%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R 15 0 R ] /Count 2 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20240511071259+00'00') /ModDate (D:20240511071259+00'00') /Title (IT-artikels) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 11 0 R 13 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 5059 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 62.822 521.469 683.912 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 45.266 746.734 m 566.734 746.734 l 565.984 745.984 l 46.016 745.984 l f 566.734 746.734 m 566.734 62.822 l 565.984 62.822 l 565.984 745.984 l f 45.266 746.734 m 45.266 62.822 l 46.016 62.822 l 46.016 745.984 l f 61.016 617.359 m 550.984 617.359 l 550.984 618.109 l 61.016 618.109 l f 1.000 1.000 1.000 rg BT 278.868 698.693 Td /F1 10.5 Tf [(POST LIST)] TJ ET 0.200 0.200 0.200 rg BT 212.789 670.111 Td /F1 14.4 Tf [(INFORMASIETEGNOLOGIE)] TJ ET BT 221.824 643.466 Td /F1 11.7 Tf [(INFORMATION TECHNOLOGY)] TJ ET BT 61.016 583.841 Td /F1 14.4 Tf [(PHISHING ATTACK ON SAME DAY AS MIGRATION OF TYGERBERG )] TJ ET BT 61.016 566.258 Td /F1 14.4 Tf [(ACCOUNTS)] TJ ET 0.400 0.400 0.400 rg BT 61.016 546.451 Td /F3 9.0 Tf [(Today, between 07:00-08:00 the Tygerberg personnel accounts were migrated to the STB domain. E-mail, logins, etc. )] TJ ET BT 61.016 535.462 Td /F3 9.0 Tf [(were affected and hopefully most of you were moved with relatively few issues.)] TJ ET BT 61.016 515.473 Td /F3 9.0 Tf [(The phishers do not stop their attacks and e-mails to try to get you to reveal your usernames, passwords etc,  and still )] TJ ET BT 61.016 504.484 Td /F3 9.0 Tf [(flood many people’s mailboxes.)] TJ ET BT 61.016 484.495 Td /F3 9.0 Tf [(However, today there was another attack, which is particularly sinister, because apparently it is from from "HELPDESK" )] TJ ET BT 61.016 473.506 Td /F3 9.0 Tf [(and asks you to log in to a page and give your username and password so you can enjoy the *improved* services. It is )] TJ ET BT 61.016 462.517 Td /F3 9.0 Tf [(sent from the "Webmail Upgrade Team".)] TJ ET BT 61.016 442.528 Td /F3 9.0 Tf [(An unfortunate coincidence that on the same day we are migrating, we receive a phishing scam about "upgrading", hence )] TJ ET BT 61.016 431.539 Td /F3 9.0 Tf [(its danger to Tygerberg.)] TJ ET BT 61.016 411.550 Td /F3 9.0 Tf [(Please don't respond, or go to the site that you are being asked to go to. Do not fill in your username, password or ANY )] TJ ET BT 61.016 400.561 Td /F3 9.0 Tf [(other details on any site. The Stellenbosch University Information Technology migration took place without there being any )] TJ ET BT 61.016 389.572 Td /F3 9.0 Tf [(need for users to provide user names and passwords. Any issues with the migration can be reported telephonically to the )] TJ ET BT 61.016 378.583 Td /F3 9.0 Tf [(IT Helpdesk at 021-8084367.)] TJ ET BT 61.016 358.594 Td /F3 9.0 Tf [(Here is an example of the phishing mail that many are receiving. If you are in doubt about any e-mail you receive, call your )] TJ ET BT 61.016 347.605 Td /F3 9.0 Tf [(local computer geek or at least ask the IT HelpDesk.)] TJ ET 0.592 0.592 0.592 rg 0.592 0.592 0.592 RG 305.016 337.907 m 306.516 337.907 l 305.766 337.157 l 305.766 337.157 l f 1.000 1.000 1.000 rg 1.000 1.000 1.000 RG 305.016 335.657 m 306.516 335.657 l 305.766 336.407 l 305.766 336.407 l f 306.516 337.907 m 306.516 335.657 l 305.766 336.407 l 305.766 337.157 l f 0.592 0.592 0.592 rg 0.592 0.592 0.592 RG 305.016 337.907 m 305.016 335.657 l 305.766 336.407 l 305.766 337.157 l f 0.400 0.400 0.400 rg BT 61.016 317.866 Td /F3 9.0 Tf [(-----Original Message-----)] TJ ET BT 61.016 297.877 Td /F3 9.0 Tf [(From: Webmail Upgrade Team [)] TJ ET 0.373 0.169 0.255 rg BT 189.545 297.877 Td /F3 9.0 Tf [(mailto:phisher@scam.com)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 189.545 296.726 m 295.700 296.726 l S 0.400 0.400 0.400 rg BT 295.700 297.877 Td /F3 9.0 Tf [(])] TJ ET BT 61.016 277.888 Td /F3 9.0 Tf [(Sent: 03 March 2016 12:23 PM)] TJ ET BT 61.016 257.899 Td /F3 9.0 Tf [(Subject: HELP DESK)] TJ ET BT 61.016 237.910 Td /F3 9.0 Tf [(ATTN: Outlook Web Access User,)] TJ ET BT 61.016 217.921 Td /F3 9.0 Tf [(Take note of this important update that our new webmail has been improved with a new messaging system from Outlook )] TJ ET BT 61.016 206.932 Td /F3 9.0 Tf [(Web Access which also include faster usage on email, shared calendar,web-documents and the new 2016 anti-spam )] TJ ET BT 61.016 195.943 Td /F3 9.0 Tf [(version. Please use the outlook web access link below to complete your update for our new Outlook Web Access )] TJ ET BT 61.016 184.954 Td /F3 9.0 Tf [(improved webmail.)] TJ ET 0.373 0.169 0.255 rg BT 61.016 164.965 Td /F3 9.0 Tf [(http://link.to.phishing.site/)] TJ ET 0.18 w 0 J [ ] 0 d 61.016 163.814 m 162.068 163.814 l S 0.400 0.400 0.400 rg BT 61.016 144.976 Td /F3 9.0 Tf [(NOTE: Failure to do this within 24 hours of receiving this notice we will immediately render your Outlook Web App account )] TJ ET BT 61.016 133.987 Td /F3 9.0 Tf [(deactivated from our database and you cannot hold us responsible since you fail to adhere to our request.)] TJ ET BT 61.016 113.998 Td /F3 9.0 Tf [(___________________)] TJ ET BT 61.016 94.009 Td /F3 9.0 Tf [(Regards,)] TJ ET BT 61.016 74.020 Td /F3 9.0 Tf [(IT Service Desk Support.)] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Annot /Subtype /Link /A 12 0 R /Border [0 0 0] /H /I /Rect [ 189.5447 297.0442 295.6997 306.2017 ] >> endobj 12 0 obj << /Type /Action /S /URI /URI (mailto:phisher@scam.org) >> endobj 13 0 obj << /Type /Annot /Subtype /Link /A 14 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 164.1322 162.0677 173.2897 ] >> endobj 14 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/gergablog/2013/03/18/attack-vectors-getting-in-through-the-back-door/) >> endobj 15 0 obj << /Type /Page /Parent 3 0 R /Contents 16 0 R >> endobj 16 0 obj << /Length 860 >> stream 0.400 0.400 0.400 rg 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 623.800 521.469 134.184 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 45.266 623.800 m 566.734 623.800 l 565.984 624.550 l 46.016 624.550 l f 566.734 757.984 m 566.734 623.800 l 565.984 624.550 l 565.984 757.984 l f 45.266 757.984 m 45.266 623.800 l 46.016 624.550 l 46.016 757.984 l f 0.400 0.400 0.400 rg BT 61.016 740.193 Td /F3 9.0 Tf [(Admin Team)] TJ ET BT 61.016 720.204 Td /F3 9.0 Tf [(Miss Annie Phisher)] TJ ET BT 360.940 700.215 Td /F3 9.0 Tf [([INFORMATION SUPPLIED BY DAVID WILES])] TJ ET BT 61.016 680.226 Td /F3 9.0 Tf [( )] TJ ET BT 61.016 660.237 Td /F3 9.0 Tf [( )] TJ ET BT 61.016 641.748 Td /F3 9.0 Tf [(Posted in:E-mail,Security | Tagged:Phishing,Tygerberg | With 0 comments)] TJ ET endstream endobj xref 0 17 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000301 00000 n 0000000330 00000 n 0000000465 00000 n 0000000554 00000 n 0000005665 00000 n 0000005777 00000 n 0000005884 00000 n 0000006000 00000 n 0000006128 00000 n 0000006203 00000 n 0000006330 00000 n 0000006474 00000 n 0000006539 00000 n trailer << /Size 17 /Root 1 0 R /Info 5 0 R >> startxref 7451 %%EOF Phishing attack on same day as migration of Tygerberg accounts « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

«
»

Phishing attack on same day as migration of Tygerberg accounts

Today, between 07:00-08:00 the Tygerberg personnel accounts were migrated to the STB domain. E-mail, logins, etc. were affected and hopefully most of you were moved with relatively few issues.

The phishers do not stop their attacks and e-mails to try to get you to reveal your usernames, passwords etc,  and still flood many people’s mailboxes.

However, today there was another attack, which is particularly sinister, because apparently it is from from “HELPDESK” and asks you to log in to a page and give your username and password so you can enjoy the *improved* services. It is sent from the “Webmail Upgrade Team”.

An unfortunate coincidence that on the same day we are migrating, we receive a phishing scam about “upgrading”, hence its danger to Tygerberg.

Please don’t respond, or go to the site that you are being asked to go to. Do not fill in your username, password or ANY other details on any site. The Stellenbosch University Information Technology migration took place without there being any need for users to provide user names and passwords. Any issues with the migration can be reported telephonically to the IT Helpdesk at 021-8084367.

Here is an example of the phishing mail that many are receiving. If you are in doubt about any e-mail you receive, call your local computer geek or at least ask the IT HelpDesk.

—–Original Message—–

From: Webmail Upgrade Team [mailto:phisher@scam.com]

Sent: 03 March 2016 12:23 PM

Subject: HELP DESK

ATTN: Outlook Web Access User,

Take note of this important update that our new webmail has been improved with a new messaging system from Outlook Web Access which also include faster usage on email, shared calendar,web-documents and the new 2016 anti-spam version. Please use the outlook web access link below to complete your update for our new Outlook Web Access improved webmail.

http://link.to.phishing.site/

NOTE: Failure to do this within 24 hours of receiving this notice we will immediately render your Outlook Web App account deactivated from our database and you cannot hold us responsible since you fail to adhere to our request.

___________________

Regards,

IT Service Desk Support.

Admin Team

Miss Annie Phisher

[INFORMATION SUPPLIED BY DAVID WILES]

 

 

Email

Tags: ,

This entry was posted on Friday, March 4th, 2016 at 9:38 am and is filed under E-mail, Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.

 

© 2013-2024 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.