SEARCH

  • [:en]Recent Posts[:af]Onlangse bydraes

  • [:en]Categories[:af]Kategorieë

  • [:en]Archives[:af]Argiewe

Security

« Older Entries
Newer Entries »

Tax season = cyber scamsBelastingseisoen = kubermisdaad

Friday, July 24th, 2015

Only people with an unusual desire for pain and discomfort look forward to a trip to the dentist. The same goes for tax.

Criminals know this and prey on our vulnerability. Every year at this time, e-mails like the one below end up in SU staff inboxes. It informs you that the taxman owes you money and all you have to do to receive it, is to click on a link.

This is a scam, and you should never respond or go to the site or open up the attached file, as this could compromise your banking security.

  1. SARS has your banking details on record and keeps it in secure and encrypted form. They do not need you to confirm or enter your banking details.
  2. SARS will always either SMS or send you a registered letter in the post to inform you of tax returns. They will never contact you by unsecured e-mail.
  3. They also have enough data to address the mail to you PERSONALLY and not via some vague “Dear Taxpayer” or “Good Day” salutation.
  4. There is no EFiling@sars.gov.za address.
  5. The attached file is usually a html (webpage) file and will connect you to a server controlled by the criminals. This server downloads a Trojan virus to your computer that will install software, malware and do all sorts of nasty things to your computer and data. Another tactic is to present you with a “login page” where you enter your banking account details, your PIN code etc.
  6. Unless you have added your university e-mail address as the primary contact address on the SARS system, you should never receive mail on your university account.

This phishing scam will allow the criminals to log into and take control of your bank account via the internet.

They can create themselves as beneficiaries, transfer your money to their account, and then delete the evidence pointing to their account.

These scam e-mails will never stop. It is always difficult to block them too because scammers change their addresses, details and methods on a daily basis. So it is always best to dump these mails in the junk mail folder, blacklist the sending domain and delete the mail immediately.

Why do these criminals continue to send their mail? Because they catch people regularly. In 2012 R14+ million was stolen from South Africans alone using phishing tactics such as this one.

Also read more on this on the mybroadband website.

EXAMPLE OF E-MAIL:

From: SARS eFiling [mailto:eFiling@sars.gov.za]
Sent: Saturday, 27 June 2015 10:14
Subject: Your account has been credited with R3,167.14
efiling

Your account has been credited with R3,167.14

Please click below to accept and verify payment.

Accept Payment

During this process, there will be verifications. If you don’t receive codes on time, come back to finish verification when received

SARS eFiling

[ARTICLE BY DAVID WILES]

Net iemand met `n ongewone voorliefde vir pyn en ongemak sien uit na `n uitstappie na die tandarts. Dieselfde geld vir belasting.

Kuberkriminele buit ons SARS-vrese uit en misbruik belastingseisoen om e-posgebruikers uit te vang.  

Elke jaar rondom Julie maak e-posse (soos die een heel onder) hul opwagting in US-personeel se posbusse. Op die oog af lyk dit soos `n SARS e-pos wat jou in kennis stel dat Jan Taks geld aan jou wil betaal. Om dit te kry, moet jy net op `n skakel te kliek.

Natuurlik is dit `n slenter. Moet nooit hierop reageer, op die skakel kliek, na die webwerf gaan, of die aangehegte dokument oopmaak nie. Jy sal bloot jou bankrekening in gevaar stel. 

  1. SARS het reeds jou bankbesonderhede en dit word veilig gestoor in enkripteerde formaat. Hulle het nie nodig om te vra dat jy dit weer bevestig nie. 
  2. SARS sal jou SMS of `n geregistreerde brief per pos stuur om jou in kennis te stel van belastinguitbetalings. Hulle sal jou nie met onsekure e-pos kontak nie.
  3. SARS het jou inligting en sal jou persoonlik aanspreek –  nie as “Dear Taxpayer” of met `n vae “Good Day” nie.
  4. Daar bestaan nie `n EFiling@sars.gov.za adres nie.
  5. Die aangehegte leêr is gewoonlik `n html (webblad) leêr en sal jou verbind aan `n bediener wat deur kriminele beheer word.  Hierdie bediener laai `n Trojan-virus wat sagteware en malware installeer op jou rekenaar en verskeie onreëlmatighede met jou data wil uitvoer. `n Alternatiewe metode herlei jou na `n aantekenblad waar jy jou bankrekeningdetails, PIN-kode, ens. invul.
  6. Behalwe as jy jou universiteit e-posadres as die hoofkontakadres op die SARS-stelsel ingevul het, sal jy nooit kommunikasie van SARS op jou sun e-pos kry nie.

Bogenoemde phishing-poging sal kuberkrakers toelaat om aan te teken en beheer te kry  oor jou bankrekening via die internet. Hulle kan hulself as begunstigdes byvoeg, geld oorplaas na hul rekeninge en daarna bewyse van die transaksies verwyder.

Dit bly moeilik om hierdie e-posse te blok aangesien adresse, details en metodes op `n daaglikse basis verander word. Die enigste oplossing is om dit dadelik in die gemorspos (junk mail) vouer te gooi, die domein waarvandaan dit gestuur word te swartlys, en die e-pos onmiddellik uit te vee.

Hoekom word hierdie e-posse steeds gestuur? Omdat dit suksesvol is. In 2012 is meer as R14 miljoen rand van Suid-Afrikaners gesteel alleenlik met phishing pogings.

Lees ook meer hieroor op mybroadband se webwerf. 

VOORBEELD VAN E-POS: 

From: SARS eFiling [mailto:eFiling@sars.gov.za]
Sent: Saturday, 27 June 2015 10:14
Subject: Your account has been credited with R3,167.14
efiling

Your account has been credited with R3,167.14

Please click below to accept and verify payment.

Accept Payment

During this process, there will be verifications. If you don’t receive codes on time, come back to finish verification when received

SARS eFiling

[ARTIKEL DEUR DAVID WILES]

Email

Tags: , , ,
Posted in Security | Comments Off on Tax season = cyber scamsBelastingseisoen = kubermisdaad

Think you’re safe online?Dink jy’s veilig aanlyn?

Friday, June 12th, 2015

Memeburn, a website specialising in tech news and analysis recently reported on the state of cyber security in South Africa. (Read the article here)

According to the article, it was announced during the 2015 Security Summit in Johannesburg that over the previous six month, South Africa was the most popular target in Africa for criminal cyber attacks. DDOS attacks in Africa also increased 150% over the past 18 months.

Antonio Forzieri, an executive at Symantec, stated that one out of 214 e-mail sent in South Africa last year, was a spear phishing attempt.

South Africans are losing R2.2 billion per year to cybercrime. Statistics like these emphasise the importance of being informed and careful with personal information.

Online sales are on the increase and providesan additional platform for cybercrime.

onedollarKaspersky Lab, a company renowned for their expertise in security, launched a new project which, in a very visual, simple and interactive way, demonstrates the danger of cyber threats.

The one dollar lesson is an animated website which shows what happens to your money when you shop online and your information is intercepted.

One dollar lesson also hosts three training modules – each of which shows one dollar’s virtual trip to the bank and the possible obstacles it can encounter along the way.

Don’t assume you know everything there is to know about cyber safety. Stay up to date on new cyber threats and be careful with your personal information.

Memeburn, `n webwerf wat spesialiseer in technuus en -analise, het onlangs berig oor die stand van kuberveiligheid in Suid-Afrika. (lees die volledige artikel hier)

Volgens die artikel is daar gedurende die 2015 Security Summit, in Johannesburg, bekendgemaak dat, in Afrika, Suid-Afrika die land is wat die afgelope ses weke die meeste deur kuberkrakers geteiken is. Hierbenewens het DDOS-aanvalle die afgelope 18 maande  met 150% toegeneem in Afrika.

Volgens Antonio Forzieri van Symantec was een uit elke 214 e-posse verlede jaar in Suid-Afrika gestuur, pogings om internetgebruikers se inligting te bekom.

Suid-Afrikaners verloor reeds R2.2 biljoen per jaar aan kubermisdaad. Statistieke soos hierdie benadruk weereens dat ons as internetgebruikers in Suid-Afrika meer ingelig en versigtig moet wees.

Terselfdertyd neem aanlynaankope toe en verskaf dit ‘n addisionele kanaal vir kubermisdaad om plaas te vind.

onedollarKaspersky Lab, `n maatskappy wat hulle roem daarop dat hulle sekuriteitsdeskundiges is, het `n projek begin wat die gevaar van kubermisdaad op `n meer visuele,  verstaanbare en interaktiewe manier demonstreer.

Die one dollar lesson is `n geanimeerde webwerf wat jou eerstehands wys wat kan gebeur as jy aanlyn inkopies doen en jou inligting word onderskep.

One dollar lesson bied ook drie opleidingsmodules wat elk een dollar se  virtuele reis na die bank volg met al die uitdagings langs die pad. 

Moenie aanneem jy weet alles van kuberveiligheid nie. Bly op hoogte van nuwe kuberbedreigings en wees versigtig wat jy met jou persoonlike inligting doen.

 

Email

Tags:
Posted in General, Internet, Security | Comments Off on Think you’re safe online?Dink jy’s veilig aanlyn?

Phishing scam disguised as DHL Shipping documentPhishing versteek in `n DHL-kennisgewing

Monday, May 11th, 2015

Phishing scammers and fraudsters will never give up trying to trick people into giving their personal details, passwords and bank account details. The latest scam (although by no means new) involves a DHL (courier) shipping document:

The subject will be: “Track Your Shipment DHL Shipping Document (B/L ******#####) 

The content will be:

“Good Day

Your Shipment arrived at the post office on <recent date>. Our courier was unable to deliver the Shipment to your address. 

To receive the Shipment you should go to the nearest DHL office and take your mailing label with you. The mailing label is attached. Please print it and show at the nearest DHL office to receive the Shipment.

Thank you for using DHL Service”

As you can probably see,  this is not a valid DHL notice. It is not addressed to you directly, DHL does not deliver to the post office, and will never ask you to print out a mailing label to take with you to the DHL Office.

By the way, if you did go to the attachment, it will take you to a website page where you fill in your personal details, bank account number and e-mail address (supposedly for the mailing label) and this is where you will be caught by the scammers.

DHL does not operate this way. When you receive a DHL shipment, the courier arrives at your door with your details (including your  phone number) and you have to produce your  ID document for identification. You was able to trace the parcel and DHL will phone to inform you when the courier would be due to deliver.

[ARTICLE BY DAVID WILES]

 

Phishing-kriminele sal nooit ophou probeer om mense om die bos te probeer lei om hul persoonlike details, wagwoorde en bankinligting in die hande te kry nie. Die nuutste poging gebruik `n DHL (koerier) verskepingsdokument:

Die onderwerp sal wees: “Track Your Shipment DHL Shipping Document (B/L ******#####) 

Die inhoud sal as volg wees: 

“Good Day

Your Shipment arrived at the post office on <recent date>. Our courier was unable to deliver the Shipment to your address. 

To receive the Shipment you should go to the nearest DHL office and take your mailing label with you. The mailing label is attached. Please print it and show at the nearest DHL office to receive the Shipment.

Thank you for using DHL Service”

Soos jy waarskynlik kan sien, is hierdie nie `n geldige DHL-kennisgewing nie. Dis nie direk aan jou gestuur nie, DHL lewer nie by die poskantoor af nie en sal jou ook nooit vra om `n etiket te druk en na `n DHL-kantoor te neem nie.

Indien jy wel op die aanhangsel gekliek het, sou dit jou neem na `n webwerf waar jy jou persoonlike inligting, bankrekeningnommer en e-posadres moes invul (klaarblyklik alles vir die etiket). Dis natuurlik hier waar hulle jou vang. 

Dis nie hoe DHL werk nie. Jy ontvang `n DHL-pakkie by jou deur met jou details (insluitende jou telefoonnommer) en jy wys jou ID-dokument as bewys. Jy kan ook die roete van die pakkie op hul webwerf naspeur en hulle sal jou telefonies laat weet wanneer aflewering sal geskied. 

[ARTIKEL DEUR DAVID WILES]

 

Email

Posted in E-mail, Security | Comments Off on Phishing scam disguised as DHL Shipping documentPhishing versteek in `n DHL-kennisgewing

Spot malicious e-mailsHoe om verdagte e-posse uit te ken

Friday, March 27th, 2015

With the increase in viruses, ransomware, malware, spyware, phishing and cyber crime in general, it’s now more important than ever that e-mail users should be even more cautious. Although we can not warn you against each and every dangerous e-mail (they are generated too quickly), we can however, tell you their characteristics so you can recognise a potentially malicious e-mail yourself.

Think of it this way – say receiving an e-mail is equivalent to running into someone on the street on a Saturday morning. When it’s a friend, neighbour, colleague or acquaintance you’re generally quite happy to see them and have a chat, because you know them. But when a stranger suddenly comes up to you, your reaction will immediately be different. If that same person hands you a parcel, telling you to open it or says “Dear sir, I want to show you something at my home. Won’t you quickly come with me?”, would you trust them and do it?

Just because the internet creates an illusion of distance, it does not mean these two situations should be dealt with differently. On the contrary, you are much more defenceless  and your information easier to access on the internet than on a street corner.

So why would you trust and react to an e-mail that

– wasn’t addressed to you specifically or is not from someone you know,
– open an attachment (the parcel) someone sent to you and
– click on a link of this person’s website (go to his home)?

CHARACTERISTICS

  1. Attachments
    It doesn’t matter how you intrigued are about what’s in that ZIP file, do not open it! The second you open an attachment, you open up your PC for any software and files to be installed on it. In the most recent incident of the Cryptowall 3.0 ransomware, a ZIP file was sent with the subject “My resume”. When it was opened, a .js script was automatically run and this encrypted all the data on the user’s PC. (read more about it here)
  2. Spelling and language
    In most cases where phishing takes place you’ll notice that spelling and language will be exceptionally bad. Improper spelling and grammar is almost always a dead give away. Look for obvious errors.Also don’t think an e-mail in Afrikaans is necessarily trustworthy. Last year we had incidents where an Afrikaans ABSA e-mail was copied and used to phish.
  3. Faulty or unknown links
    Move your mouse over the links in the e-mail (don’t click on them). The text itself might look like a familiar address, but you’ll notice that the actual link directs to somewhere completely different. The same goes for links to e-mail addresses in the text.
  4. A generic greeting
    If an e-mail isn’t personally addressed to you, for example “Dear Mrs du Preez” or something likewise, it’s clearly not meant for you, but rather to a large group of people in an attempt to lure one of them. These e-mails are sent out to thousands of different e-mail addresses and often the person sending these e-mails has no idea who you are.
    If you have no affiliation with the company the e-mail address is supposedly coming from, it’s fake. For example, if the e-mail is coming from ABSA bank but you bank at a different bank.
  5. No personal information
    There will be no reference to your specific account information. If the company really was sending you information regarding errors to your account, they would mention your account or username in the e-mail.
  6. Due dates
    By adding a due date, the sender tries to create a sense of urgency and his hoping this will spur you on to click on the link ASAP, without too much thought, to resolve this pressing issue.

E-MAIL TOPICS/SUBJECT LINES

  1. Problems with your bank account
    Where money is considered, people listen and react. Your account has been closed, someone tried to access it, your information has been changed – all these are attempts to get you to click on a malicious link.
  2. Money has been deposited into your account
    Around tax season this is a popular choice and it’s usually “SARS” sending out this joyous news. If SARS indeed wants to give you money, they’ll SMS you. (And how often does this really happen?)
  3. Delivery of a parcel
    Someone sent you a parcel and you HAVE to click on a link to confirm, otherwise it won’t be delivered. The post office or a courier service will seldom e-mail you about this.
  4. Problems with your e-mail account
    Your password has expired or someone else has accessed your account. All communication related to your e-mail account will always be sent from IT. It will be in a specific format with characteristic graphics, the SU logo and it will also be in Afrikaans and English.
  5. Competitions
    You’ve won a competition! Or the lottery. Or you’ve inherited a huge amount of money. Did you enter this competition? Did you play the US lottery? And do you know this family member or person who decided you should be their sole heir?

If you are unsure about the validity of an e-mail, rather contact your bank or SARS directly. Anything else you can just ignore. Don’t reply to it – you’ll only confirm that your address is indeed an existing one and you’ll be getting much more e-mails in the near future.

Remember – cyber criminals know our weaknesses and that we are curious by nature. Don’t fall for it, rather outwit them.

Previous articles on phishing, malware, spyware and viruses.

Met die toename van virusse, ransomware, malware, spyware, phishing en kuberbedrog oor die algemeen, is dit belangrik dat e-posgebruikers toenemend meer op hul hoede moet wees.  Alhoewel ons jou nie teen elkeen van hierdie e-posse kan waarsku nie (hulle word eenvoudig net te vinnig gegenereer), kan ons wel vir jou sê watter kenmerke om voor uit te kyk sodat jy self `n verdagte e-pos kan identifiseer. 

Dink so daaraan – gestel om `n e-pos te ontvang is gelykstaande aan iemand wat jou op straat voorkeer op `n Saterdagoggend. Gewoonlik is jy bly om een van jou vriende, kennisse, kollegas en bure raak te loop en jy gesels graag terug met hulle, want dis mense wat jy ken. Maar as `n vreemde persoon jou uit die bloute voorkeer, sal jy anders reageer. As daardie selfde persoon vir jou `n pakkie in die hand stop en sê jy moet dit oopmaak of sê “Hallo meneer, ek wil vir jou iets wys by my huis, kom gou saam met my!”, sou jy dit doen?

Net omdat die internet die illusie van afstand skep, beteken dit nie dat die situasie verskillend benader moet word nie – inteendeel, jy is meer weerloos en jou inligting is meer bekombaar op die internet as op straat.

So hoekom sal jy op `n e-pos reageer en dit vertrou as 

– nie aan jou gerig is nie en jy nie die sender ken nie,
-`n aanhangsel (die pakkie) oopmaak wat `n onbekende persoon aan jou gestuur het en
– op `n skakel kliek wat na sy webtuiste (sy huis) gaan?

KENMERKE

  1. Aanhegsels (Attachments)
    Al is jy hoe nuuskierig oor wat in daai ZIP leêr is, moet dit nie oopmaak nie. Die oomblik as jy `n aanhangsel oopmaak, maak jy jou rekenaar oop vir sagteware of leêrs om daarop geinstalleer te word. In die mees onlangse geval met die Cryptowall 3.0 ransomware is `n ZIP-leêr gestuur met die titel “My resume”. Sodra dit oopgemaak word, laai dit `n skrip wat die data op jou rekenaar enkripteer. (lees meer daaroor hier)
  2. Spelling en taal
    Meeste gevalle waar phishing plaasvind, sal jy opmerk dat spelling en taalgebruik opmerklik swak wees. Moet egter nie dink omdat `n e-pos in Afrikaans is, dit veilig is nie. Ons het verlede jaar insidente gehad waar ABSA se Afrikaanse teks gebruik is. 
  3. Foutiewe of onbekende skakels
    Beweeg jou rekenaarmuis oor die skakels in die e-pos (moenie daarop kliek nie) – die teks lyk miskien soos `n bekende adres, maar die regte skakel is `n heeltemal onbekende webwerf. Dieselfde geld vir e-posse in die teks.
  4. `n Generiese aanhef
     As `n e-pos nie aan jou persoonlik gerig is, byvoorbeeld “Dear Mrs du Preez”, of iets soortgelyk nie, is dit duidelik nie vir jou bedoel nie en `n massa e-pos wat aan `n groot groep mense gestuur is met die doel om een van hulle uit te vang.
  5. Geen persoonlike inligting
    Daar sal nerens `n verwysing na jou rekeninginligting wees nie.
  6. Sperdatums
    Deur `n sperdatum by te sit, skep die e-pos `n dringendheid en maak jou, as e-pos gebruiker, meer haastig om, sonder om te dink, op `n skakel te kliek en die sogenaamde probleem so gou as moontlik op te los.

E-POS ONDERWERPE

  1. Probleme met jou bankrekening
    Onthou, almal luister as hulle geld moontlik ter sprake is. Jou rekening is gesluit, iemand het probeer toegang kry, inligting het verander, ens. word almal gebruik om jou aandag te trek.
  2. Geld is in jou rekening betaal
    Rondom belastingtyd is hierdie `n populêre keuse en word dit gewoonlik uitgestuur van “SARS”. SARS sal jou sms as hulle vir jou geld wil gee (en dan is jy in elk geval besonder gelukkig)
  3. Aflewering van `n pakkie
    Iemand het vir jou `n pakkie gestuur en jou moet op `n skakel kliek om dit te bevestig anders word dit nie afgelewer nie. Die poskantoor of `n koerierdiens sal selde vir jou `n e-pos stuur hieroor.
  4. Probleme met jou e-pos rekening
    Jou wagwoord het verval, iemand anders het jou e-pos gebruik,ens. Alle kommunikasie in dié verband vanaf IT, sal in `n spesifieke formaat wees, met kenmerkende grafika, die US-logo en sal altyd in Afrikaans en Engels wees.
  5. Kompetisies
    Jy het `n kompetisie gewen, of die lotery of iets geërf. Het jy ingeskryf vir hierdie kompetisie en ken jy hierdie sogenaamde familielid wat wou hê jy moet by hom erf?

As jy onseker is oor `n e-pos, kontak eerder direk die bank of vir SARS. Vir enigiets anders kan jy dit bloot ignoreer. Moet glad nie daarop reageer nie – al wat jy dan doen is om te bevestig dat die e-pos wel bestaan en jy sal voortaan vele meer van hierdie korrespondensie kry.

Onthou – kuberkrakers weet watter onderwerpe ons aandag trek en dat mense van nature maar nuuskierig is. Moenie daarvoor val nie.

Vorige artikels oor phishing, malware, spyware en virusse.

Email

Posted in E-mail, Security | 1 Comment »

Warning: Cryptowall ransomware Waarskuwing: Cryptowall “ransomware”

Wednesday, March 25th, 2015

Incidents of the Cryptowall 3.0 ransomware are increasing on campus.

• DO NOT open .ZIP attachments. (recent incidents reported had a .ZIP attachment with the subject “my resume”)
• Stay away from unknown, suspicious or unofficial websites and torrents offering game, movie or software downloads and DO NOT click on any pop-ups.

This ransomware infects your PC when you visit lesser known websites and particularly if you download games, movies and software or click on attachments in your e-mail, for example zip files.

The ransomware copies all the data on your hard drive, encrypts and deletes it and you’re left with gibberish. A ransom fee is demanded, but the odds that you’ll get your data back at all, are slim.

Cryptowall not only infects your own hard drive data, if also targets all drives you are connected to, including your shared departmental drive. You will lose the data on your hard drive and data on the network drive might be able to be recovered up to a certain point, but unfortunately this can’t be guaranteed.

Report suspect email to sysadm@sun.ac.za. Also read more on how to spot malicious e-mails.

Insidente van die Cryptowall 3.0 virus neem tans toe op kampus.

MOENIE .ZIP aanhangsels oopmaak nie.
• Bly weg van onbekende, suspisieuse webwerwe en torrents wat speletjies, flieks of sagteware aanbied nie en MOENIE op enige pop-ups kliek nie.

Hierdie ransomware kan op verskeie maniere op jou rekenaar beland – as jy speletjies, flieks of sagteware aflaai van nie-amptelike webwerwe OF kliek op aanhegsels, byvoorbeeld .zip leêrs in `n e-pos.

Cryptowall 3.0 kopieer alle data op jou hardeskyf, enkripteer dit en laat slegs onherkenbare en onbruikbare simbole. `n Losprys word geëis as jy jou data wil terughê, maar die kans vir herwinning is skraal.

Cryptowall besmet nie net jou hardeskyf se data nie, maar alle skywe waaraan jy op daardie oomblik verbind is, insluitende jou departementele netwerkspasie en jou kollegas se data. Data op die hardeskyf is verlore en data op netwerkskywe kan tot op `n punt herstel word, maar daar is geen waarborg nie.

Meld verdagte e-posse aan by sysadm@sun.ac.za. Lees ook meer oor hoe om verdagte e-posse uit te ken.

Email

Posted in E-mail, Security | Comments Off on Warning: Cryptowall ransomware Waarskuwing: Cryptowall “ransomware”

« Older Entries
Newer Entries »