SEARCH

  • [:en]Recent Posts[:af]Onlangse bydraes

  • [:en]Categories[:af]Kategorieë

  • [:en]Archives[:af]Argiewe

Security

« Older Entries
Newer Entries »

[:en]Dangerous phishing scam disguised as a University salary increase notice [:]

Thursday, May 18th, 2017

[:en]

With the criminals first partly successful spear-phishing attack in April with an email about a salary raise and directing their victims to go to a forged webpage that looks EXACTLY like the e-HR website, they are at it again with a few variations: 

The subject is now “URGENT: Your May Salary Issue” and says the following: 

Hello,

In accordance with the Fiscal Year 2017 Salary Allocation Guidelines, this is to inform you that your monthly salary starting May 31st, 2017 will reflect a 13.98% (percent) merit increase.

Your new salary is as analyzed herewith. The documents are attached below: (attached link to the forged website)

This is an EXTREMELY dangerous e-mail, because its earlier version fooled a number of university personnel into giving the scammers their login details and passwords. 

Clicking on the link will take you to a forged version of the SUN e-HR site. If you enter your username and password (because the site looks like the SUN e-HR site), the criminals will have been given access to your personal details on SUN e-HR. 

Here is what the forged site looks like:

Note the forged address marked in yellow at the top. IT blacklisted and blocked access to that site from within the university, but please support them by following the procedures on the following page: http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

[ARTICLE BY DAVID WILES]

 

[:]

Email

Tags:
Posted in E-mail, Security | Comments Off on [:en]Dangerous phishing scam disguised as a University salary increase notice [:]

[:en]Critical ransomware attack targeted Windows computers[:af]Kritiese ransomware val Windows-rekenaars aan[:]

Saturday, May 13th, 2017

[:en]

A serious virulent ransomware threat known as WannaCrypt0r/WannaCry has been affecting Windows computers on shared networks in at least 150 countries worldwide. Once one computer on a network is affected, the infection easily spreads to other Windows computers on the same network, easily shutting down entire government agencies and national infrastructure companies. More information on this attack

Ransomware is a malicious script or software that installs itself on your computer without you knowing. Once it’s installed and running, it will lock down your system and won’t allow you to access any files or programs on that computer. To unlock your system and regain access to the computer being held hostage, the lock screen informs you that you must pay for an unlock tool or decryption key from the hacker.

If your Windows computer is connected to a shared network, such as those at the University, Information Technology will automatically keep your Windows up-to-date so you don’t have to.

If you are running Windows and automatic updates are enabled you should be okay. If you don’t and haven’t updated recently you should update to the most recently released version immediately. Information Technology does manage automatic updates on many of our computers, but users also have to check their computers, especially with laptops that are taken home, in hostels and connect to other less well-managed networks. 

Keep an eye open for phishing e-mails requesting that you click on links and fill in your username and password. Beware sites that you visit that have suspicious popups that ask you to install software or “inform” you that your computer is infected with viruses.

Just because the mail looks like it has been sent from a university address or the site that you visit looks like a university or Internet banking website, don’t be fooled. Check the address and what you are being asked to do. If in doubt ask Information Technology, or your local “computer nerd”. They will be able to help and advise you.

More articles on ransomware.

[ARTICLE BY DAVID WILES]

[:af]

Ernstige ransomware, bekend as WannaCrypt0r/WannaCry, het verlede maand Windows rekenaars op gedeelde netwerke in ten minste 150 lande aangeval. Sodra een rekenaar op ʼn netwerk besmet is, versprei die infeksie moeiteloos na ander Windows rekenaars op dieselfde netwerk. Op so ʼn  manier word groot maatskappye, regeringsorganisasies en nasionale infrastruktuur maatskappye maklik en vinnig buite aksie gestel. Meer inligting oor hierdie aanval.

Ransomware is ʼn  kwaadwillige programmeringskrip of sagteware wat op jou rekenaar installeer word, sonder jou wete. Sodra dit loop op jou rekenaar, word jou hele stelsel geblok en het jy geen toegang tot jou lêers of programme op jou rekenaar nie. ʼn Kennisgewing op jou skerm sal aandui dat jy die kraker moet betaal vir die sleutel of die dekripsie-instrument voordat jou stelsel oopgesluit word en jy weer toegang kan kry.

Indien jou Windows-rekenaar verbind is aan ʼn gedeelde netwerk, soos dié van die universiteit, hou Informasietegnologie jou rekenaar outomaties op datum met Windowsopdaterings sodat jy dit nie hoef te doen nie.

Indien jy Windows gebruik en jou outomatiese opdateringsfunksie is geaktiveer, behoort jy dus veilig te wees. Indien dit nie is nie en jy lanklaas enige opdaterings gedoen het, sorg dat jy dadelik die nuutste weergawe kry. Alhoewel Informasietegnologie outomatiese opdaterings doen op die meeste rekenaars, is dit belangrik dat gebruikers self ook hulle rekenaars nagaan. Dis veral van toepassing op skootrekenaars wat huistoe geneem word en aan tuis, koshuise en ander minder veilige reguleerde netwerke verbind. 

Wees bedag op phishing e-posse wat versoek dat jy op skakels kliek en jou gebruikersnaam en wagwoord intik. Oppas vir webwerwe wat bedenklike opspring-skerms het wat vra dat jy sagteware installeer of vir jou sê dat jou rekenaar besmet is met virusse.

Bloot omdat ʼn  e-pos lyk asof dit gestuur is vanaf `n universiteitsadres of die webwerf lyk soos die universiteit of jou bank s’n, beteken nie dit is nie. Kyk na die webadres en lees noukeurig wat van jou gevra word. As jy enigsins twyfel, kontak IT of jou ʼn  IT-kenner wat jy vertrou. Hulle sal jou kan help en raad gee.

Meer artikels oor ransomware.

[:]

Email

Tags:
Posted in E-mail, Security | Comments Off on [:en]Critical ransomware attack targeted Windows computers[:af]Kritiese ransomware val Windows-rekenaars aan[:]

[:en]Compromised student account used for phishing[:]

Tuesday, April 18th, 2017

[:en]

Just because mail seems to come from a university address, doesn’t mean to say that it is legitimate.

The latest phishing scam making its rounds at the university is being sent from a compromised student account. The subject line is all in capital letters and is meant to frighten you into clicking on a link and filling in your details. This is probably how the student account that is now sending it was originally compromised.

This is a typical phishing scam. Do not respond or click on any of the links. Many thanks to all the observant students who picked it up and pointed it out to us.

Below is an example of the mail (with the dangerous bits removed)

 

From: Compromised, Student account <12345678@sun.ac.za>
Sent: Monday, 17 April 2017 12:19 PM
To: fake@email.address
Subject: YOUR EMAIL ACCOUNT HAS BEEN COMPROMISED

 

Certify Your email HERE

[ARTICLE BY DAVID WILES]

[:]

Email

Tags: , ,
Posted in Security | Comments Off on [:en]Compromised student account used for phishing[:]

[:en]Don’t Be Fooled. Protect Yourself and Your Identity [:af]Beskerm jouself en jou identiteit[:]

Wednesday, April 5th, 2017

[:en]

According to the US Department of Justice, more than 17 million Americans were victims of identity theft in 2014. EDUCAUSE research shows that 21 percent of respondents to the annual ECAR student study have had an online account hacked, and 14 percent have had a computer, tablet, or smartphone stolen. Online fraud is an ongoing risk. The following tips can help you prevent identity theft.

  • Read your credit card, bank, and pay statements carefully each month. Look for unusual or unexpected transactions. Remember also to review recurring bill charges and other important personal account information.
  • Review your health insurance plan statements and claims. Look for unusual or unexpected transactions.
  • Shred it! Shred any documents with personal, financial, or medical information before you throw them away.
  • Take advantage of free annual credit reports. In South Africa TransUnion, Experian and CompuShare can provide these reports.
  • If a request for your personal info doesn’t feel right, do not feel obligated to respond! Legitimate companies won’t ask for personal information such as your ID number, password, or account number in a pop-up ad, e-mail, SMS, or unsolicited phone call.
  • Limit the personal information you share on social media. Also, check your privacy settings every time you update an application or operating system (or at least every few months).
  • Put a password on it. Protect your online accounts and mobile devices with strong, unique passwords or passphrases.
  • Limit use of public Wi-Fi. Be careful when using free Wi-Fi, which may not be secure. Do not access online banking information or other sensitive accounts from public Wi-Fi.
  • Secure your devices. Encrypt your hard drive, use a VPN, and ensure that your systems, apps, antivirus software, and plug-ins are up-to-date.

 

[:af]

Volgens die Amerikaanse Departement van Justisie was meer as 17 miljoen Amerikaners in 2014 slagoffers van identiteitdiefstal. EDUCAUSE navorsing het gewys dat 21% van respondente van met die jaarlikse ECAR studente steekproef se aanlynrekeninge gekraak is en 14% se rekenaar, tablet of slimfoon is gesteel. Aanlynbedrog bly `n voortdurende risiko. Die volgende wenke kan help voorkom dat jy `n slagoffer is van identiteitsdiefstal.

  • Lees jou kredietkaart-, bank- en betaalstate deeglik elke maand. Kyk vir ongewone of onverwagse transaksies. Onthou ook om te kyk na huidige rekeningkostes en ander belangrike persoonlike rekeninginligting. 
  • Hersien jou mediese fonds se state en eise. Kyk vir ongewone of onverwagse transaksies.
  • Versnipper dit! Versnipper alle dokumente met persoonlike, finansiële of mediese inligting voordat jy dit weggooi.
  • Trek voordeel uit jaarlikse gratis kredietverslae. In Suid-Afrika kan TransUnion, Experian en CompuShare hierdie verslae verskaf.
  • Indien `n versoek om jou persoonlike inligting vir jou nie reg voel nie, moenie verplig voel om te reageer nie. Regmatige maatskappye sal nie vir persoonlike inligting soos jou ID-nommer, wagwoorde of rekeninge vra deur middel van `n e-pos, advertensie, SMS of foonoproep nie.
  • Beperk die persoonlike inligting wat jy deel op sosiale media. Kyk ook na jou privaatheidverstellings elke keer wanneer jy `n toepassing of bedryfstelsel opdateer. (of ten minste elke paar maande)
  • Stel `n wagwoord daarop. Beskerm jou aanlyn rekeninge en mobiele toestelle met sterk, unieke wagwoorde of wagwoordfrases.
  • Beperk jou gebruik van openbare Wi-Fi. Wees versigtig om gratis, onsekure Wi-Fi te gebruik. Moet dit nie gebruik om toegang tot bankdienste of ander sensitiewe rekeninge te kry nie.
  • Beveilig jou toestelle. Enkripteer jou hardeskyf, gebruik `n VPN en maak seker dat jou stelsels, toepassings, anti-virus en inprop-programme op datum is.

[:]

Email

Tags: , ,
Posted in Security | Comments Off on [:en]Don’t Be Fooled. Protect Yourself and Your Identity [:af]Beskerm jouself en jou identiteit[:]

[:en]Salary increase e-mail not quite good news[:]

Tuesday, April 4th, 2017

[:en]

Several of our observant personnel have picked up that a very suspicious e-mail is making the rounds at the moment.

The subject is “NOTIFICATION: Your 13.69% Salary Increase”. 

This is a very dangerous e-mail. Clicking on the link will take you to a forged version of the SUN e-HR site. If you enter your username and password (because the site looks like the SUN e-HR site), the criminals will have been given access to your personal details on SUN e-HR. The ramifications of this will mean that the scammers will potentially be able to get details such as your banking details, ID number, place of residence, that are all stored on the SUN e-HR system. They will potentially then be able to steal your salary.

The e-mail contains the following message:

Hello,

Attached herewith are two (2) documents summarizing your April salary as reviewed for a 13.69% merit increase in Financial Year 2017.

This review is with immediate effect starting Friday April 28th Paycheque.

Deductions and bonuses are advised therein

The documents are attached below:

 

Below is what the forged site looks like. The address is not a university server BUT very few people notice such details and tend to skim over them.

 

[ARTICLE BY David Wiles]

[:]

Email

Tags: ,
Posted in E-mail, Security | Comments Off on [:en]Salary increase e-mail not quite good news[:]

« Older Entries
Newer Entries »