SEARCH

  • [:en]Recent Posts[:af]Onlangse bydraes

  • [:en]Categories[:af]Kategorieë

  • [:en]Archives[:af]Argiewe

Security

« Older Entries
Newer Entries »

[:en]Warning about DirectAxis Financial Services spam[:]

Wednesday, July 19th, 2017

[:en]

There have been reports of personnel and students getting numerous “spam” messages from DirectAxis Financial Services offering financial loans at 5% interest. This email is sent from a number of  “throwaway” e-mail addresses like outlook.com, Hotmail and webmail.co.za.

Some students and personal are struggling to manage their finances and these “offers” can be very tempting.

There are usually attached PDFs with each message where the company advertises loans and abnormally low-interest rates, and although currently there is no embedded malware or links to servers where you would be asked to give your user name and password, the spammers nevertheless ask you for your ID NUMBER, Full Names, Occupation, Monthly income and Contact details, which can be used for identity theft.

Although DirectAxis is a legitimate South African microlender, in the past, their company letterhead has been forged and used by criminals to commit fraud. Secondly, this particular Company has a number of charges against it by the Direct Marketing Association of South Africa for using ”spam databases” to spam millions of South Africans with their adverts. This puts them in violation of the “Protection of Personal Information Act” [http://www.justice.gov.za/legislation/acts/2013-004.pdf]

Don’t be fooled by companies offering you loans at a ridiculously low-interest rate (Here are some handy tips to spot frauds)

  • Any company that says it doesn’t care about your credit history has no intention of lending you money. A legitimate lending institution wants to know whether you pay your bills on time and in full. It needs some assurance that you’ll repay what you borrow.
  • Search the business’ website for an address where it legally does business. Lenders and loan brokers must be registered in the country where they conduct business.
  • One should never pay to get a personal loan. Many scammers ask borrowers to provide a prepaid debit card for insurance, collateral or fees.
  • Make sure a padlock icon appears somewhere on the web pages where you’re asked to type in personal information. Don’t override any warning saying a site’s security certificate has expired and pay attention to the URLs you click on.
  • When you find a lender online, go through the site to determine its physical location. Do they provide a street address? However it may be a fake! If you don’t find any indication of their location, you should avoid the lender.
  • Some websites appear to offer different types of personal loans but aren’t actually lenders, but sell your personal information to other loan companies. Many “microlenders” merely collect your personal and financial information for other companies.
  • Don’t fall for the “Act Now” urgency plea. Many criminals often give you a deadline and say their offer won’t exist tomorrow.

[Article by David Wiles]

[:]

Email

Tags:
Posted in E-mail, Security | Comments Off on [:en]Warning about DirectAxis Financial Services spam[:]

[:en]Defeat ransomware: Backup your data[:af]Fnuik ransomware: Rugsteun jou data[:]

Wednesday, July 5th, 2017

[:en]

The destructive Petya ransomworm caused destruction and major interruptions of services around the world last week. Unfortunately, it’s becoming progressively more difficult to avoid these attacks as cybercriminals become more clever and inventive in their methods. While there are ways to prevent that you fall prey to such an attack, there’s one thing you can do which will ensure that you are safe. And it’s not technical or difficult to do.

Once a week, backup all your data. Yes, this is a menial, boring administrative task – and we all hate those, but by ensuring that your data is safe and sound elsewhere, it won’t matter if your PC is infected by ransomware or any other malware. If you do lose your data, you will have another version available. 

Here are a few quick tips to help you:

  1. Choose one day a week which suits you and make an appointment in your diary to do a weekly backup.
  2. Try not to overwrite your previous backup. Rather make consecutive copies in various folders on your external hard drive or on your network space and name each with the particular day’s date. If any of the documents become corrupt for some reason, you can always fall back on a previous version.
  3. Regularly check that the medium on which you made your backup is still in working order and you’re able to access your documents.
  4. Use more than one backup medium, for example, your network space AND an external hard drive.

Where should you backup data?

  1. Each staff member has access to his/her own network space (usually the h-drive) where you can save an allocated amount of data for free. You have 1GB at your disposal to backup your most critical documents. At an extra cost of R10-00 per 1GB this space can also be increased. This network space is also available via the web at storage.sun.ac.za if you find yourself away from the SU network. 
  2. On your departmental network space (usually the g-drive). The departmental drive can be used for files used by more than one person and 15GB is allocated to each department. SharePoint can also be used by groups for sharing documents.
  3. OneDrive allows each staff member 5TB of storage space. This is available via the Office365 suite. https://portal.office.com/
  4. If you choose to have your data close at hand, get yourself an external hard drive. Never save important data on a flash drive – its sole function is for transporting data from one device to another and is not a dependable medium for backup. Just ensure that these devices are stored somewhere else (not also in your office) or in a safe. If confidential, SU documents are kept on an external hard drive, files have to be protected with a password or encrypted. Keep in mind that if you lose the password, not even IT can salvage your data.
  5. Alternatively, you can save data in the cloud. We’ve already mentioned OneDrive, but GoogleDrive or Dropbox are also examples of this. It is extremely important that cloud storage is only for personal use, not for any academic information or sensitive data. Also keep in mind that if you use more than one device, you have to sync data across devices and this will incur costs.

More tips on backups, as well as activating Windows’ automatic backup function on www.backblaze.com.

 

 

[:af]

Die vernielsugtige ransom-wurm Petya het laasweek verwoesting regoor die wêreld gesaai en vele kritiese dienste onderbreek. Ongelukkig raak dit toenemend meer moeilik om hierdie tipe aanvalle te vermy, aangesien kuberkriminele slimmer raak en al meer inisiatief aan die dag lê. Hoewel daar maniere is om te voorkom dat jy in die ransomware-slaggat trap, is daar een ding wat jou sonder twyfel sal beskerm. En dis nie te tegnies of te moeilik om te doen nie.

Rugsteun jou data eenmaal ʼn week. Ja, dis ʼn vervelige, sieldodende, administratiewe taak en ons almal haat admin ewe veel – maar deur net dit te doen, verseker jy dat jou data veilig is. Selfs al word jou rekenaar oorgeneem deur ransomware of enige ander malware, het jy ekstra weergawes daarvan beskikbaar elders.

Hier is ʼn paar vinnige wenke om jou te help:

  1. Kies een dag in die week wat jou pas en skeduleer ʼn afspraak in jou dagboek om ʼn weeklikse rugsteun te doen. 
  2. Probeer om nie oor vorige rugsteundokumente te skryf nie.  Maak eerder opeenvolgende kopieë in verskeie vouers op jou eksterne hardeskyf of netwerkspasie met elkeen se datum as beskrywing. Indien enige van die dokumente korrup word, sal daar altyd ʼn vorige weergawe beskikbaar wees. 
  3. Gaan gereeld jou rugsteun-medium na en maak seker dat dit nog in ʼn werkende toestand is en jy toegang tot jou dokumente kan kry. 
  4. Gebruik meer as een rugsteun-medium, byvoorbeeld jou netwerkspasie EN ʼn eksterne hardeskyf. 

Waar moet jy jou data rugsteun?

  1. Elke personeellid het toegang tot sy/haar eie netwerkspasie (gewoonlik die h-skyf) waar jy ʼn vasgestelde hoeveelheid data gratis kan stoor. Jy het 1GB tot jou beskikking om die mees kritiese dokumente te stoor. Die spasie kan ook vermeerder word teen ʼn ekstra koste van R10-00 per 1GB. Jou netwerkspasie is ook beskikbaar via die web by storage.sun.ac.za indien jy nie op kampus is nie.
  2. Departementele netwerkspasie (gewoonlik die g-skyf). Die departementele netwerkspasie kan gebruik word vir leêrs wat deur meer as een persoon gebruik word en 15GB word aan elke departement toegeken. SharePoint kan ook deur groepe gebruik word om dokumente te deel.
  3. OneDrive bied 5TB stoorspasie per personeellid. Hierdie diens is beskikbaar via die Office365 suite. https://portal.office.com/
  4. Indien jy verkies om jou data naby te hou, kry vir jou ʼn eksterne hardeskyf. Moet nooit belangrike data op ʼn flitsskyf stoor nie – die enigste doel daarvan is om data van een toestel na ʼn ander te skuif. Dis nie ʼn betroubare rugsteun-medium nie. Maak ook seker dat jou rugsteun-mediums elders gebêre word of in ʼn kluis (nie in jou kantoor nie). Indien jy US-dokumente op ʼn eksterne hardeskyf stoor, MOET dit met ʼn wagwoord beveilig word of enkripteer word. Hou ook in gedagte dat indien jy die wagwoord verloor, IT nie jou data weer sal kan opspoor nie.
  5. Laastens kan jy ook jou data in die wolk stoor. OneDrive is een voorbeeld van wolkberging, maar GoogleDrive of Dropbox is ander opsies. Wolkberging is slegs vir persoonlike gebruik en nie vir enige akademiese of sensitiewe data nie. Onthou ook dat, indien jy meer as een toestel het, jou data op alle toestelle sinkroniseer moet word en kostes noodwendig betrokke is. 

Vir meer wenke en hoe om Windows se outomatiese rugsteun-funksie te aktiveer, lees gerus op www.backblaze.com.

 

[:]

Email

Tags: ,
Posted in E-mail, Security, Tips | Comments Off on [:en]Defeat ransomware: Backup your data[:af]Fnuik ransomware: Rugsteun jou data[:]

[:en]Phishing email: “Password Expiry” from Information Technology[:]

Friday, June 30th, 2017

[:en]

This morning’s attempt at fooling users into divulging personal information like usernames, e-mail addresses and passwords and attempts to disguise itself as an email from the “ITS help desk”

Here is what it looks like: (We have removed the dangerous parts)

From: Karen L. Mcdonah [mailto:spoofed or compromised e-mail address]

Sent: Thursday, 29 June 2017 17:41

To: Karen L. Mcdonah <spoofed mail to disguise the sender>

Subject: IT SERVICE DESK

Your password Will Expire In The Next TWO HOURS Current Mail User Should Please Log On To IT-WEBSITE To Validate Your E-mail Address And Password, Or Your E-mail Address Will Be Deactivated. Thank You.

ITS help desk

ADMIN TEAM

©Copyright 2017 Microsoft

All Right Reserve

That is it. The classic signs of a phishing email should be obvious.

  1. Unknown or undisclosed sender.
  2. Disguised to make it look like it comes from a legitimate sender (like Information Technology)
  3. Threatening or intimidating users into doing something quickly without checking.
  4. Poor grammar and spelling.
  5. Encourages users to click on a link in the email (which takes them to a server under the control of the criminals where they are asked to provide usernames, email addresses and old and new passwords)
  6. The phishing server is not encrypted (http:// instead of https://) so passwords and user data are captured in plain readable text.

Here is what the phishing site looks like. It uses a “throw-away” website provider. The criminals will use this site for a couple of hours and then close it once they have obtained their intended victim’s personal data. (which makes it financially very lucrative!)

 

[ARTICLE BY DAVID WILES]

 

 

[:]

Email

Tags:
Posted in E-mail, Security | Comments Off on [:en]Phishing email: “Password Expiry” from Information Technology[:]

[:en]Petya wreaks havoc worldwide[:af]Petya saai wêreldwyd verwoesting[:]

Wednesday, June 28th, 2017

[:en]

A serious ransomware attack, similar to WannaCry, has reached Asia after spreading from Europe to the US, hitting businesses, banks, airports, power stations, port operators and government systems. This ransomware is being described by the press and security researchers as “Petya Ransomware.”  Read more on Fin24.

Ransomware is a type of computer virus usually downloaded that attacks and takes over a computer, sometimes installing a password or encrypting the entire hard drive, preventing any access. The victim is then extorted for money, usually payable in Bitcoin, in order to unlock their precious data.”

“This is a new generation of ransomware designed to take timely advantage of recent exploits. This current version is targeting the same vulnerabilities that were exploited during the recent Wannacry attack this past May. This latest attack, known as Petya, is something we are referring to as a ransomworm. In this variant, rather than targeting a single organization, it uses a broad-brush approach that targets any device it can find that its attached worm is able to exploit.” (www.blog.fortinet.com)

While many of you might not be too concerned about this attack, since it originally happened in Ukraine, a small country on the other side of the world, the nature of the Internet and the fact that we are all connected in some way or another, means that it will only be a matter of time before we start to experience attacks on South African soil. There are already reports of infected emails from the Ukraine attack being detected in parts of Western Europe and the USA. 

This attack seems to have began with a extensive phishing attack of emails sent out with infected Excel attachments, or a Trojan virus that attempts to disguise itself as a type of Microsoft Excel online document. Once opened the infected attachment will gain control over the victim’s computer and start encrypting the hard drive contents, preventing any access.

To ensure that you don’t fall prey to this attack, you can follow these instructions from Microsoft.

Please be wary of emails that come from unknown sources, (or even from senders who are unaware that their computers are controlled by ransomware and are busy sending out infected emails.) especially if they have .XLS, .PDF and .HTML attachments or ask you to login to verify details or click on links.

  • The best defense against ransomware is to outwit attackers by not being vulnerable to their threats in the first place. This means backing up important data daily, so that even if your computer gets infected, you won’t be forced to pay to see your data again. Do you have a backup of ALL your important data? Operating systems can be easily rebuilt or reinstalled – your personal data cannot.
  • Be aware of emails that carry a malicious attachments or instruct you to click on a URL.
  • Watch out for “malvertising” – this involves compromising an advertiser’s network by embedding malware in ads that get delivered through web sites you know and trust. Ad blockers are one way to block malicious ads, and patching known browser security holes will also thwart some malvertising. Is your computer up-to-date?
  • Finally, don’t be trigger-happy and click on links, no matter how legitimate they might look. Think first before clicking. If you have doubts about an email, phone up the IT HelpDesk and find out or ask your local computer geek for their opinion.

Many of you are on holiday and at home where your protection *might* not be a good as what we enjoy at the university. 

[ARTICLE BY DAVID WILES]

[:af]

ʼn Ernstige ransomware-aanval, soortgelyk aan WannaCrypt0r/WannaCry, het gisteraand Asië bereik nadat dit van Europa na Amerika versprei het. Verskeie groot besighede, hawens, banke, lughawens, kragstasies en regeringstelsels is swaar getref. Hierdie ransomware word deur die pers en sekuriteitsnavorsers beskryf as “Petya”. 

Ransomware is ʼn tipe rekenaarvirus wat afgelaai word en rekenaars aanval en oorneem. Soms installeer dit ʼn wagwoord of enkripteer die hele hardeskyf en belemmer enige toegang tot data. Die slagoffer word gevolglik gevra vir geld, gewoonlik betaalbaar d.m.v. Bitcoin, indien hy/sy data terug wil kry. 

“This is a new generation of ransomware designed to take timely advantage of recent exploits. This current version is targeting the same vulnerabilities that were exploited during the recent Wannacry attack this past May. This latest attack, known as Petya, is something we are referring to as a ransomworm. In this variant, rather than targeting a single organization, it uses a broad-brush approach that targets any device it can find that its attached worm is able to exploit.” (www.blog.fortinet.com)

Aangesien die betrokke aanval oorspronklik in Ukraine, ʼn klein landjie aan die ander kant van die wêreld, gebeur het, is dit maklik om te ignoreer. Maar weens die aard van die Internet en die feit dat ons almal verbind is, beteken dit dat Suid-Afrika ook bereik kan word. Petya is intussen ook in Wes-Europa en Amerika opgemerk.

Dit blyk of Petya begin het met `n deeglike phishing-aanval deur e-posse met aangehegde, besmette Excel aanhangsels of ʼn Trojaanse virus in die vorm van ʼn aanlyn Microsoft Excel dokument. Sodra die aanhangsel oopgemaak word, neem dit die ontvanger se rekenaar oor, enkripteer die hardeskyf en verhoed dat jy toegang het tot jou data.

Rekenaars op die SUN-domain kan beskerm word deur die volgende instruksies van Microsoft te volg:

Wees versigtig vir e-posse van onbekende bronne, veral as dit .XLS, .PDF en .HTML aanhangsels het of jou vra om aan te teken en jou details te bevestig of op skakels te kliek.

  • Die beste beskerming teen ransomware is om nie jouself kwesbaar te laat nie. Dit beteken dat jy jou data gereeld moet rugsteun, sodat, indien jou rekenaar besmet word, jy steeds toegang daartoe elders kan kry. 
  • Wees versigtig vir e-posse met gevaarlike aanhangsels of wat vra dat jy op skakels kliek. 
  • Oppas vir “malvertising” – malware wat versteek word in advertensies op webwerwe wat jy ken en vertrou. Advertensieblokkers kan help om advertensies te blok en om te sorg dat jou webblaaier tot op datum opdateer is, sal ook keer dat daar sekuriteitsgapings is.  
  • En laastens, moenie kliekmal wees en op enigiets kliek nie – al lyk dit hoe oortuigend. Dink voor jy kliek. As jy twyfel, kontak die IT Dienstoonbank. 

[ARTIKEL DEUR DAVID WILES]

[:]

Email

Tags: , ,
Posted in E-mail, Security | Comments Off on [:en]Petya wreaks havoc worldwide[:af]Petya saai wêreldwyd verwoesting[:]

[:en]Phishing scam disguised as a Standard Bank account statement[:]

Monday, June 19th, 2017

[:en]

We all regularly get phishing scams on our mail boxes, and normally they do not pose a threat if we are not Standard Bank customers. However, if any of you are Standard Bank customers, then there might be a risk.

Today’s phishing mail comes from a forged e-mail address like info@standardbank.co.za.

The Subject line is usually: “Standard Bank: Account Statement June-2017” (or iterations of the month and year)

The body of the e-mail contains variations of the following:

Dear Customer

Attached to this e-mail is your Standard Bank account statement.

Click the download button and follow the easy instruction.

Regards
Standard Bank

 

There will be an HTML file attached which if you do double-click to open up, will give you a forged login page similar to the following, where you will be asked to fill in your bank card details, your PIN and your password – and if you are fooled, the scammers will gain access to your bank account.

The dangerous thing about this particular version is that there is a small JavaScript code embedded in the HTML file, which will run as soon as you visit the forged site, and will trigger and attempt to download malware onto your computer to steal data like passwords, bank account details, or to turn your computer into a “zombie” under their control to send out further email or to attack the university from within the network.

This week it might be Standard Bank, next week it might be ABSA or FNB or Nedbank. Phishing scammers are constantly changing their tactics.

Here are 5 easy tips to spot most phishing scams:

  1. The sender’s e-mail may appear to be legitimate. It is easy for the criminals to forge an address to make it look like it is coming from the bank.
  2. The e-mail is addressed to “Dear Customer”, with no specific name being mentioned. (Banks have enough information of their customers to be able to address you personally!)
  3. Hovering your mouse cursor over any links will show a fraudulent URL – not the bank’s trusted web address.
  4. The e-mail contains a link to ‘Logon” or “Update Details”. Banks will not ask you to access Internet banking directly through an e-mail.
  5. The contents of the e-mail will be vague or reference a specific transaction which you would not normally conduct or receive.

The university’s spam and phishing filters are quite effective in blocking these forms of phishing emails, but common sense and becoming informed should always be your first line of defence!

[ARTICLE BY DAVID WILES]

[:]

Email

Tags:
Posted in E-mail, Security | Comments Off on [:en]Phishing scam disguised as a Standard Bank account statement[:]

« Older Entries
Newer Entries »