SEARCH

  • [:en]Recent Posts[:af]Onlangse bydraes

  • [:en]Categories[:af]Kategorieë

  • [:en]Archives[:af]Argiewe

Security

« Older Entries
Newer Entries »

[:en]Fake FNB e-mail being circulated[:]

Monday, June 19th, 2017

[:en]

Our week starts off with the latest spam e-mail, one from FNB requesting that you activate your card. Of course this isn’t legitimate, even if it looks fairly convincing. Note the :-) in the subject line. This alone should be a dead giveaway. No bank will (we hope) communicate with emoticons.

The link in the e-mail will lead you to a temporary file in your browser where you have to fill in your details.  Please ignore and delete this e-mail if you receive it. If you are a FNB customer and at any time, receive any e-mails you are not sure about, rather phone your bank directly and confirm.

If you receive any similar phishing e-mails, please forward then to sysadm@sun.ac.za as an attachment. This way we can add it to our spam filter and ensure no-one else receives them. 

See the example of the FNB e-mail below. (Malicious links were deactivated)

…………………………………………………………………………………………………………………………
Date: Thu, 15 Jun 2017 23:41:08 +0000
From: inContact <fakeaddress@fnb.co.za>
To: Recipients <fakeaddress@fnb.co.za>
Subject: FNB :-) Account Card Activation Request   16Jun 00:00
x-spam-score: -89.7 (—————————————————)

[– Attachment #1 –]
[– Type: text/plain, Encoding: base64, Size: 0.7K –]

Dear  Valued Card Holder,

As Directed by South African Credit Card Authorities, All card holders as advised to register their FNB cards on the new security platform to avoid your account from being compromised and also
+deactivated.

To reactivate your Credit / debit Card Kindly click on the below ATTACHED and follow instructions.

SEE ATTACHED TO REACTIVATE / REGISTER YOUR FNB CARD

*NOTE: Failure to do this will lead to suspension of your ATM Card.*

Copyright c 2017 Inter-Switch Limited

Thank you.
Administrator

………………………………………………………………………………………………………………………..

 

[:]

Email

Tags: , ,
Posted in E-mail, Security | Comments Off on [:en]Fake FNB e-mail being circulated[:]

[:en]Phishing scam with subject “YOUR EMAIL HAS BEEN COMPROMISED”[:]

Tuesday, June 13th, 2017

[:en]

On the 17 April this year we sent out a warning to you about a phishing scam warning you “YOUR EMAIL HAS BEEN COMPROMISED” and giving you a link to “Certify your email HERE”

The mail was sent from a student account that has ALREADY really been compromised, by the criminals and they might already be using the account to launch further attacks.

Just because mail seems to come from a university address, doesn’t mean to say that it is legitimate.

The subject line is all in capital letters and is meant to frighten you into clicking on a link and filling in your details. This was probably how the original student account was compromised.

This is a typical phishing scam. Do not respond or click on any of the links. Many thanks to all our observant students and personnel who picked it up and pointed it out to me.

Below is an example of the mail (with the dangerous bits removed)

David Wiles

From: Compromised, Student account <12345678@sun.ac.za>
Sent: 2017/06/13 15:51 (GMT+02:00)
To: fake@email.address
Subject: YOUR EMAIL ACCOUNT HAS BEEN COMPROMISED  

Certify Your email HERE

 

[ARTICLE BY DAVID WILES]

[:]

Email

Tags:
Posted in E-mail, Security | Comments Off on [:en]Phishing scam with subject “YOUR EMAIL HAS BEEN COMPROMISED”[:]

[:en]SARS phishing e-mail[:]

Monday, June 12th, 2017

[:en]

Take note that a phishing e-mail promising a SARS payback is circulating on campus. Below is an example of the e-mail sent from a legitimate looking @sars.gov e-mail address with a web page attached which the receiver should click on and complete. 

Please do not click on the html file or enter any personal information. SARS would contact you via SMS if (in the unlikely event) they want to pay you money.  

Also look out for the telltale signs of a phishing e-mail below:

  1. Addressed to a generic name – “Dear Taxpayer”. SARS would at least include your full name and tax reference number.
  2. Grammar, spelling or punctuation errors. 
  3. SARS won’t ask you to complete any forms. They already have your information.

Dear Taxpayer,

 

After calculations of last year annual fiscal activities,we realised that you are eligible to receive a Tax refund of R9,250.75. please download the attached Tax refund form REFUNDSARS.html and complete the process of your Tax refund. Note:the refund will take 48hours to reflect in your account.

 

Thank you,

 

South Africa Revenue Services (SARS)

Tom Moyane Commissioner

[:]

Email

Tags: , ,
Posted in E-mail, Security | Comments Off on [:en]SARS phishing e-mail[:]

[:en]How to avoid ransomware attacks[:af]Hoe om ransomware te vermy[:]

Friday, June 2nd, 2017

[:en]

Ransomware is a type of malware designed to encrypt users’ files or lock their operating systems so attackers can demand a ransom payment. According to a 2016 Symantec report, the average ransom demand is almost $700 and “consumers are the most likely victims of ransomware, accounting for 57 percent of all infections between January 2015 and April 2016.”

Similar to a phishing attack, ransomware executes when a user is lured to click on an infected link or e-mail attachment or to download a file or software drive while visiting a rogue website. Sophisticated social engineering techniques are used to entice users to take the desired action; examples include

  • an embedded malicious link in an e-mail offers a cheap airfare ticket (see figure 1);
  • an e-mail that appears to be from Google Chrome or Facebook invites recipients to click on an image to update their web browser (see figure 2); or
  • a well-crafted website mimics a legitimate website and prompts users to download a file or install an update that locks their PC or laptop.

Figure 1. Phishing e-mail with ransomware embedded in a link

Figure 2. A fake Google Chrome e-mail

To avoid becoming a victim of ransomware, users can follow these tips:

  • Delete any suspicious e-mail. Messages from unverified sources or from known sources that offer deals that sound too good to be true are most likely malicious (see figure 3). If in doubt, contact the alleged source by phone or by using a known, public e-mail address to verify the message’s authenticity.
  • Avoid clicking on unverified e-mail links or attachments. Suspicious links might carry ransomware (such as the CryptoLocker Trojan).
  • Use e-mail filtering options whenever possible. E-mail or spam filtering can stop a malicious message from reaching your inbox.
  • Install and maintain up-to-date antivirus software. Keeping your operating system updated with the latest virus definitions will ensure that your security software can detect the latest malware variations.
  • Update all devices, software, and plug-ins on a regular basis. Check for an operating system, software, and plug-in updates often — or, if possible, set up automatic updates — to minimise the likelihood of someone holding your computer or files for ransom.
  • Back up your files. Backup the files on your computer, laptop, or mobile devices frequently so you don’t have to pay the ransom to access locked files.
Figure 3. An example ransomware e-mail message

Figure 3. An example ransomware e-mail message

 

[:af]

Ransomware is `n tipe malware ontwerp om gebruikers se lêers te enkripteer of hulle bedryfstelsels te blok sodat kuberkrakers `n losprys kan eis.  Volgens `n 2016 Symantec-verslag, is die gemiddelde losprysbedrag $700 en is 57% van alle sekuriteitsinsidente onder gebruikers tussen January 2015 en April 2016 ransomware.

Soortgelyk aan `n phishing-aanval, lok ransomware ook gebruikers om op `n kwaadwillige skakel te kliek, of `n epos aanhangsel oop te maak of om sagteware af te laai vanaf `n bedrieglike webwerf. Gesofistikeerde sosiale ingenieurswese metodes word gebruik om gebruikers in die versoeking te bring om te reageer, byvoorbeeld

Sophisticated social engineering techniques are used to entice users to take the desired action; examples include

  • `n ingesluite kwaadwillige skakel in `n e-pos belowe `n goedkoop vliegtuigkaartjie (siene figuur 1);
  • `n e-pos wat lyk asof dit van Google Chrome of Facebook kom nooi ontvangers om op grafika te kliek om hulle webblaaier op te dateer (sien figuur 2); of
  • `n goedgeprakseerde webwerf na-aap `n werklike webwerf en por gebruiker aan om `n lêer af te laai of `n opdatering te installeer wat dan hulle toestel sluit. 

Figure 1. Phishing e-pos met ransomware versteek in `n skakel

Figure 2. `n Vals Google Chrome e-pos

Om te voorkom dat jy die slagoffer word van ransomware, volg die hierdie wenke:

  • Vee enige verdagte e-posse. Boodskappe gestuur vanaf ongeverifieerde bronne wat aanbiedinge bied wat te goed klink om waar te wees, is waarskynlik gevaarlik. (sien figuur 3) As jy twyfel, kontak die beweerde bron telefonies of d.m.v. hulle amptelike adres om die boodskap se geloofwaardigheid te bevestig.
  • Moenie op ongeverifieerde e-posskakels of aanhangsels kliek nie.  Verdagte skakels kan ransomware (soos die CryptoLocker Trojan bevat).
  • Gebruik e-pos filtermetodes wanneer moontlik. E-pos of gemorsposfilters kan keer dat gevaarlike boodskappe in jou posbus beland.
  • Installeer en onderhou jou antivirus-sagteware.  Hou jou bedryfstelsel op datum met die nuutste virusdefinisies. Dit sal verseker dat  jou sekuriteitsagteware die nuutste malware-weergawes kan optel.
  • Dateer jou toestelle, sagteware en inprop-programme (plug-ins) gereeld op. Kyk gereeld vir nuwe weergawes of opdaterings van jou bedryfstelsel, sagteware en inprop-programme — of, indien moontlik, stel dat dit outomaties opdateer. Dit sal die kans dat jou rekenaar en data gyselaar gehou word verminder. 
  • Rugsteun jou lêers. Rugsteun die lêers op jou PC, skootrekenaar en toestelle dikwels sodat jy nie hoef te betaal as jou data nie toeganklik is as gevolg van ransomware nie. 
Figure 3. An example ransomware e-mail message

Figuur 3. `n Voorbeeld van `n ransomware e-posboodskap

 

[:]

Email

Tags: , ,
Posted in E-mail, Security | Comments Off on [:en]How to avoid ransomware attacks[:af]Hoe om ransomware te vermy[:]

[:en]How to protect yourself from ransomware[:]

Friday, May 19th, 2017

[:en]

A serious virulent ransomware threat known as WannaCrypt0r/WannaCry has been affecting Windows computers on shared networks in around 150 countries worldwide. Once one computer on a network is affected, the malware infection easily spreads to other Windows computers on the same network, shutting down entire government agencies and national infrastructure companies. More on this attack. 

Ransomware forms part of a group of malicious computer software called malware,  which installs itself on your PC. It can be installed by means of an e-mail attachment, an infected programme or unsafe website with malware installed on it.  The software “kidnaps” your data by encrypting or limiting your access to it and then sending you a message demanding money to regain your access.  The only way access is possible again, is by acquiring an encryption key from the creator of the ransomware at a fee and this isn’t necessarily guaranteed.

But how do you protect yourself from ransomware

  • If you use Windows, install the patch that Microsoft has released to block the specific exploit that the WannaCry ransomware is using. Instructions can be found in the Microsoft Knowledge Base. You can also directly download the patches for your OS from the Microsoft Update Catalogue. (Take note that this is mostly applicable to devices that are not on the university network.)
  • Update your Antivirus software definitions. Most AV vendors have now added detection capability to block WannaCry. (Devices running on the SU network should be up to date)
  • If you don’t have anti-virus software enabled on your Windows machine, enable Windows Defender, or Avast! AV or Avira AntiVirus, which is free.
  • Backup regularly and make sure you have offline backups. That way, if you are infected with ransomware, it can’t encrypt your backups.
  • For further reading, this is an excellent detailed write-up on the WannaCry ransomware.  
  • Get the word out.

[INFORMATION SUPPLIED BY DAVID WILES]

[:af][:]

Email

Tags:
Posted in E-mail, Security | Comments Off on [:en]How to protect yourself from ransomware[:]

« Older Entries
Newer Entries »