%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20250718015847+00'00') /ModDate (D:20250718015847+00'00') /Title (Report 07-2025) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 12 0 R 14 0 R 16 0 R 18 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 5169 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 243.125 521.469 503.609 re f 0.773 0.773 0.773 RG 0.75 w 0 J [ ] 0 d 45.641 243.500 520.719 502.859 re S 0.773 0.773 0.773 rg 61.016 258.875 m 550.984 258.875 l 550.984 259.625 l 61.016 259.625 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(PHISHING: SABC TV LICENCE PAYMENT REQUEST)] TJ ET 0.400 0.400 0.400 rg BT 61.016 664.909 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 664.909 Td /F3 9.0 Tf [(January 01,1970)] TJ ET BT 173.588 664.909 Td /F2 9.0 Tf [( by )] TJ ET BT 188.096 664.909 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 637.420 Td /F4 9.0 Tf [(The SABC slogan goes: “Pay your TV licence. It’s the right thing to do” or something to that effect. Falling for this phishing )] TJ ET BT 61.016 626.431 Td /F4 9.0 Tf [(scam, will NOT be the right thing to do.)] TJ ET BT 61.016 606.442 Td /F4 9.0 Tf [(This phishing scam from the “SABC” about payment of your TV Licence, is very clever as it uses a so-called encrypted-)] TJ ET BT 61.016 595.453 Td /F4 9.0 Tf [(PDF to capture data like the victim's ID Number, Passport Number or Company Registration number. Once the data is )] TJ ET BT 61.016 584.464 Td /F4 9.0 Tf [(captured, it asks you for banking account details etc. to do the “payment” for a TV Licence. The data is captured by the )] TJ ET BT 61.016 573.475 Td /F4 9.0 Tf [(PDF, which is then sent to a server controlled by the criminals, who will use it to defraud them of their money.)] TJ ET BT 61.016 553.486 Td /F4 9.0 Tf [(This is what the phishing email looks like \(with the dangerous parts removed\):)] TJ ET 0.592 0.592 0.592 rg 0.592 0.592 0.592 RG 305.016 543.788 m 306.516 543.788 l 305.766 543.038 l 305.766 543.038 l f 1.000 1.000 1.000 rg 1.000 1.000 1.000 RG 305.016 541.538 m 306.516 541.538 l 305.766 542.288 l 305.766 542.288 l f 306.516 543.788 m 306.516 541.538 l 305.766 542.288 l 305.766 543.038 l f 0.592 0.592 0.592 rg 0.592 0.592 0.592 RG 305.016 543.788 m 305.016 541.538 l 305.766 542.288 l 305.766 543.038 l f 0.153 0.153 0.153 rg BT 61.016 523.747 Td /F3 9.0 Tf [(From:)] TJ ET 0.373 0.169 0.255 rg BT 89.015 523.747 Td /F2 9.0 Tf [(forged_address@lettersonline.co.za)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 89.015 522.596 m 233.213 522.596 l S 0.153 0.153 0.153 rg BT 233.213 523.747 Td /F2 9.0 Tf [( [)] TJ ET 0.373 0.169 0.255 rg BT 238.217 523.747 Td /F2 9.0 Tf [(mailto:forged_address@lettersonline.co.za)] TJ ET 0.18 w 0 J [ ] 0 d 238.217 522.596 m 408.920 522.596 l S 0.153 0.153 0.153 rg BT 408.920 523.747 Td /F2 9.0 Tf [(] )] TJ ET BT 61.016 512.758 Td /F3 9.0 Tf [(Sent:)] TJ ET BT 83.516 512.758 Td /F2 9.0 Tf [( Monday, 24 July 2017 13:14)] TJ ET BT 61.016 501.769 Td /F3 9.0 Tf [(To:)] TJ ET BT 75.011 501.769 Td /F2 9.0 Tf [( University, Address <)] TJ ET 0.373 0.169 0.255 rg BT 162.788 501.769 Td /F2 9.0 Tf [(noreply@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 162.788 500.618 m 239.954 500.618 l S 0.153 0.153 0.153 rg BT 239.954 501.769 Td /F2 9.0 Tf [(> <)] TJ ET 0.373 0.169 0.255 rg BT 252.968 501.769 Td /F2 9.0 Tf [(noreply@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 252.968 500.618 m 330.134 500.618 l S 0.153 0.153 0.153 rg BT 330.134 501.769 Td /F2 9.0 Tf [(>)] TJ ET BT 61.016 481.780 Td /F3 9.0 Tf [(Subject:)] TJ ET BT 96.521 481.780 Td /F2 9.0 Tf [( SABC requires you to make payment on your TV license account)] TJ ET BT 61.016 461.791 Td /F2 9.0 Tf [(Hi, )] TJ ET BT 61.016 450.802 Td /F2 9.0 Tf [(Please find attached correspondence for your attention. The attachment is password protect. )] TJ ET BT 61.016 429.013 Td /F2 9.0 Tf [(The password for the attachment will be one of the following three options: )] TJ ET BT 61.016 418.024 Td /F2 9.0 Tf [(1. Your ID Number )] TJ ET BT 61.016 407.035 Td /F2 9.0 Tf [(2. Your Passport Number )] TJ ET BT 61.016 396.046 Td /F2 9.0 Tf [(3. Your Company Registration Number )] TJ ET BT 61.016 374.257 Td /F2 9.0 Tf [(Kind Regards)] TJ ET BT 61.016 363.268 Td /F2 9.0 Tf [(LettersOnline Team)] TJ ET 0.592 0.592 0.592 rg 0.592 0.592 0.592 RG 305.016 353.570 m 306.516 353.570 l 305.766 352.820 l 305.766 352.820 l f 1.000 1.000 1.000 rg 1.000 1.000 1.000 RG 305.016 351.320 m 306.516 351.320 l 305.766 352.070 l 305.766 352.070 l f 306.516 353.570 m 306.516 351.320 l 305.766 352.070 l 305.766 352.820 l f 0.592 0.592 0.592 rg 0.592 0.592 0.592 RG 305.016 353.570 m 305.016 351.320 l 305.766 352.070 l 305.766 352.820 l f 0.153 0.153 0.153 rg BT 61.016 333.529 Td /F4 9.0 Tf [(The PDF attachment will ask you for a password if you open it.  Do not open or enter any details on this PDF. The SABC )] TJ ET BT 61.016 322.540 Td /F4 9.0 Tf [(will never send you an email with a link or attached file to demand that you pay your licence. Neither will they send an )] TJ ET BT 61.016 311.551 Td /F4 9.0 Tf [(unbranded mail or with no personalised salutation.)] TJ ET BT 458.968 291.562 Td /F4 9.0 Tf [([Article by David Wiles])] TJ ET 0.400 0.400 0.400 rg BT 61.016 273.073 Td /F2 9.0 Tf [(Posted in:E-mail,Phishing,Security | Tagged:Phishing,SABC | With 0 comments)] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Annot /Subtype /Link /A 13 0 R /Border [0 0 0] /H /I /Rect [ 89.0147 522.9142 233.2127 532.0717 ] >> endobj 13 0 obj << /Type /Action /S /URI /URI (mailto:letters@lettersonline.co.za) >> endobj 14 0 obj << /Type /Annot /Subtype /Link /A 15 0 R /Border [0 0 0] /H /I /Rect [ 238.2167 522.9142 408.9197 532.0717 ] >> endobj 15 0 obj << /Type /Action /S /URI /URI (mailto:forged_address@lettersonline.co.za) >> endobj 16 0 obj << /Type /Annot /Subtype /Link /A 17 0 R /Border [0 0 0] /H /I /Rect [ 162.7877 500.9362 239.9537 510.0937 ] >> endobj 17 0 obj << /Type /Action /S /URI /URI (mailto:noreply@sun.ac.za) >> endobj 18 0 obj << /Type /Annot /Subtype /Link /A 19 0 R /Border [0 0 0] /H /I /Rect [ 252.9677 500.9362 330.1337 510.0937 ] >> endobj 19 0 obj << /Type /Action /S /URI /URI (mailto:noreply@sun.ac.za) >> endobj xref 0 20 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000305 00000 n 0000000334 00000 n 0000000472 00000 n 0000000575 00000 n 0000005796 00000 n 0000005908 00000 n 0000006023 00000 n 0000006143 00000 n 0000006251 00000 n 0000006378 00000 n 0000006464 00000 n 0000006592 00000 n 0000006685 00000 n 0000006813 00000 n 0000006889 00000 n 0000007017 00000 n trailer << /Size 20 /Root 1 0 R /Info 5 0 R >> startxref 7093 %%EOF July « 2017 « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

July, 2017

« Older Entries

Wangiri fraud on the rise

Monday, July 31st, 2017

According to MyBroadband Vodacom, MTN, and Cell C have seen an increase in Wangiri phone fraud in South Africa. South African mobile subscribers recently reported that they are receiving an increasing volume of missed calls from unknown international numbers. Calls originate from across Africa and Europe, including Guinea, France, and Belgium.

Wangiri is a form of phone fraud which originated in Japan. Wangiri translates to “one (ring) and cut”. The racketeers hire a premium rate number from a telecom service provider and call random phone numbers via an auto dialer function, letting it ring once and then disconnecting the call. An automatic dialer (auto dialer) is an electronic device or software that automatically dials telephone numbers. Once the call has been answered, the auto dialler either plays a recorded message or connects the call to a live person. (Wikipedia)

A missed call shows on the victim’s phone and he returns the call since he believes the call was intended for him. Subsequently, he ends up paying an exorbitant amount which goes into the account of the scammers.

Both CellC and MTN have sent their customers a warning not to return any missed calls. Do not call back a number you do not recognise. If it is a legitimate call, the caller will call you back or leave a voicemail. 

Wangiri is just one example of phone fraud. Read more on other variations on Wikipedia.

[SOURCES: https://readstudyshare.wordpress.com; www.wikipedia.com]

Email

Tags:
Posted in Communication, Security | Comments Off on Wangiri fraud on the rise

OneDrive: 5TB just for you

Monday, July 31st, 2017

Since June staff members have full access to the online Office365 applications. Besides Outlook email, SharePoint Online, access to the MS Office apps (for example Word, Excel, PowerPoint, etc.) and being able to download Office 2016, there is one significant advantage of using the Office365 suite – OneDrive.

OneDrive provides 5TB of cloud storage space for each staff member and student. This means you now have ample space to store your documents and your data will be available from anywhere, anytime, on any device with an internet connection.

What are the advantages of cloud services? 

  • More storage space available, up to 5TB on OneDrive and 50GB on Outlook.
  • Your data is available from anywhere, anytime, on any device. You’ll always have access to your data if you have an internet connection.
  • Your information is also safely stored, even if you lose one of your devices.  

What are the disadvantages of cloud services?  

  • Familiarise yourself with copyright regulations. Make sure you know what you are allowed to store and share online.  SU copyright agreements do not extend to storing of documents protected under the copyright law on OneDrive for business or any other public store space.
  • You are entirely responsible for your own information. Be careful who you give rights and access to, as it will compromise your information if it’s visible to other people.
  • You are responsible for synchronisation between online and local data. Synchronisation between online and local information needs to be set up correctly and done on a regular basis.
  • Keep in mind that access to cloud services when on campus will not incur any costs, but if you work from home your own data will be utilised.
  • It is very important that you keep your private usernames, passwords and information separate from your official work, to prevent your data from getting mixed up.
  • Having access to the cloud from any computer makes your digital identification vulnerable, do not use computers you do not trust to access your cloud services.

What if I have been using OneDrive personal, Dropbox and other cloud storage options? 

You can keep on using them, but it is very important that you only use these storage options for your personal data.

OneDrive for business and SharePoint online are available under the US MS Licence agreement for storage and sharing of institutional data. The storage and sharing of institutional data are not allowed on Dropbox, OneDrive personal or any other cloud storage. 

How do I get access to my OneDrive storage space?

All staff automatically has access to OneDrive. Log on to Office365 with your email address and password. OneDrive is also accessible via the portal by clicking on the Office365 link or searching for Office365 in the search field.

IMPORTANT:

  • When using cloud-based services, you have to keep your private and work usernames, passwords and data separate. Never use the same username for private and work email accounts, storage spaces and applications.
  • SU copyright agreements do not extend to storing and sharing of documents protected under the copyright law on OneDrive for business, SharePoint online or any other public store spaces.

 

 

If you have any questions, please let us know by logging a request on ServiceNow or calling our Service Desk at 808 4367. For more information on the Office365 package, please consult our FAQs or have a look at the Office365 training videos.

Email

Tags: , , ,
Posted in Connectivity, General, Internet, Tips | Comments Off on OneDrive: 5TB just for you

PHISHING: SABC TV Licence payment request

Wednesday, July 26th, 2017

The SABC slogan goes: “Pay your TV licence. It’s the right thing to do” or something to that effect. Falling for this phishing scam, will NOT be the right thing to do.

This phishing scam from the “SABC” about payment of your TV Licence, is very clever as it uses a so-called encrypted-PDF to capture data like the victim’s ID Number, Passport Number or Company Registration number. Once the data is captured, it asks you for banking account details etc. to do the “payment” for a TV Licence. The data is captured by the PDF, which is then sent to a server controlled by the criminals, who will use it to defraud them of their money.

This is what the phishing email looks like (with the dangerous parts removed):

From: forged_address@lettersonline.co.za [mailto:forged_address@lettersonline.co.za]
Sent: Monday, 24 July 2017 13:14
To: University, Address <noreply@sun.ac.za> <noreply@sun.ac.za>

Subject: SABC requires you to make payment on your TV license account

Hi,
Please find attached correspondence for your attention. The attachment is password protect.

The password for the attachment will be one of the following three options:
1. Your ID Number
2. Your Passport Number
3. Your Company Registration Number

Kind Regards
LettersOnline Team

The PDF attachment will ask you for a password if you open it.  Do not open or enter any details on this PDF. The SABC will never send you an email with a link or attached file to demand that you pay your licence. Neither will they send an unbranded mail or with no personalised salutation.

[Article by David Wiles]

Email

Tags: ,
Posted in E-mail, phishing, Security | Comments Off on PHISHING: SABC TV Licence payment request

PHISHING: Exceeded mailbox limit

Monday, July 24th, 2017

This week’s Monday morning phishing scam is in the form of a rather poorly worded “WARNING” about exceeding the limit of your email.

The three exclamation marks (!!!) in the Subject line should immediately be a warning. Just because it comes from “Stellenbosch University Upgrade Team 2017” doesn’t guarantee that it is genuine!

Here is what the phishing email looks like (With the dangerous parts removed):

From: Stellenbosch University Upgrade Team 2017 [mailto:forged_address@webmail.co.za]

Sent: Monday, 24 July 2017 10:49 AM

Subject: Urgent Notification !!!

Urgent notification ,

You have exceeded your mail limit , Your account will be blocked from sending and receiving messages if your account is not been upgraded, upgrade your account free now Via the weblink Below :

http://dont_click.on.this.link

If your account have been upgraded please ignore this, this is for all student and stafs please Thank you.

Webmail © 2017

Email: forged_address@webmail.co.za

Here are # tips below can help you spot a  phishing scam:

  1. Unofficial “From” address. Look out for a sender’s email address that is similar to, but not the same as, a company’s official email address. These email addresses are meant to fool you.
  2. Urgent action required. Fraudsters often include urgent “calls to action” to try to get you to react immediately. Be wary of emails containing phrases like “your account will be closed,” “your account has been compromised,” or “urgent action required.” The fraudster is taking advantage of your concern to trick you into providing confidential information.
  3. Generic salutation. Fraudsters often send thousands of phishing emails at one time. They may have your email address, but they seldom have your name. Be sceptical of an email sent with a generic greeting such as “Dear Customer” or “Dear Member”.
  4. Link to a fake web site. To trick you into disclosing your user name and password, fraudsters often include a link to a fake web site that looks like (sometimes exactly like) the sign-in page of a legitimate web site. Just because a site includes a company’s logo or looks like the real page doesn’t mean it is!
  5. Spelling errors, poor grammar, or inferior graphics.
  6. Requests for personal information such as your password, user name, or bank account or credit card number. Legitimate companies will never ask you to verify or provide confidential information in an unsolicited email.
  7. Attachments (which usually contain viruses, malware or ransomware).

If you have received mail that looks like this please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to the following addresses

help@sun.ac.za and sysadm@sun.ac.za as well.

Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe): http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new email addressed to sysadm@sun.ac.za (CC: csirt@sun.ac.za and help@sun.ac.za
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the email as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the email.

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private email accounts (especially if you use the same passwords on these accounts.)

[Article by David Wiles]

 

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on PHISHING: Exceeded mailbox limit

PHISHING: “Re: betaling aan jou rekening”

Wednesday, July 19th, 2017

About a year ago a new version of the ABSA Bank phishing email hit the university email server. What was new about this version was that the email was in Afrikaans. Although the Afrikaans was not perfect with some spelling and grammar mistakes, it still could have fooled many people, because of the “familiarity” component.

Stellenbosch University still uses a lot of Afrikaans as its primary official communications medium, and many automated systems like the Financial system use Afrikaans to inform users of payments etc. While there is nothing wrong with this, phishing scammers have latched onto this and are now attempting to fool people into divulging their personal details using Afrikaans in their phishing e-mails.

We were warned early this morning about an email that was originating from UCT with dangerous content, and almost immediately the UCT phishing emails started arriving.

Here is what to look out for:

Mail will arrive from a forged or compromised “UCT address” that will look like this:

From: Anna Huang [mailto:forged_address@myuct.ac.za]
Sent: 19 July 2017 10:53 AM
To: Recipients <forged_address@myuct.ac.za>
Subject: Re: betaling aan jou rekening

Goeiemore,

Vind aangehegte betalingsbewys.

Dankie

Disclaimer – University of Cape Town This e-mail is subject to UCT policies and e-mail disclaimer published on our website at http://www.uct.ac.za/about/policies/emaildisclaimer/ or obtainable from +27 21 650 9111. If this e-mail is not related to the business of UCT, it is sent by the sender in an individual capacity. Please report security incidents or abuse via csirt@uct.ac.za

The disclaimer from the University and the Afrikaans could fool some people if they are not careful.

The dangerous part is actually an attached html files (sometimes it might look like a PDF) that will present you with a login page where you will be asked to give your e-mail address and your password to “view this payment”

The login page will look like this, in this version:

The actual server’s address is also hidden by encoding it, so to the untrained eye, nothing will look suspicious. This is a typical phishing scam, but with the “sender” coming from a neighbouring academic institution, and the language being Afrikaans, we need to be even more alert.

[Article by David Wiles]

 

 

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on PHISHING: “Re: betaling aan jou rekening”

« Older Entries
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.