security staff. 

Criminal hackers had to find another way to trick users into revealing personal information. As we start using more and more mobile devices, the potential for possible platforms increases. Additionally, if you use your devices at home and at work, you also put the university at risk when you are a victim of either phishing or smishing. At the university, there are thousands of staff and students using various devices, all at risk of being infected. 

How do they do it?

Hackers have access to software that generates cell phone numbers based on area codes, they then plug into a cell phone service provider’s extension and generate the remaining numbers with the software. By means of a mass email text message service, messages are distributed. Text messages will contain a link which installs keyloggers or link to malicious websites which harvests your personal information. Other text messages trick the receiver into calling numbers, leading to outrageous phone bills. (Also see the latest Wangiri scam) Yet another type will trick you into thinking you’ve subscribed to a service. When you try to unsubscribe, you’ll be billed for using the service.  Some text messages will download spyware which can see everything you do on your phone.

How to avoid it

  1. Know how this kind of scam works. You’ll be able to recognise it easier. 
  2. Don’t reply to text messages from numbers you don’t know, especially if it asks for personal information.
  3. Even if it’s a message from a friend, make sure it’s legitimate. Your friend could have been hacked. Check with them first.
  4. Install security on your phone, for example, a VPN, anti-virus and spyware.
  5. Never install apps from text messages. Rather go to the app store where you know the software has been tested and verified. (e.g. Google Play)
  6. If you’re unsure if a text message is safe, don’t open it.
  7. If you didn’t sign up for a service, ignore the message.

 

‘Smishing’ scams target your text messages. Here’s how to avoid them from CNBC.

[SOURCES: www.webopedia.com; CNBC; www.bbc.com; www.norton.com; www.consumeraffairs.com; www.mcafee.com]

 

[:]

Email

Tags:
Posted in Communication, Security | Comments Off on [:en]SMiShing: Now on your phone[:af]SMiShing: Nou op jou selfoon[:]

[:en]Wangiri fraud on the rise[:af]Wangiri-bedrog neem toe[:]

Monday, July 31st, 2017

[:en]

According to MyBroadband Vodacom, MTN, and Cell C have seen an increase in Wangiri phone fraud in South Africa. South African mobile subscribers recently reported that they are receiving an increasing volume of missed calls from unknown international numbers. Calls originate from across Africa and Europe, including Guinea, France, and Belgium.

Wangiri is a form of phone fraud which originated in Japan. Wangiri translates to “one (ring) and cut”. The racketeers hire a premium rate number from a telecom service provider and call random phone numbers via an auto dialer function, letting it ring once and then disconnecting the call. An automatic dialer (auto dialer) is an electronic device or software that automatically dials telephone numbers. Once the call has been answered, the auto dialler either plays a recorded message or connects the call to a live person. (Wikipedia)

A missed call shows on the victim’s phone and he returns the call since he believes the call was intended for him. Subsequently, he ends up paying an exorbitant amount which goes into the account of the scammers.

Both CellC and MTN have sent their customers a warning not to return any missed calls. Do not call back a number you do not recognise. If it is a legitimate call, the caller will call you back or leave a voicemail. 

Wangiri is just one example of phone fraud. Read more on other variations on Wikipedia.

[SOURCES: https://readstudyshare.wordpress.com; www.wikipedia.com]

[:af]

Volgens MyBroadband het Vodacom, MTN, en Cell C ʼn toename in Wangiri foonbedrog in Suid-Afrika opgemerk. Suid-Afrikaanse selfoongebruikers het ook berig dat hulle toenemend meer verbeurde oproepe van onbekende internasionale nommers ontvang. Oproepe kom van regoor Afrika en Europa, onder andere Guinee, Frankryk en België.

Wangiri is ʼn tipe foonbedrog wat aanvanklik in Japan ontstaan het. Wangiri kan vertaal word as “one (ring) and cut”. Die misdadigers huur ʼn premium-tarief nommer van `n telekommunikasie diensverskaffer  en skakel lukrake nommers deur middel van ʼn outomatiese skakelaar. Die telefoon lui slegs een keer en daarna word die telefoniese verbinding verbreek.

ʼn Outomatiese skakelaar is ʼn elektroniese toestel of programmatuur wat outomaties telefoonnommers skakel. Sodra die oproep beantwoord word, sal die outo-skakelaar normaalweg ʼn opgeneemde boodskap speel of jou verbind aan ʼn persoon. (Wikipedia)

ʼn Verbeurde oproep vertoon op die slagoffer se foon en hy skakel terug aangesien hy dink dat dit vir hom bedoel was. Gevolglik betaal hy `n buitensporige bedrag wat reguit in die misdadigers se rekeninge inbetaal word. 

Beide CellC en MTN het hulle kliënte versoek om nie enige verbeurde oproepe te beantwoord nie. Moenie ʼn nommer terugbel wat jy nie herken nie. Indien dit ʼn regte oproep is, sal die persoon jou terugbel of ʼn stempos los. 

Wangiri is slegs een voorbeeld van foonbedrog. Lees meer oor die ander variasies op Wikipedia.

 

[BRONNE: https://readstudyshare.wordpress.com; www.wikipedia.com]

[:]

Email

Tags:
Posted in Communication, Security | Comments Off on [:en]Wangiri fraud on the rise[:af]Wangiri-bedrog neem toe[:]

[:en]PHISHING: SABC TV Licence payment request[:]

Wednesday, July 26th, 2017

[:en]

The SABC slogan goes: “Pay your TV licence. It’s the right thing to do” or something to that effect. Falling for this phishing scam, will NOT be the right thing to do.

This phishing scam from the “SABC” about payment of your TV Licence, is very clever as it uses a so-called encrypted-PDF to capture data like the victim’s ID Number, Passport Number or Company Registration number. Once the data is captured, it asks you for banking account details etc. to do the “payment” for a TV Licence. The data is captured by the PDF, which is then sent to a server controlled by the criminals, who will use it to defraud them of their money.

This is what the phishing email looks like (with the dangerous parts removed):

From: forged_address@lettersonline.co.za [mailto:forged_address@lettersonline.co.za]
Sent: Monday, 24 July 2017 13:14
To: University, Address <noreply@sun.ac.za> <noreply@sun.ac.za>

Subject: SABC requires you to make payment on your TV license account

Hi,
Please find attached correspondence for your attention. The attachment is password protect.

The password for the attachment will be one of the following three options:
1. Your ID Number
2. Your Passport Number
3. Your Company Registration Number

Kind Regards
LettersOnline Team

The PDF attachment will ask you for a password if you open it.  Do not open or enter any details on this PDF. The SABC will never send you an email with a link or attached file to demand that you pay your licence. Neither will they send an unbranded mail or with no personalised salutation.

[Article by David Wiles]

[:]

Email

Tags: ,
Posted in E-mail, Security | Comments Off on [:en]PHISHING: SABC TV Licence payment request[:]

[:en]PHISHING: Exceeded mailbox limit[:]

Monday, July 24th, 2017

[:en]

This week’s Monday morning phishing scam is in the form of a rather poorly worded “WARNING” about exceeding the limit of your email.

The three exclamation marks (!!!) in the Subject line should immediately be a warning. Just because it comes from “Stellenbosch University Upgrade Team 2017” doesn’t guarantee that it is genuine!

Here is what the phishing email looks like (With the dangerous parts removed):

From: Stellenbosch University Upgrade Team 2017 [mailto:forged_address@webmail.co.za]

Sent: Monday, 24 July 2017 10:49 AM

Subject: Urgent Notification !!!

Urgent notification ,

You have exceeded your mail limit , Your account will be blocked from sending and receiving messages if your account is not been upgraded, upgrade your account free now Via the weblink Below :

http://dont_click.on.this.link

If your account have been upgraded please ignore this, this is for all student and stafs please Thank you.

Webmail © 2017

Email: forged_address@webmail.co.za

Here are # tips below can help you spot a  phishing scam:

  1. Unofficial “From” address. Look out for a sender’s email address that is similar to, but not the same as, a company’s official email address. These email addresses are meant to fool you.
  2. Urgent action required. Fraudsters often include urgent “calls to action” to try to get you to react immediately. Be wary of emails containing phrases like “your account will be closed,” “your account has been compromised,” or “urgent action required.” The fraudster is taking advantage of your concern to trick you into providing confidential information.
  3. Generic salutation. Fraudsters often send thousands of phishing emails at one time. They may have your email address, but they seldom have your name. Be sceptical of an email sent with a generic greeting such as “Dear Customer” or “Dear Member”.
  4. Link to a fake web site. To trick you into disclosing your user name and password, fraudsters often include a link to a fake web site that looks like (sometimes exactly like) the sign-in page of a legitimate web site. Just because a site includes a company’s logo or looks like the real page doesn’t mean it is!
  5. Spelling errors, poor grammar, or inferior graphics.
  6. Requests for personal information such as your password, user name, or bank account or credit card number. Legitimate companies will never ask you to verify or provide confidential information in an unsolicited email.
  7. Attachments (which usually contain viruses, malware or ransomware).

If you have received mail that looks like this please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to the following addresses

help@sun.ac.za and sysadm@sun.ac.za as well.

Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe): http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new email addressed to sysadm@sun.ac.za (CC: csirt@sun.ac.za and help@sun.ac.za
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the email as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the email.

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private email accounts (especially if you use the same passwords on these accounts.)

[Article by David Wiles]

 

[:]

Email

Tags:
Posted in E-mail, Security | Comments Off on [:en]PHISHING: Exceeded mailbox limit[:]

[:en]PHISHING: “Re: betaling aan jou rekening”[:]

Wednesday, July 19th, 2017

[:en]

About a year ago a new version of the ABSA Bank phishing email hit the university email server. What was new about this version was that the email was in Afrikaans. Although the Afrikaans was not perfect with some spelling and grammar mistakes, it still could have fooled many people, because of the “familiarity” component.

Stellenbosch University still uses a lot of Afrikaans as its primary official communications medium, and many automated systems like the Financial system use Afrikaans to inform users of payments etc. While there is nothing wrong with this, phishing scammers have latched onto this and are now attempting to fool people into divulging their personal details using Afrikaans in their phishing e-mails.

We were warned early this morning about an email that was originating from UCT with dangerous content, and almost immediately the UCT phishing emails started arriving.

Here is what to look out for:

Mail will arrive from a forged or compromised “UCT address” that will look like this:

From: Anna Huang [mailto:forged_address@myuct.ac.za]
Sent: 19 July 2017 10:53 AM
To: Recipients <forged_address@myuct.ac.za>
Subject: Re: betaling aan jou rekening

Goeiemore,

Vind aangehegte betalingsbewys.

Dankie

Disclaimer – University of Cape Town This e-mail is subject to UCT policies and e-mail disclaimer published on our website at http://www.uct.ac.za/about/policies/emaildisclaimer/ or obtainable from +27 21 650 9111. If this e-mail is not related to the business of UCT, it is sent by the sender in an individual capacity. Please report security incidents or abuse via csirt@uct.ac.za

The disclaimer from the University and the Afrikaans could fool some people if they are not careful.

The dangerous part is actually an attached html files (sometimes it might look like a PDF) that will present you with a login page where you will be asked to give your e-mail address and your password to “view this payment”

The login page will look like this, in this version:

The actual server’s address is also hidden by encoding it, so to the untrained eye, nothing will look suspicious. This is a typical phishing scam, but with the “sender” coming from a neighbouring academic institution, and the language being Afrikaans, we need to be even more alert.

[Article by David Wiles]

 

 

[:]

Email

Tags:
Posted in E-mail, Security | Comments Off on [:en]PHISHING: “Re: betaling aan jou rekening”[:]

« Older Entries
Newer Entries »