SEARCH

  • [:en]Recent Posts[:af]Onlangse bydraes

  • [:en]Categories[:af]Kategorieë

  • [:en]Archives[:af]Argiewe

Security

« Older Entries
Newer Entries »

[:en]Phishing scam disguised as an Outsurance R400 premium claim

Wednesday, May 25th, 2016

[:en]

This week a phishing scam is in the disguise of an alleged payout by Outsurance of a R400 premium, is circulating. Now if you are an Outsurance member, then this scam can fool you, but there are a number of telltale points that will reveal this mail to be a scam:

  1. So-called branding (with an Outsurance Logo and a Sender that looks like it comes from Outsurance) are easily counterfeited.
  2. Outsurance has most of your details if you are a client and the salutation will always be your name and never just “Dear Client”.
  3. Outsurance does not use Dropbox to deliver ANY documents. They will always use their own systems and usually send PDF documents after informing you via e-mail AFTER calling you personally and confirming some personal details.
  4. Outsurance will have a registered contact e-mail address on their system, but they will never ask for your e-mail password. Hopefully, you do not use your University of Stellenbosch e-mail address for as your personal contact address.
  5. This e-mail’s grammar is terrible. It is very unprofessional and the use of threats such as “PAYOUT will be denied if details are inconsistent/wrong” is usually a typical tactic of phishers.
  6. Scammers are wanting personal details and your signature. Why? So they can use it to gain access to your other accounts that have money, like bank accounts, or use your signature (that you sent them) to sign forged cheques etc.

Standard Bank South Africa recently lost R300 million in ATM fraud in Japan this week. The criminals used forged credit cards. No doubt the details on those cards were obtained using names and details that they obtained from phishing scams such as this Outsurance scam. Crime syndicates often exchange and share data they obtain amongst their fellow syndicates and use it to commit fraud.

Here is an example of the Outsurance scam mail that is circulating at the moment. We removed the “DropBox” link and the attached file for your safety. 

~~~

From: OUTsurance [mailto:premium@OUTsurance.co.za]
Sent: 24 May 2016 08:45 AM
To: Recipients <premium@OUTsurance.co.za>
Subject: Claim your Outsurance R400 premium

Dear Client,

Your monthly R400 premium PAYOUT is ready. Please log in to our DropBox document file with correct Email address and Email Password registered with us to confirm details. PAYOUT will be denied if details are inconsistent/wrong. Download, print and sign the forms, attach and email back to us for payment to be effected.

OUTsurance premium PAYOUT

Thank you.

© 2015 OUTsurance Insurance Company Limited and OUTsurance Life Insurance Company Limited A Member of the Rand Merchant Insurance Holdings (RMI) Group and an Authorised Financial Services Provider FSP (896)

 

[ARTICLE BY DAVID WILES]

Email

Posted in E-mail, Security | Comments Off on [:en]Phishing scam disguised as an Outsurance R400 premium claim

[:en]How safe is information on your device?[:af]Hoe veilig is inligting op jou toestel?

Wednesday, May 25th, 2016

[:en]

Smartphones frequently act as the control centres where we schedule meetings, send e-mails and socialise. To satisfy these needs, they require personal information.

Our lives are documented and stored in e-mails, social networks and the apps we install on our phones. All this information syncs seamlessly with your work PC or your tablet. And after initial  set up, it might not even prompt you for a password again. Wonderful news if you are terrible at remembering passwords. Also, wonderful news if you are the thief who steals a smartphone.

What information would a clever criminal get his hands on if you lose your smartphone now? Banking information? A copy of your ID or passport saved somewhere in your e-mail? All your holiday photos on Dropbox? 

Here are a few tips to ensure he won’t be able to get to it:

  1. Always enable the password option on your phone to lock your screen. Most phones have various options – typing in a password, a pin code or even swiping a sequence of dots. This is your first line of defence.
  2.  Don’t select “remember password” on any of your apps or your e-mail applications. Yes, it is a nuisance to type in your password, but do you really want someone else to read your e-mails? 
  3. Turn off cookies and autofill. This prevents your device from remembering your username and possibly even your password at websites you regularly visit.
  4. If you need to access sensitive information, e.g. banking, rather go to the website, via a web browser, than using an app.
  5. Set up your phone to be tracked if you do lose it. (Read our previous instructions on locating lost or stolen devices here.) A device can also be wiped remotely in some cases, which at least ensures that your information doesn’t end up being used, even though your actual device is.

Remember that you also need to remove ALL personal data (for example e-mails, SMS’s and telephone numbers) and anything which could connect you to the phone when you sell or dispose of it. 

[:af]

Slimfone is dikwels die beheersentrum waar vergaderings geskeduleer, e-posse gestuur en sosiale aktiwiteite beplan word. Om dié funksie te vervul, vereis dit ons persoonlike inligting.

Ons doen en late word dokumenteer en gebêre in e-posse, sosiale netwerke en toepassings. Al hierdie informasie word vervolgens ook soomloos integreer met jou werkrekenaar en tablet. Na die eerste opstelling, is dit, in sommige gevalle, nie eers nodig om `n wagwoord in te tik nie. Wonderlike nuus as jy hopeloos is met wagwoorde onthou. Ook wonderlike nuus as jy `n opportunistiese skelm is wat slimfone steel.

Watter inligting sal `n slim misdadiger tot sy beskikking hê as hy vandag jou slimfoon in die hande kry? Bankinligting? `n Kopie van jou ID of paspoort wat erens gestoor is op e-pos? Al jou vakansiefotos op Dropbox?

Hier is `n paar wenke om seker te maak hy kry dit nie in die hande nie:

  1. Aktiveer altyd die wagwoord opsie om jou foon te skerm te sluit. Die meeste fone het verskeie opsies, byvoorbeeld om `n wagwoord in te tik, `n PIN-kode of selfs om in `n spesifieke volgorde `n patroon te vee. Hierdie is jou eerste en belangrikste afskrikmiddel.
  2. Moenie remember password op jou e-pos of ander toepassings kies nie. Ja, dit is irriterend om elke keer `n wagwoord in te tik, maar wil jy regtig hê iemand anders moet jou e-pos lees?
  3. Skakel cookies en autofill af. Dit keer dat jou toestel jou gebruikersnaam en wagwoord onthou en invul op webwerwe wat jy gereeld besoek.
  4. As jy toegang tot sensitiewe inligting moet kry, byvoorbeeld bankinligting, gaan eerder na die webwerf d.m.v. `n webblaaier in plaas van die installeerde toepassing.
  5. Stel jou foon op dat dit opgespoor kan word as jy dit verloor. (Lees ons vorige artikel oor die opsporing van verlore of gesteelde toestelle hier.) `n Toestel kan ook vanaf `n afstand skoongevee word om seker te maak jou inligting word nie misbruik nie, selfs al is jou toestel in die verkeerde hande.

Onthou dat jy ook, wanneer jy jou selfoon verkoop of daarvan ontslae raak, seker moet maak dat AL jou data daarvan verwyder is (bv. e-posse, foonnommers, SMSe, ens.) of enige inligting wat jou kan verbind tot die foon.

Email

Posted in Apps, E-mail, Security | Comments Off on [:en]How safe is information on your device?[:af]Hoe veilig is inligting op jou toestel?

[:en]Phishing scammmers change tactics [:af]Phishing-knoeiers pas hul planne aan

Tuesday, May 10th, 2016

[:en] Earlier this week Tygerberg was subjected to a particularly pervasive attempt by phishing fraudsters to obtain usernames and passwords from users by fooling them to “Activating” their Outlook 2016 account.

Although mostly unsuccessful due to the fact that most personnel are wide awake and sensitive to phishing attacks, this does not stop the attempts. The fraudsters merely change their tactics. Stealing data and gaining access to personal details such as usernames and passwords is very, very profitable!

Today’s phishing scam uses a different method by hiding behind an educational institution’s name and adding a “throw-away” website address at the end.

——————————————————————

Dear Account User,

We are shutting down your Bulk SMS, Cellfindportal today in a course to activate Microsoft Outlook Web access 2016. You need to upgrade your Bulk SMS, Cellfindportal immediately otherwise it will be deactivated. 

To activate go to http://bulk-sms-cellfindportal-sun.ac.za.webeden.co.uk 

The Information Technology department encourages you to take the following measures to protect your account.

Sincerely

IT Customer Support Center© 2016 CELL FIND LLC. All Rights Reserved

The University of Stellenbosch is a charitable body, registered in

Republic of South Africa, with registration number ZA005336.

——————————————————————

We’ve removed the dangerous part of the mail, but you hopefully can see how we can be fooled if we see the “sun.ac.za” address and see the “disclaimer” at the end, and think that it is from the University.

Information Technology will never send you mail like this and if they do mail you, it will always be branded and linked to a sun.ac.za site, and the grammar will be a lot better than this example, and will be bilingual at least!

[ARTICLE BY DAVID WILES]

[:af]

Tygerberg-kampus is vroeër die week blootgestel aan `n besondere deurdringende poging deur phishing kuberkriminele. Hulle doel was om gebruikersname en wagwoorde te bekom deur gebruikers te oortuig dat hulle hul Outlook 2016 rekeninge moet “heraktiveer”.

Gelukkig was dit grotendeels onsuksesvol omdat die meeste personeel wakker en oplettend vir phishing-aanvalle. Dit stop hulle egter nie. Die kriminele verander bloot hulle taktiek. Datadiefstal en toegang tot persoonlike inligting soos gebruikersname en wagwoorde is baie, baie winsgewend!

Vandag se phishing-poging gebruik `n ander metode deur weg te kruip agter `n akademiese instansie se naam en dan `n “weggee” webwerf aan die einde.

——————————————————————

Dear Account User,

We are shutting down your Bulk sms, Cellfindportal today in a course to activate Microsoft Outlook Web access 2016. You need to upgrade your Bulk sms, Cellfindportal immediately otherwise it will be deactivated. 

To activate go to:  http://bulk-sms-cellfindportal-sun.ac.za.webeden.co.uk 

The Information Technology department encourages you to take the following measures to protect your account.

Sincerely

IT Customer Support Center© 2016 CELL FIND LLC. All Rights Reserved

The University of Stellenbosch is a charitable body, registered in

Republic of South Africa, with registration number ZA005336.

——————————————————————

Ons het die gevaarlike gedeelte van die e-pos verwyder, maar dis steeds maklik om te sien hoe ons, deur te kyk na die “sun.ac.za” en die “disclaimer”, mislei sou kon word om te dink dat dit deur die Universiteit gestuur is.

 

Informasietegnologie sal nooit `n e-pos soos hier bo vir jou stuur nie. Indien jy `n e-pos van IT kry, sal dit duidelike kenmerke en `n US logo bevat; die taalgebruik sal hopelik beter wees en dit sal waarskynlik tweetalig wees.

[ARTIKEL DEUR DAVID WILES]

 

Email

Posted in E-mail, Security | Comments Off on [:en]Phishing scammmers change tactics [:af]Phishing-knoeiers pas hul planne aan

[:en]Fake library activation e-mail [:af]Vervalsde biblioteekheraktivering e-pos

Friday, May 6th, 2016

[:en]

An e-mail regarding reactivation of library accounts is being circulated to staff and students. (see below) You will never be asked to reactivate your library access. 

The e-mail below contains a malicious link and should you use it and log in, it will harvest your details and abuse it elsewhere. 

Please ignore and delete this e-mail immediately. It seems phishing criminals are getting more and more clever and their e-mails are also getting more convincing. Be vigilant and don’t believe everything you read.

————————————————————————

From: Fake SU name [mailto:fakeaddress@sun.ac.za] –
Sent: 06 May 2016 08:34
To: Another fake SU name <fakeaddress2@sun.ac.za>
Subject: Library Services

Dear User,

This message is to inform you that your access to your library account will soon expire. You will have to login to your account to continue to have access to the library services.
You need to reactivate it just by logging in through the following URL. A successful login will activate your account and you will be redirected to your library profile.

http://fakeaddresswhichalmostlookslikethelibrarys

If you are not able to login, please contact Fake SU name at fakeaddress@sun.ac.za for immediate assistance.

Sincerely,

Fake SU name
Information Technology
Stellenbosch University Home
021 808 9965
fakeaddress@sun.ac.za

[:af]

ʼn E-pos met die heraktivering van biblioteekrekeninge as onderwerp, word op die oomblik onder personeel en studente versprei. (sien onder) Jy sal nooit gevra word om jou biblioteektoegang te heraktiveer nie.

Onderstaande e-pos bevat ʼn gevaarlike skakel en as jy daarop kliek en aanteken, sal dit jou inligting oes en elders misbruik. 

Ignoreer dit asseblief en vee die e-pos uit. Ongelukkig raak kuberkrakers slimmer en slimmer en daarmee saam word hul e-posse ook meer oortuigend. Wees paraat en moenie alles glo wat jy lees nie. 

 

————————————————————————

From: Fake SU name [mailto:fakeaddress@sun.ac.za] –
Sent: 06 May 2016 08:34
To: Another fake SU name <fakeaddress2@sun.ac.za>
Subject: Library Services

Dear User,

This message is to inform you that your access to your library account will soon expire. You will have to login to your account to continue to have access to the library services.
You need to reactivate it just by logging in through the following URL. A successful login will activate your account and you will be redirected to your library profile.

http://fakeaddresswhichalmostlookslikethelibrarys

If you are not able to login, please contact Fake SU name at fakeaddress@sun.ac.za for immediate assistance.

Sincerely,

Fake SU name
Information Technology
Stellenbosch University Home
021 808 9965
fakeaddress@sun.ac.za

Email

Posted in Security | Comments Off on [:en]Fake library activation e-mail [:af]Vervalsde biblioteekheraktivering e-pos

[:en]New phishing message distributed on campus [:af]Nuwe phishing boodskap op kampus versprei

Friday, May 6th, 2016

[:en]

This morning we received word of a new phishing e-mail being distributed on campus. (see example below) Please note that the message below is NOT from the University’s IT department. All our e-mails will be branded and in both Afrikaans and English. Ignore these e-mails and delete them. Other signs to look out for are:

1. The e-mail is never addressed to you personally – it’s a generic heading. (e.g. Dear client)
2. It asks the receiver to divulge personal information, for example your ID number, password or username.
3. The e-mail asks you to click on a link to “activate” your account. Don’t click on any links in e-mails (unless it’s an official IT e-mail) and also don’t copy and paste it in your web browser.
4. Usually a short time limit is given, for example “within 24 hours”.
5. Make sure the request is official and legal by calling the company and confirming.
6. Do not send sensitive information by e-mail. Legitimate companies won’t ask you to send data by e-mail.

—————————————————————————————————————————

From: a University staff member [mailto:scammers-email@outlook.com]
Sent: 05 May 2016 11:52 PM
Subject: Outlook WebAccess

Today Thursday 5th  May, 2016. we are upgrading our email system to Outlook Web App 2016. This service creates more space and easy access to email. Please update your account by clicking on Activation below, fill information for activation and submit.

Click for Activation

Inability to complete the information will render your account inactive. 

Thank you.

IT Admin Desk

[:af]

Die IT dienstoonbank is vanoggend in kennis gestel van `n nuwe phishing e-pos wat op kampus versprei word. (sien voorbeeld onder) Neem asseblief kennis dat onderstaande e-pos NIE deur die universiteit se IT-afdeling uitgestuur word nie. Ons e-posse sal altyd ons eie mashoof ophê en in beide Afrikaans en Engels wees. Ignoreer die e-pos en vee dit uit. Ander kenmerke om voor uit te kyk:

1. Die e-pos is nie persoonlik aan jou gerig nie, dis net `n generiese aanhef. (byvoorbeeld “Dear client”)
2. Dit vra persoonlike inligting, byvoorbeeld jou ID-nommer, wagwoord of gebruikersnaam.
3. Dit versoek dat jy op `n skakel kliek om jou rekening te “aktiveer”. Moenie kliek op skakels in e-posse nie (behalwe amptelike IT e-posse) en moet dit nie kopieer en plak in jou webblaaier nie.
4. Daar is gewoonlik `n kort tydsbeperking gekoppel aan die versoek, byvoorbeeld “binne 24 uur”.
5. Maak seker die versoeke is wettig deur die maatskappy se telefoonnommer te skakel en uit te vind.
6. Moenie sensitiewe informasie met e-pos stuur nie. Wettige maatskappye sal nie vra dat jy data per e-pos aan hulle stuur nie.

—————————————————————————————————————————-
Sent: 05 May 2016 11:52 PM
Subject: Outlook WebAccess

Today Thursday 5th  May, 2016. we are upgrading our email system to Outlook Web App 2016. This service creates more space and easy access to email. Please update your account by clicking on Activation below, fill information for activation and submit.

Click for Activation

Inability to complete the information will render your account inactive. 

Thank you.

IT Admin Desk

Email

Posted in E-mail, Security | Comments Off on [:en]New phishing message distributed on campus [:af]Nuwe phishing boodskap op kampus versprei

« Older Entries
Newer Entries »