%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20240517052949+00'00') /ModDate (D:20240517052949+00'00') /Title (IT-artikels) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 12 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 3922 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 129.349 521.469 617.385 re f 0.773 0.773 0.773 RG 0.75 w 0 J [ ] 0 d 45.641 129.724 520.719 616.635 re S 0.773 0.773 0.773 rg 61.016 617.359 m 550.984 617.359 l 550.984 618.109 l 61.016 618.109 l f 1.000 1.000 1.000 rg BT 278.868 698.693 Td /F1 10.5 Tf [(POST LIST)] TJ ET 0.200 0.200 0.200 rg BT 212.789 670.111 Td /F1 14.4 Tf [(INFORMASIETEGNOLOGIE)] TJ ET BT 221.824 643.466 Td /F1 11.7 Tf [(INFORMATION TECHNOLOGY)] TJ ET BT 61.016 583.841 Td /F1 14.4 Tf [(PHISHING SCAMMMERS CHANGE TACTICS)] TJ ET 0.400 0.400 0.400 rg BT 61.016 564.033 Td /F3 9.0 Tf [(Earlier this week Tygerberg was subjected to a particularly pervasive attempt by phishing fraudsters to obtain usernames )] TJ ET BT 61.016 553.044 Td /F3 9.0 Tf [(and passwords from users by fooling them to “Activating” their Outlook 2016 account.)] TJ ET BT 61.016 533.055 Td /F3 9.0 Tf [(Although mostly unsuccessful due to the fact that most personnel are wide awake and sensitive to phishing attacks, this )] TJ ET BT 61.016 522.066 Td /F3 9.0 Tf [(does not stop the attempts. The fraudsters merely change their tactics. Stealing data and gaining access to personal )] TJ ET BT 61.016 511.077 Td /F3 9.0 Tf [(details such as usernames and passwords is very, very profitable!)] TJ ET BT 61.016 491.088 Td /F3 9.0 Tf [(Today’s phishing scam uses a different method by hiding behind an educational institution’s name and adding a “throw-)] TJ ET BT 61.016 480.099 Td /F3 9.0 Tf [(away” website address at the end.)] TJ ET BT 61.016 460.110 Td /F3 9.0 Tf [(------------------------------------------------------------------)] TJ ET BT 61.016 440.121 Td /F4 9.0 Tf [(Dear Account User,)] TJ ET BT 61.016 420.132 Td /F4 9.0 Tf [(We are shutting down your Bulk SMS, Cellfindportal today in a course to activate Microsoft Outlook Web access )] TJ ET BT 61.016 409.143 Td /F4 9.0 Tf [(2016. You need to upgrade your Bulk SMS, Cellfindportal immediately otherwise it will be deactivated.)] TJ ET BT 496.148 409.143 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 389.154 Td /F4 9.0 Tf [(To activate go to )] TJ ET 0.373 0.169 0.255 rg BT 135.032 389.154 Td /F4 9.0 Tf [(http://bulk-sms-cellfindportal-sun.ac.za.webeden.co.uk)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 135.032 387.725 m 369.581 387.725 l S 0.400 0.400 0.400 rg BT 369.581 389.154 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 369.165 Td /F4 9.0 Tf [(The Information Technology department encourages you to take the following measures to protect your account.)] TJ ET BT 61.016 349.176 Td /F4 9.0 Tf [(Sincerely)] TJ ET BT 61.016 329.187 Td /F4 9.0 Tf [(IT Customer Support Center© 2016 CELL FIND LLC. All Rights Reserved)] TJ ET BT 61.016 309.198 Td /F4 9.0 Tf [(--)] TJ ET BT 61.016 289.209 Td /F4 9.0 Tf [(The University of Stellenbosch is a charitable body, registered in)] TJ ET BT 61.016 269.220 Td /F4 9.0 Tf [(Republic of South Africa, with registration number ZA005336)] TJ ET BT 321.071 269.220 Td /F3 9.0 Tf [(.)] TJ ET BT 61.016 249.231 Td /F3 9.0 Tf [(------------------------------------------------------------------)] TJ ET BT 61.016 229.242 Td /F3 9.0 Tf [(We've removed the dangerous part of the mail, but you hopefully can see how we can be fooled if we see the “sun.ac.za” )] TJ ET BT 61.016 218.253 Td /F3 9.0 Tf [(address and see the “disclaimer” at the end, and think that it is from the University.)] TJ ET BT 61.016 198.264 Td /F3 9.0 Tf [(Information Technology will never send you mail like this and if they do mail you, it will always be branded and linked to a )] TJ ET BT 61.016 187.275 Td /F3 9.0 Tf [(sun.ac.za site, and the grammar will be a lot better than this example, and will be bilingual at least!)] TJ ET BT 432.949 167.286 Td /F3 9.0 Tf [([ARTICLE BY DAVID WILES])] TJ ET BT 61.016 147.297 Td /F3 9.0 Tf [(Posted in:E-mail,Security | | With 0 comments)] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Annot /Subtype /Link /A 13 0 R /Border [0 0 0] /H /I /Rect [ 135.0317 388.3216 369.5807 397.4791 ] >> endobj 13 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/gergablog/2013/03/18/attack-vectors-getting-in-through-the-back-door/) >> endobj xref 0 14 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000305 00000 n 0000000334 00000 n 0000000469 00000 n 0000000551 00000 n 0000004525 00000 n 0000004637 00000 n 0000004744 00000 n 0000004860 00000 n 0000004980 00000 n 0000005108 00000 n trailer << /Size 14 /Root 1 0 R /Info 5 0 R >> startxref 5252 %%EOF Phishing scammmers change tactics « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

«
»

Phishing scammmers change tactics

Earlier this week Tygerberg was subjected to a particularly pervasive attempt by phishing fraudsters to obtain usernames and passwords from users by fooling them to “Activating” their Outlook 2016 account.

Although mostly unsuccessful due to the fact that most personnel are wide awake and sensitive to phishing attacks, this does not stop the attempts. The fraudsters merely change their tactics. Stealing data and gaining access to personal details such as usernames and passwords is very, very profitable!

Today’s phishing scam uses a different method by hiding behind an educational institution’s name and adding a “throw-away” website address at the end.

——————————————————————

Dear Account User,

We are shutting down your Bulk SMS, Cellfindportal today in a course to activate Microsoft Outlook Web access 2016. You need to upgrade your Bulk SMS, Cellfindportal immediately otherwise it will be deactivated. 

To activate go to http://bulk-sms-cellfindportal-sun.ac.za.webeden.co.uk 

The Information Technology department encourages you to take the following measures to protect your account.

Sincerely

IT Customer Support Center© 2016 CELL FIND LLC. All Rights Reserved

The University of Stellenbosch is a charitable body, registered in

Republic of South Africa, with registration number ZA005336.

——————————————————————

We’ve removed the dangerous part of the mail, but you hopefully can see how we can be fooled if we see the “sun.ac.za” address and see the “disclaimer” at the end, and think that it is from the University.

Information Technology will never send you mail like this and if they do mail you, it will always be branded and linked to a sun.ac.za site, and the grammar will be a lot better than this example, and will be bilingual at least!

[ARTICLE BY DAVID WILES]

Email

This entry was posted on Tuesday, May 10th, 2016 at 1:17 pm and is filed under E-mail, Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.

 

© 2013-2024 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.