%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R 11 0 R 14 0 R ] /Count 3 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R >> /XObject << /I1 13 0 R /I2 16 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text /ImageC ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20210725113611+00'00') /ModDate (D:20210725113611+00'00') /Title (IT-artikels) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Contents 7 0 R >> endobj 7 0 obj << /Length 4257 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 -104.912 521.469 851.646 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 45.266 746.734 m 566.734 746.734 l 565.984 745.984 l 46.016 745.984 l f 566.734 746.734 m 566.734 -104.912 l 565.984 -104.912 l 565.984 745.984 l f 45.266 746.734 m 45.266 -104.912 l 46.016 -104.912 l 46.016 745.984 l f 61.016 617.359 m 550.984 617.359 l 550.984 618.109 l 61.016 618.109 l f 1.000 1.000 1.000 rg BT 278.868 698.693 Td /F1 10.5 Tf [(POST LIST)] TJ ET 0.200 0.200 0.200 rg BT 212.789 670.111 Td /F1 14.4 Tf [(INFORMASIETEGNOLOGIE)] TJ ET BT 221.824 643.466 Td /F1 11.7 Tf [(INFORMATION TECHNOLOGY)] TJ ET BT 61.016 583.841 Td /F1 14.4 Tf [(PHISHING: ABSA SURECHECK PROFILE APP)] TJ ET 0.400 0.400 0.400 rg BT 61.016 564.033 Td /F3 9.0 Tf [(Over the weekend and as already reported by a number of Tygerberg colleagues & students, a variant of last weeks )] TJ ET BT 61.016 553.044 Td /F3 9.0 Tf [(ABSA phishing scam has started flooding our email.)] TJ ET BT 61.016 533.055 Td /F3 9.0 Tf [(The tactics have changed slightly and the criminals are now using a South African domain name to launch their attack. )] TJ ET BT 61.016 522.066 Td /F3 9.0 Tf [(Below is the example of the phishing email, with the forged ABSA Bank login page to attempt to convince you to give )] TJ ET BT 61.016 511.077 Td /F3 9.0 Tf [(your bank details willingly to the scammers.)] TJ ET BT 61.016 491.088 Td /F3 9.0 Tf [(The subject of the email is Absa Surecheck Profile App Upgrade | FICA information which is designed to say )] TJ ET BT 61.016 480.099 Td /F3 9.0 Tf [(absolutely nothing. It is what is known in information technology circles as )] TJ ET BT 356.639 480.099 Td /F3 9.0 Tf [(techno-babble)] TJ ET 0.400 0.400 0.400 RG 0.18 w 0 J [ ] 0 d 356.639 478.948 m 419.666 478.948 l S BT 61.016 460.110 Td /F3 9.0 Tf [(While the methods used to steal a your banking details may differ, the process followed by fraudsters to steal money from )] TJ ET BT 61.016 449.121 Td /F3 9.0 Tf [(their victims in South Africa are nearly always the same:)] TJ ET BT 78.360 429.148 Td /F3 9.0 Tf [(1.)] TJ ET BT 91.016 429.132 Td /F3 9.0 Tf [(Get the persons Internet banking details, typically through a phishing attack. \(as shown below\))] TJ ET BT 78.360 418.159 Td /F3 9.0 Tf [(2.)] TJ ET BT 91.016 418.143 Td /F3 9.0 Tf [(Get a banking account/s to which money can be transferred to and withdrawn.)] TJ ET BT 78.360 407.170 Td /F3 9.0 Tf [(3.)] TJ ET BT 91.016 407.154 Td /F3 9.0 Tf [(Clone the SIM card used by the victim.)] TJ ET BT 78.360 396.181 Td /F3 9.0 Tf [(4.)] TJ ET BT 91.016 396.165 Td /F3 9.0 Tf [(Create beneficiaries \(using the list of banking accounts\) and transfer money to these beneficiaries.)] TJ ET BT 78.360 385.192 Td /F3 9.0 Tf [(5.)] TJ ET BT 91.016 385.176 Td /F3 9.0 Tf [(Withdraw the money from these accounts.)] TJ ET BT 61.016 365.187 Td /F3 9.0 Tf [(Here are the obvious warning signs:)] TJ ET BT 78.360 345.214 Td /F3 9.0 Tf [(1.)] TJ ET BT 91.016 345.198 Td /F3 9.0 Tf [(The sender is not an ABSA email account \(in this case a throwaway German email account used to send millions )] TJ ET BT 91.016 334.209 Td /F3 9.0 Tf [(of phishing e-mails\))] TJ ET BT 78.360 323.236 Td /F3 9.0 Tf [(2.)] TJ ET BT 91.016 323.220 Td /F3 9.0 Tf [(Vague and deceptive subject lines \(Techno-babble\))] TJ ET BT 78.360 312.247 Td /F3 9.0 Tf [(3.)] TJ ET BT 91.016 312.231 Td /F3 9.0 Tf [(An attached file \(.htm\) that contains a web page that opens up in your browser and links in the background to the )] TJ ET BT 91.016 301.242 Td /F3 9.0 Tf [(server in South Africa.)] TJ ET BT 78.360 290.269 Td /F3 9.0 Tf [(4.)] TJ ET BT 91.016 290.253 Td /F3 9.0 Tf [(Impersonal salutation. Dear Valued Customer. Banks will never address you like this. They have your money )] TJ ET BT 91.016 279.264 Td /F3 9.0 Tf [(so it stands to reason that they will know your name as well.)] TJ ET BT 78.360 268.291 Td /F3 9.0 Tf [(5.)] TJ ET BT 91.016 268.275 Td /F3 9.0 Tf [(Online verification has **** to convince you that the email is genuine, but university addresses end with ac.za, not )] TJ ET BT 91.016 257.286 Td /F3 9.0 Tf [(co.za.)] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Page /Parent 3 0 R /Contents 12 0 R >> endobj 12 0 obj << /Length 1104 >> stream 0.400 0.400 0.400 rg 0.400 0.400 0.400 RG 0.18 w 0 J [ ] 0 d 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 54.289 521.469 703.695 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 566.734 757.984 m 566.734 54.289 l 565.984 54.289 l 565.984 757.984 l f 45.266 757.984 m 45.266 54.289 l 46.016 54.289 l 46.016 757.984 l f q 375.000 0 0 351.000 61.016 406.984 cm /I1 Do Q 0.400 0.400 0.400 rg BT 61.016 389.193 Td /F3 9.0 Tf [()] TJ ET BT 61.016 369.204 Td /F3 9.0 Tf [(The web page that you are directed to is actually the .htm file based on your computer \(as an attachment, but links directly )] TJ ET BT 61.016 358.215 Td /F3 9.0 Tf [(to the phishing server in the background.\))] TJ ET BT 61.016 338.226 Td /F3 9.0 Tf [(In this case is )] TJ ET BT 118.040 338.226 Td /F3 9.0 Tf [(iteron.co.za)] TJ ET 0.400 0.400 0.400 RG 0.18 w 0 J [ ] 0 d 118.040 337.075 m 164.561 337.075 l S BT 164.561 338.226 Td /F3 9.0 Tf [( which is listed as undergoing maintenance but is fully functional in the background.)] TJ ET BT 61.016 318.237 Td /F3 9.0 Tf [()] TJ ET endstream endobj 13 0 obj << /Type /XObject /Subtype /Image /Width 500 /Height 468 /ColorSpace /DeviceRGB /Filter /DCTDecode /BitsPerComponent 8 /Length 35560>> stream JFIF;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82 C    !'"#%%%),($+!$%$C   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?A3LokK6_I+&ݡO'#VDygƛ7K:lqC4Xgg޿DN~{$~m WWYGԦ{\ŷTFx/4nPこTVV@є8`Hl*eR.#8O.p%>>VrqXjƸ'(_o̼mB$a>WH;mO |z$k2H\8k(.dx*0H"J1iK!befͻixXdHEGƦU&dydtZ2$v,kBO=W*A$$t҉\`vɫoE| 3{].n{w#4F t$P2.<1 o*&cIiw8 HP3QA Esˣ%Γ=34^xHWwr~g8,[P`}͍&Yݏ?(?N1z9˕jS>l?δ7wmoq;*m=kw.b2(՘>xد;HUگ'$~|yE(_8fyM֛pmhe6[?miZDA,^7V=Eww_ȕٌ |?; VmRXeȈqٶTe?zQ11Vtu{X.!\Gq;oF x~)2CFm*rF v“$p#NdĖ9$Cf}trf'N,\mOW ?U[] Ohcl?kLP5*E >8*PoȣHӰQD{xGc)?j$Ps"(P@*;6 k!*,A@r^_1jQ(VGʂzz7\[[ 7>R +)fuN Z-Ob97<'=,Ȉ#@c·M:@!E!>`]ǎCBn -6084G/幤Såƒ?aҿ??_3yKCQ PJǨ8-KCQ PKǨ81,^I CRiʣJ!{ӫտ5o XK jz?04WU^[[G|ո?V, h_ؿgRogWIG~jou4[?pkNpY6/)=H㎕}Ƭ?|5a|=68QC׃*U+5c1{!Y[ k.Oz?|ճ!?zq%N>[W?|l?fEjl'#b@{׬Vuz? XK[ ಜ_3J I[zջ:zOgXgOOK[ dsv>Š.hr iu+iW<ڑ m5jC[.[FA׵O- WSly!Nޝ0Kmk֗d$6VSʐ"{!ؗb3ߓϽ|+[h.r!=xgzΝ9iUwC5^cP'=nKmoNT&Tc*:qҘi7w:v\{V-ߏ㿭sާcB*IvN*Ľ +~,VC+I61~cV孲٢YXq8UUh.XsQ]c(w4k&wJv(5 2X)\) p}3I2OǕVRg8 I㰆-sƳ=L{:aBF)9"Y5[To##fVzR^M]Rڲ"౑NH8}Xe[k,uۂ\š `m6a2IW; 3^ĥ$-I>)(&Z\/.cM`gJo%ϝoS#wT17t8Vnsj#PeCnҙ=1I+'ec;B^DO;}+45KNus,\428lnZ<gYZ4#DO4SR.lt2OIM)Z+t K(b  /T{%"e|d?jmv'uMgY7!GcڡC !KS%tv *XH$ihîA~3## "I) VRF[nz/_qZӵ ΂<Cz62PE;6VV9Ux2{Ti{8N|"ė4i=yl>|oLgO> ѦGFʂ+sɭn9 MЮ<z2tX2J&GACN3$5%CR kNgxJ: k̲%#T}#;qyj)mA@5dYk֍mpze@E[u^EW A 9#84"pxm P`:i=xkXխh DEWlQݏl*t2Pp_Zq, +O:cmy4犩_mv8Q;Eݙ:}4hcʎsa0W!NI9ڴ/ZʎX%IC^i.MH[alޜ(#?0UN9ߋ;OS,B۷ncЃC%'VD2p Xuڬ^Hqo+)b?c)\³`@O=DK$oB#<s/֭Ԥ+'+xCQ$ػv׿qqq Ui޻is^&(]+}6 z=b"/b[ҜX'-;ՁU4g-m+(oB@bI#yb]x|Mp/$>cnY9|=? 3tֱň\*jk%2#sW(RpnW诈TRD>ָkt $X (lpһXG׎Շi1Zt/.go.G@d1a[mVGFA $%G#F=ֵu n p\Sָ 蚎qg!`[&%)UCw7MuĖR VKD.lA{;F";=7gj $*Eaj~xgQf6ڔ'#:/urI?!xScnr3ZPbR@xԡBj(Bj(\V@FR_Z׹<ˀ FF}+sMq'Qt<{YŤMcg'q1gfmr=Z[RCe/#6,|zo#Bj؋Uq /G;f'xmn0 xbdicYr9TQb.-`qGS#3h֓B!мj0Ӓd QP9a3g-Ƕ; `kiq%Ψ?1W!8x8;PrX!@1-{kIa9 ȨoIP}o_Licdnjݥ")eg`ˀ ڛ~i9KE AՍv0yHc'hL`h 6/C*m#}=kOL\ơmor$9= ohF:+קT3Z1`}:wC[WRdcHm݁Z3x9`حaeGy?\j+2}v+{aw-yսk[O7(3 Pԭ'K9,7,W]øݶ Y6b%e2n[FOIs[C/)SM\<0. DYٙQ:7Z״kٴZOCIP͸?Jl ޥrL,#"i瑃I?RMkuf dc? %0!PX@^m32/O9BÐ9x>^ml8,d==) lnM_k'݇ۊ1L)QP/ C\Q/ C\PO6GϽG`#K"m9vQXZod.j:V#${Iq oKr+=?9]25fqp1ܟN*ONtG4c:n?ݠ ]:{kan#*$A'>xx>`{cq HV,iu'6(?X8a:r7Am9@ZQm/f!8x4׌`#Yk;zH0y9r(0joRA q۹9Wt˛C%>LFC\z4YG|>GތzhȤ4??Pz0}١Q"C<EfdX$h4VՆ~,#cGN]h"ZiP3 0Z?v([-Ю:~ͫvMޤn*!zI=:v5~OP.surniwʂ"qW9,_C<EPތ}j٠Q"C<EPތzhȣ$EaW[@f\꫖<1|j~ևa?(,?P]NsF0FAl~KjcЀgsa~OR}{Py}veem۰IlݺpjWE#Y4C<EgF)#N^,|E/١1"(}hfyG|>Cv}kXӢ;OC49߀0r1Ӛ ?IX@:}0ɓ{CVy,fyG|Ͻ>$EfyG|8jp]#nW%sI o(IXs?!@#Q51X\=XɌc9okȣ$Erj:c@w:vEƷm-pvNt z}濐 |E1ԝ 4??G٠??P9i )*8p#aUUތ3A=u_d9 H?T'd)d*\^,?_Cm=KFuIY:Ndʅ1^s\58;ۭaVuNb.DqȪ9k=- xr9cVVAH]U TiFl֍:S4%Lw߿Ҹ?W02:shO#-vl6as-Wڋr8Coc%Үب)bF|\Sp1 khAJ5 vH+#GfZ;}r:NzvP[i$Q,T1GѝsTëz04S:pμ\XAœ7yԯ^A+yc5xe͇_c޿ޥ=ka ijƮJH(V yuMugq|Pnս>8J |ݙn"+/)"y0 *͏cF.z\nwK6YG̠O8 8>6*?{ Xn~纊.E#)El1{8ڙ/[?/DH朎gf1Z|G QO ^vt[r0sMkN1mA/B:R4c$sFmzmyy$d_28Z5ܘ08quZU܉%h=8R ?3IKϧX][F22Wĉu5w,%"@`2mXKTnLʟ"2S;HN-R3j(|9v>XPStқ/cr|' Y.Cld&1K/-%;ݸŌw]+Q^y/a,(kl+"۶WMk@^;I"f9;7|+-3L6*1rk8Sj:AҖzR(QEQEQEQEQEQEQEQEQEQEQEQEQEQEQExB׺ME:_Q@$Rp?2+^]ڥ)Uu*ݭ""n(~ur+&ܩqـ@qV䳶iv-sIOJ|glN `ng9޵n %1 8Lntby%x6c<h%Qg%??*}:Av0Dv u(GdhUM5=iRqOVQTEWIҝsGۭsq~aր,QQ26ԕ0=:S_A0II$@h~o~CsR+e`kDFBېO!20Pm}p*)HAumJM]X D%k.V 3^-]DV@9$nL9j.ZgHɀ<Jͳme ssӿמ+'9N-F+Xѵ(& uЈM/If kjʑ XԎxA'5h6u,Y9 nl-o_W_czk&p maӜRSA$R.C1$3]mo쵭.Gwr7gk^Zqsס5V_ڔ3˪;+dڬAhuZ<'[_Lm<1/,$oJz=+:Ok`AIRI'p88ׯduhuZҗ /~ue瀵[]˸ ~ny?[<-ڔwOp!ܕ=9kuZOU ๣(^6w=a>ћ|A0xo_ƟcFem3G#5%)(Z)(JZ( ( ))yJZ(JZ(J(h)(hJ(hJ(h4QI@ E%RQ@//{Qx&:%VDBttU(zPh "~R~tyKRQ@Cտ:<k(k_:_:<k(k_:_:<k(kԔP~XoΏ,zRQ@cտ:<ߝIEGVǫ~u%=[ԔP~XoΏ,zRQ@cտ:<ߝIEGVǫ~u%=[ԔP~XoΏ,zRQ@cտ:<ߝIEGVǫ~u%=[ԔP~XoΏ,zRQ@cտ:<ߝIEGVǫ~u%=[ԔP~XoΏ,zRQ@cտ:<ߝIEGVǫ~u%=[ԔP~XoΏ,zRQ@cտ:<ߝIEGV6N[} rsJG, U#XI[(;_Bj)|u!x&:A6_?Uʧ&G@Q@Q@RPEQEQIK@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@f(((((%VCTAJ隟WeVCTA+\P) ^5xB׺MEuGlHͽ<~ /*7XZM:77袀 :77袀 :77(ާszΊJ]:7SE9֯z_ Bph#:7Zl3ʑp]>Ib@sތZ)2(#֌ހLZ2=hh(((((((((Ͻ.h(@](]:uWUާszΊ(ާszΊ(ާszΊ(ާszΊ(ާ?PNm؟zO{P?WS_Bj(uКQԚGlch((()(hOpj_r ּU[FC "'.E¸_IwSGd?4m _}*uOk~KXj oH/Iv#m'S儑_ rGojraF6j\~ޝn7wA5`E9u!7v03ד޻XՕTZK_>+-mwi$6$F8'uzn~QIC.9E'^OAUJSJZl7y{_kgm? e,qg*?|Ah~]qv"we# mkW>k(5;鮣HWY8$Tux]~aw_;#uVRY{FZt}{?43k1DпSҡspZV,66D{U+! m`=*֝o+!2p7zdD_OKgm䁎3^mdЇǘB)-OO'zzݘd$Z9II9#=G2_p`FC}:ʩ> Rmۏ??=&Z2a9.sʕص =ftPU LҔkaPP+ьud<aKئpՆ 7è$DӢT#^hCLއZT ʭjosqIj2' 5ƒg򧚥3/>?jo|l|MiP_JakxŵF.22r}*JSvJ\<*^U4:!2b젖x8ȐTӳ-47~TpFĻCk\$HyDOD6)D2}*z3օ(֔Zٗ}E qcTwMѿTy퇅U^՜怔J[oҨ[3mH z{VuMFm4"XG"$qךt䢌qnfzC*I\ׂ;'Ԛ).m~#*"`|'+*URO8z7G=.]ʴzGo ʳ`$ sTNY!lou6#Ƴ0Vb6SIe9}~B5F|bHfs܊aId%cB@L{7\'{)tR=6p=HuJ8S' {b? b7z+'eNkhkU~Z}jQEQEQEQEQEboƠs_SB&QWn׊|u!x&^/_ HMpAI&G?ր(((((O_ş,/j_,gUIS-Ƈw+o7+5džϓ"P^|o4[B5?ѵKŧȏ1!& Q25٭_lfܿ}-3ϭNbHD7nO'z^A+BE +_w¾TRA.)chKT 0AB)`&mdWh0ͻ7#MuTxmČc4יU±Q|ve8V$qQ'uMmݸOS$T$ζ79b # D۶aYgBSiXHI>b\7 I(񾿥xȅA ;W??; |AK}h$ aehӫz[-ZIv) 9].&dK;o c$⤝d'ny'(%1`>'a4㴵tkioJh@xSG}j@K!#85m7@r@U/:+4.&.qS?}y<~pE^!D1Vb@=Oֶ)jUX76z}qCsިxHg.nXf5[x;tڷ;50iaig)]-ON%ZqwtXft(b\ѿUYʈo0nz ENOU}Mֶ 脻 >% ; jj]YAI\* ӌ]Ч5%Vc9'8k?v|! ײHe'E T'?cdGA{dydąY"b:O%AFju (Q@Q@Q@Q@mbjy5Pu!x&^/_ HMpAI&G?ր((()(hTXQPxEW%MN*ȳפ oC~g1OAAF$9#9m|q Ώx 㼝ܤ8`z{?}L]_?̛mxQf TWiO{(%b{cxW,֮5մ߳O&H;v L(Qr].r_閚[]$JETi:Mgsgf@pFjl(YY(X x"qM-1b5kf GAAo*MF$ݻosm}ݵm;w}qc4d=oRy9[g)Fv:L㴀y> r:-x:Tl =F#GR;Y״“jwZFLݷb>0ػ%ܓvj{gRWyN@ܱf Y+?[&" 4Fi.`;?d:0RGcQ:t9M&g]Mw7̤ Rpc=.ÅI&o<@@s<sHRScX{MlCD rrD '&x#[S´=G$FFEQgMةRAs >)YUp\y{GO`)^5v0y;xQWfʬ!6=?Ѥg^@>xiRZڝ5hRN@v1 \ x =)BjKUҞBg*^`I4۳1 Dp~rFNA,3Y]GG}NpTb@20`;jI-\N229n-՞2Z38Opo{Xz gq$I \W[>$?*-cz{nfQu~Z}jQE((((k#`zTj@/{Q ^5 "4QQEQEQEQIK@ *ȳפ bEAu_A52 hzH"{ Ir  ic?Ƹytb0Wk WGlHmb}M_?̊;2KܪKNXwm4V|Wa|`ǡ⌺取Mr*f8.xzsy\t>8xG>\]6ue tB[[zt">p:_u?,ܳ-lb&'+riqS'獯 5[ᨀ5.X~q Avye2CCvvˈS-zzT+%xHrRz3Nz7O 5Iou;{zc+nzEi{:ȋ Ȥ}_jxNc .SZyз}!;\ҼGsa*b9*='R hnOO|*ryT,dFd_*a 6T*q^{ٙ4BTu5Ik[!^unM5 fRr*W޾2f2{.Ͽl] ֞d P& v?q|VHoqqJ\=cOAM&int#L}`xZдn- iP'8չk0NR|963<8pz5}[b7'чYA<ڶr{h?O|V`\}M&yWi}pkap93r>'٢DNBT=3ޮioϖ-)fix)`y%fr%H|Uфɥʮ1\?,~U|+xM]?R2VEymgk]Ԭ}U#.[#uۺ?CTyef^x.Kbn>ݸ8.9Hf 11O.JB1ϧ֙%…,K9h=F**ֵjUwo"' ہɫQW?#X>v36{#LqKeYن+m%hn-az鎤~rW~x{ţRԬ-jd% z`]mal'k [qz0QW<9; /~:hO;|S%Xv>v$iZ, X=NOҸ |`'zC+IJieqZ/?Tz5ZVn>jQE((((k#`zTj@/{Q ^5 "4QQEQEQERRPE~EW%MXO-zŤF88#45 #4M'HV`WkAp]{3&?JZ t[m&̹Jvԥ#\eUVGf)* @#֍l~vAceAқ_ƭQ@/K}Q_ƭQ@BQˮs3Ҽ| І5!}h ۱ӦkӨ8c ZD-J6z ciq޵(9J)$\[P* 9R heETD'IK>gER)$vH$J9lpI+Wh m( $drOҹOV֬6 IEӊhBqOs;IfmlI2 z| ~*ЂpTZE Wϛ}$hI?ELC('8+U+` {Z4Pz,pa14l2nfRCpG\c^)K,xiq-ebg@;H"Q@/K2ϤEU7F?y煲>0!Mk–V$ע2}5@[z`Vsm>^P}}Ըf/֫V QEQEQEQEQEfQGMk#`z9/^/_ _Bj(?e\#EFRi"((JZ))hr_I?/R:ab\^2+GQ.5:ui,r|Cd_ҧq`p xeXgm9sָ!`eDS.[3\p%X@Bۯ"EoӻH(Qwg>IX(j!*r}3\{(XNr;t=X BʛsW 2;|ќrquo|-iGY-1ܐe? Y$wA hB7R-%{P!g⫩8"$b;}O8|($M?,JY]<|H-Yo:: "ָ?ZmbH`1;Sr(΢1MQ nv-6sG*5g K׶XaV%4j<2+@_j|![IZw] cq  =h|qzcO1O$]2O[̲]Фc=IOmcR ƃ>^,a$&WRAzj?>cK[,ggDBY, 0ы(T`E=1N,{p1OmO,Y]IA_c<׃Qޟ65 7.HBzF-<[$~Fy~ƶ6&7cOjTT" eF8(h((*U5ZEeL%Fr8~@|O4 -VV )j5`Q^|xڭ'E}e9OFzhj_?&|͡ԯDǘ :]C&עcmc =j[ZU{BYX,]:N=밢xd(ICWY=1h8u J&䡁~9=]oedI6Z}9^UZlք:֫UZ^!EPEPEPEPEPOF5Pu!x&^/_ HMpARi "chQ@Q@Q@Q@Q@ +BbE^rBϽ:omj&oo} TU\ޏQZzoN€,Uӿo}; EVNG([; ?ӿo} 4UoG(N€,Uӿo}; EVNv?@Ua]tWP*Eg)W>Eg)W>Eg)W>Eg)W>Eg)x*_NH2T֫UZ@Q@Q@Q@Q@Q@m?T֟B?uКArWf9%U)y2mqVՌ_^9GMLu=age*zYAz~F˯?UX+߳Qz~V8z~HLr4lKF:{ZU~\_u~Z}j(((((i#`zTj@/{Q ^5 "cjM#A6_?Tr6()h ( ( ))hSbE]CVЊ*,Ee 8*1ր9 |%-%D2)9ޣ=xtVP,N 02Ԓ1׎EaEx~ qwɀ g{yzfZ\E;+bש@*I$qƊU;ή j!_~fE,<3 ZXN#Qs<,t'Yi_XKfݹ$@.$He ~u*g^[j\$wZm+s1u hdj!8=1퍧>xgE;VW[2=K r[Ee&XH18jc8@AY.fe#4{xa9j啖o ꦴa؀!ǨZ՗F[LΏlj#Zyߘ@TR>(#gyh^K7 =WntmU[`$2q u z[AU1ưLa2X\G<('ȠkmX傃85\IcPRy iujb#=_ rNj92pvsڤ<5{4OL#V*gG$;{?MuT`;[9a#E77KmmNQߜܓN[Jzݭ%Ue20 M֧_ Lίzag j6"@,AO'V#I6@*zsӸ sa,!I0vsֺ"> Wp%۸g}kK Y%C֧(OT6b9:_ioʳoS+/ _H#\WUG!H$u*>qS\ƾW_ ҳ{vi y[L~9E٭fYֹi*u+HYˎBżgRB;Oon糖zO?&3C*"fw-פk/~KTE!EEL8SesW?s?W▿Div,@$syI'73T*)+ NJ5:q_u~Z}j(((((i#`zTj@/{Q ^5 "c}jM#A6_?ToZJZ((((OrX^9(M?/UˈE/Rf_ h+ ?>eܽNOJ{CDw+0ryʼn.f8 ydyi"ɂPzQO]&sR 2kBGtC@8<7#Ak֏2Hs0|-Pq33;jmon^~x_K7 sO6FOhq_R{k%Ιyݒ{uUt+s#$Q|=ͺfC['~?ZgC(\i j&džmTo-$a ?/SCƤ\7t.X3a8P9.9?[wOtR0-e*<`\@ <'CS$1n/i=~6 yC--ayLt`@o٧.<ņ9OM],2U]ۺgַ( <#yxC,#|A,AL }*Fdf0G263nl"|+G}֬Uly9NAV.1gшBʶ( ngl<?֭EQEfT6b62|ȵ).`1]2 3UatI|{ XdNQ^Sib ܒKGk۾|i7H2Lbvo~ .ZM>kFt:@Gu>Ͽ}v*2սNYZPTE('{w}OuO ki{|z*οx⍾Gi=꓌;sKFcdHlLՙ5o^iOȺdUdZ1`y6te 9/$`̷1*68tؠ>$z s8\4oFexYp /zH|e;gw.͡q$C=\?/9%i5MmuneO2.~'Yx)s䦐]p=p>^y`j.Q̈P~l=8d:8u ]r>SONߏzi!v6d9lq);손cߵ%e;c#-ƠQE endstream endobj 14 0 obj << /Type /Page /Parent 3 0 R /Annots [ 17 0 R 19 0 R 21 0 R 23 0 R 25 0 R 27 0 R ] /Contents 15 0 R >> endobj 15 0 obj << /Length 4149 >> stream 0.400 0.400 0.400 rg 0.400 0.400 0.400 RG 0.18 w 0 J [ ] 0 d 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 170.215 521.469 587.769 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 45.266 170.215 m 566.734 170.215 l 565.984 170.965 l 46.016 170.965 l f 566.734 757.984 m 566.734 170.215 l 565.984 170.965 l 565.984 757.984 l f 45.266 757.984 m 45.266 170.215 l 46.016 170.965 l 46.016 757.984 l f q 375.000 0 0 252.750 61.016 505.234 cm /I2 Do Q 0.400 0.400 0.400 rg BT 61.016 487.443 Td /F3 9.0 Tf [()] TJ ET BT 61.016 467.454 Td /F3 9.0 Tf [(If you have received an email that looks like this please immediately report it to the Information Technology Security Team )] TJ ET BT 61.016 456.465 Td /F3 9.0 Tf [(using the following method:)] TJ ET BT 61.016 436.476 Td /F3 9.0 Tf [(Send the spam/phishing email to the following addresses)] TJ ET 0.373 0.169 0.255 rg BT 61.016 416.487 Td /F3 9.0 Tf [(help@sun.ac.za)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 61.016 415.336 m 125.681 415.336 l S 0.400 0.400 0.400 rg BT 61.016 396.498 Td /F3 9.0 Tf [(...and )] TJ ET 0.373 0.169 0.255 rg BT 86.036 396.498 Td /F3 9.0 Tf [(sysadm@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 86.036 395.347 m 164.696 395.347 l S 0.400 0.400 0.400 rg BT 164.696 396.498 Td /F3 9.0 Tf [( as well.)] TJ ET BT 61.016 376.509 Td /F3 9.0 Tf [(Attach the phishing or suspicious email on to the message if possible. There is a good tutorial on how to do this at the )] TJ ET BT 61.016 365.520 Td /F3 9.0 Tf [(following link \(Which is safe\): )] TJ ET 0.373 0.169 0.255 rg BT 179.042 365.520 Td /F3 9.0 Tf [(http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx)] TJ ET 0.18 w 0 J [ ] 0 d 179.042 364.369 m 547.205 364.369 l S 0.400 0.400 0.400 rg BT 78.360 345.547 Td /F3 9.0 Tf [(1.)] TJ ET BT 91.016 345.531 Td /F3 9.0 Tf [(Start up a new email addressed to )] TJ ET 0.373 0.169 0.255 rg BT 230.084 345.531 Td /F3 9.0 Tf [(sysadm@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 230.084 344.380 m 308.744 344.380 l S 0.400 0.400 0.400 rg BT 308.744 345.531 Td /F3 9.0 Tf [( \(CC: )] TJ ET 0.373 0.169 0.255 rg BT 332.243 345.531 Td /F3 9.0 Tf [(help@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 332.243 344.380 m 396.908 344.380 l S 0.400 0.400 0.400 rg BT 396.908 345.531 Td /F3 9.0 Tf [(\))] TJ ET BT 78.360 334.558 Td /F3 9.0 Tf [(2.)] TJ ET BT 91.016 334.542 Td /F3 9.0 Tf [(Use the Title SPAM \(without quotes\) in the Subject.)] TJ ET BT 78.360 323.569 Td /F3 9.0 Tf [(3.)] TJ ET BT 91.016 323.553 Td /F3 9.0 Tf [(With this New Mail window open, drag the suspicious spam/phishing email from your Inbox into the New Mail )] TJ ET BT 91.016 312.564 Td /F3 9.0 Tf [(Window. It will attach the email as an enclosure and a small icon with a light yellow envelope will appear in the )] TJ ET BT 91.016 301.575 Td /F3 9.0 Tf [(attachments section of the New Mail.)] TJ ET BT 78.360 290.602 Td /F3 9.0 Tf [(4.)] TJ ET BT 91.016 290.586 Td /F3 9.0 Tf [(Send the email.)] TJ ET BT 61.016 270.597 Td /F3 9.0 Tf [(If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and )] TJ ET BT 61.016 259.608 Td /F3 9.0 Tf [(password you should immediately go to )] TJ ET 0.373 0.169 0.255 rg BT 221.081 259.608 Td /F3 9.0 Tf [(http://www.sun.ac.za/useradm)] TJ ET 0.18 w 0 J [ ] 0 d 221.081 258.457 m 341.627 258.457 l S 0.400 0.400 0.400 rg BT 341.627 259.608 Td /F3 9.0 Tf [( and change the passwords on ALL your university )] TJ ET BT 61.016 248.619 Td /F3 9.0 Tf [(accounts \(making sure the new password is completely different, and is a strong password that will not be easily )] TJ ET BT 61.016 237.630 Td /F3 9.0 Tf [(guessed.\) as well as changing the passwords on your social media and private e-mail accounts \(especially if you use the )] TJ ET BT 61.016 226.641 Td /F3 9.0 Tf [(same passwords on these accounts.\))] TJ ET BT 432.949 206.652 Td /F3 9.0 Tf [([ARTICLE BY DAVID WILES])] TJ ET BT 61.016 188.163 Td /F3 9.0 Tf [(Posted in:E-mail,Phishing,Security | Tagged:ABSA,ABSA Banking,Phishing | With 0 comments)] TJ ET endstream endobj 16 0 obj << /Type /XObject /Subtype /Image /Width 500 /Height 337 /ColorSpace /DeviceRGB /Filter /DCTDecode /BitsPerComponent 8 /Length 33433>> stream JFIF;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82 C    !'"#%%%),($+!$%$C   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$Q" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?JiI]33ISP˃-jxqb$3]2DU,FA籫<յ8dI ZRQ@@<+wf~ \9bu5  ڿƽqWnIp\ꀬD+1n^_Ks Ewq=C7.?缟ѣOqEOˏ'j ({}>q=AE\y?G.?缟Ѩ8J,lF\y?PQEOˏ'j ? ,lF\y?PQEOˏ'j ({}>q=AE\y?G.?缟ѨhMˏ'he5 X q=lF7.?缟ѣO4Q`&e4}{},Q*,7rI ܅u2)e˖e^ 3/# i}wqެOUi@s$S1+'ђ{,W3-(4ycX/{k]%j[p==Y4fu:&UBŊ̠#Rg> x/ľ umSM[˔vԈ@p: -5ͷd&/ ?][gL'6x(. __vI yiNd` M*a-7 %4[F@++4DO1N^ R'IUM/#IXW r8:qY l⺿wG1z իJF7܆.9'4{h]lGR_<bY$yOl~U;]k)W3*:<=Lt_UH>ol8Ȑ7ˏqBad r9cwO5'-8~!9RO% By :,n  A-ς-.$ ?7#鎧։.#KjOe4\_T2 rMEF-v THd皘x6WeJ9ןj?_/w 7c`T/UvBlU]ySœJ&UHR,˼OC>£%c' +o'\U4|8Dt2m']ǂuձ.-guIqkkRJd8auqc@Uc8IA*_ O#N8<NلUrst>Gb>ȑ/!P T =4igs5.=N>|>t%2b1[S˷}Hs+栗0c=(JwRS{38|zb2$1K=s;Lnr 8O߫pΡ)  :94ۡd%Ons\mo_r<Ui|OqN@ɿ>-ͽR!s{q`Gy,ky؅.73 v t9x\oFͺo ꋹ3׀g^MUeۨLP L`H}Nk#ND#R3vWʸD)Rݛ%U9g_).*g_).*3B~"+.nTy3?G3?^i?B O]*< o  o LдGE} .Õg o7Q o7WhZ_УB~"aʏ3u7u7>k?B O]*< o  o LдGE} .Õg o7Q o7WhZ_УB~"aʏ3u7u7?-?/Qi?BG:MsT:MsU(дEr| @?| @ _}~#9QξS\UξS\UzgE} ?-?/Qv?g_).*OIiI`\Pд\淡[jڜwEt 0 m9*95ntGr͎G/O;ir@u򒤌7qz4ʀGN 9 #9iޓm&Tgg9dr{Z?XifQ̄gRzd3괫Hfd>7+gW3~9dmabpU9c{_[![XKlQbir5 G'{˸h?_Ub9bHA뜟ҧu )S֞zm?x {{MeA+h㚓˸h&Le]$8)Bb@ѰXczwڶƍYƁX>!U ?seT#yǧ3s OJRC>VƏ.zE|,gEF˴;ȭ(z`4.zE|˸E|fN^vq$CXJ^e%Xo9=3ҝ.y\ #+P79sϮlyw?/]?@dk^ gӦX==֙ #)Ptwm891O[>]?Gs="+Cy$^i:+~s3c {d֦?_GD( ]\7 z.G*b6UsǷsjՊBhU"'4.zE| S#KDsÂ36X0%e JrO#OA.Cmm=xҷ|Ə.zE|V1n5 FVч,>L7.!}8c_<ƆX˲eͧ\F{uޝKWED9uV>> ?.zE|˸j\"RNwh+1@PiWM^<2o!Hz:cW J@F Db{u٣RrBE'4{+xPӦߴms̫\iX, ?_<ƩE-Cy2Noa3DH DY*줌*L%Oz3ب?hOM(>f__{6Q i@ Y_e>޿*+m?7&@ >Oz3ب?hOM(>f_bw*@ ?m?74ϧ=hOM(??c2_3?hOM(>V3/gQ^; i@ 6Q}f_bw&@ ?m?74ϯTWDoG4M&}fpV3/gQ^; i@ 6Q}X̿*+m?7&@ >Oz3ب?hOM(>V3/g^= i@ '4M&}fqz3ب?hOM)}jqz3hE&Dك Zܗyޗ +?,_RC?R%Ù3(Sh[)7Ef XN sMbi|9߲WE5:+iչ5m(AX!exU#xEmW7OIe]mnǏfT~mRL}kI\F5v5$DoZOsE (2zQTg."Ӥ;]3 vZVefg^%Ix=15GZcm[KOjeǎ 曮*gCԮ#tV,3t<DŽJouM)lI#a['9+ ͣߊi(;lujZwbkO}*>.s rzp=gƟZ.A8x;Xχ`"ԏf#=fe(E4kՑ5 NX5GgsN.z!ȼr|Ⱥ`==}JmŏIO kn y <l ק(qk+f,qԟڽk][h&"B~U.fe[kTCի̥KJ7?QgʴU/j g >2+RNhUB g;<&U5Ld~b~>j<]h'ˍc,udnSW}M7Qh6#pM.%ka-gdCW"N4&T*lg${ rk;Z]B2WVx{ZDKWO< Z=ѧޏ{]OO4i=B[gpJ /{ibjj^z>KZ5Gڽ#^}ގPѯz>Yi>r֍{zOj>kޏ{G}W_^}޲>G}j^z>G(}hW(z[cj +֍8i\"|Nzk ?HxH#ȪEװnиu2W[5GoP^q嶬䯉s/c kHIiwk[Cnf #?&xCAjڙѻ v9< z*<}jvG"%䜓M=x|MWXhRYa}ަ?ELJ>xT{CBqOaEPHW7W7/[QGE-̞_hcWiڸ_M4O14[Q@Š(QK@ )h|b6 W\$+:JQMYѭ*3U!>Xd fkԾ|3K%F[sZZ+8ь]bN"QZ[@zjt2;,d֭dѓZbdw&6!(YTmE|?Y&ƗbFel?4Vu){,ƶ{D oĠm .2x:qȘWmC`qӀWҹ4f:}nq" U(o:v-A]V7 .~hϱKUoYfeFٻi`wk2Odet#寪2hɣ)1|ؿ+)Ckb cN?>|QY$ZVC+p3O+|2h<1_qC|"Iv.e?/Gi8PC(6g澏'֏O<=45?&0QӮ$OA?fƗ}h4⬚?m?_o&fƗ}hnjOfƗk꼟Z2hcw_q3?K o5^O>}Z;Shgi'֌Z>X| o43~4M}WFMVx>Tgi?m?_o&'hnjOfƗ/1\i7_TѓGՠ3o%Om9x[3˧買?}9FM c_qJ(Um8o&_5F}sQ:fV;.g71PyCvytM}9FO?.5}_P>;Uᙼm=M}Wz3MaK.})^ˈqZyq"g;T( Q@s~-[o1]%s~-[o1@2nKE~mRL}kI\F5v5$DoNԞ`(QECHz3`G(h^\i h|g: I\iJN*΃A??ƐZYl?ƋOqv4l?h§򿸹ES#gF{ Ok@GփA??Ƌj+U?6:l..QTt4l?h§򿹗(:l?t4]waS_˔U?6:l.e*΃A??Ə6]TW2OgAG΃A??Ƌ*+rFgAEp?̹ER#gl?h§򿹗(:l?t4]waS_˔U?6:l.e*΃A??Ə6]TW2OgAG΃A??Ƌ*+rFgAEp?̹ES#gF{ \l?h#gu=Os-UO6:l.eQU?t4:l.e1U?t4Z\˸OqsU?Jk@G2Ƨ򿸹ES;j6g0#Kv"ܬ4ؙBQHQEW7W7/[QGE-̞?hcWkڸ_M4O1Ih (|_CE(_A4⿴AW}>zty+EM;ZMjxbA>'ϱ/e8`߅y2:)m340\gOt5Gm8u#!#Ս6ÓjFQ՞g (e 7)'y q*?+ǥ. ørW~qMQehO&[ iE? l$0ֻ?e3*A)f_ʏa.,_yv / Q*6$^zGT3?!3"2cK(\ TS?4TL Q%%Pf0;y7bX0n#tqZIwόrc+SKǯeG2MM }AEiO iZpK4i/Y?+^ ioS?4U 7ĸHw0Z0h ^ SK/eK jhw?2uE}ٿᔏ OR?4T}Vaa;_j?WڽL R)_*>0Z0h/+^ iR?4T}Vaa;_j?ڽOQQ SK7eGfFA}ٿᔿiS?4*?֌'?#ڏfRK/eG2 xڏfS?4*OQQYф0Z0E}_j_e3CK(S?4T}Vaa?xQ=هiUgQQYфj[\I:#m$fnA^?ey7eJ!|NA|QEW7W7~7?z襢?O^)h2{Di7э]qhcWh*^`(R? O?׷?>:u#!tMhy I#{?)k#{kѮ.X,jC+~zƺmh{#?j__VHSwϒ񣬄< JԌ[0Asֲ?|RoW6fĖ% ͂NI!Ы+4ja2u Ы+4¬B|j{L!O.c Q _)¬B|¬B|*H~Q _)?r>!Ы+4>!Ы+4jʿ? !Ы+4Zv Ug1(/  UBWRWhY ]K_񣖷v?i,?  ?vx?¹UUԿ?V|BWRWh݇?!Ы+4ji,?/  ?v?¹UUԿ?UBWRWire??vx?]2AO_g/u?Ɛ,?UԿja2}#gZ|;5:4w pr0ovyyeyvS5|=s“v2\Irqעin )l^;+~u:oS$},W đ_Bs 88=:Y7{ (\Ʊo>hQ:uvWQ ➟4$$$.ZBvz^c>\>kcNZqS?տGiϓr2jC*:- >QEW7u|GE-|oKEY'MjEq_hcWkP4[Q@•?/i)S>"x&,t3UobZPC 2I-VW{?żWrȅ#PIWd{N2QxƧ\ӭ˚Q2NGbe-'vy`rK(9LFcV08$UV*޸gKh3kDc6ɴϯ@>Dѫ]%ErWץ#xK]+J6,UҬ\kH/]&0Az,dq|E4qHn6,nǥD*VE_N:Yfb@d~ _60qi?YGVɲXh8]6P3p#1>$@ZB t$ g GOq#Tdd3Kc >Y$Qݶӌouh卮HZf0U'.@]zFr3@ qF)GJ(LPGҖJ]v,HVz?K3ƅq$y"ᔸycwJ/#m[j}?U!kk GҼgG(tJ5|ۇ|cΚMKc; \\8- z`YMXm%p`ch-zp='լ#~]JgqN(吽R<BCՈ7~[ @_kUF@`y=?:vJMA#.;c?QsKw!9 mq=*o <8%؟kFEeê΂HՔ8b% G/QQI?OΑdG'G笟"Ov?/_ʀ+KH:-QEmtm|GE-|oKEY'Mj{WkI\F5vhAEP0_IJA4e׷N2ysnal>[2h%BY.-J0x^fkhqjmKys欍L,W:ǿ^RgēĤǦ45=X)Fq~>UusER9RemFƦ:d70H5p,eqhFmoNwIyÃWRyP$gj' tQEQE!B?Z*W4P0xRH4g̓Gl~m/ր̓Gl~l/ր̓A }/_%؃GL~u[P ]v qޭ$A#cT *1svc&QLsi&ovҶ`yg#:>*ectZ(``:4stBcTe}I@Yͳ[DZqMg 8М~m=J[&1vѮ/N0*夭6pOr7w6GJ((((Y᷽Bt3T梁M?2C:^e,148*G4mGCxjTǒ3fk"*zzsI|H-Iご‘\Se5O%i'Km{l\gqkO]0˓SCMHt-*7XC'17H9V>!ʶ29#0\p1t9 4iG&ؚHN)y&N׊NQӺF/?MQ/^EmXt<+K&hOVM1տRbq@DoN_oiS?տWҖtJZ(+g[WI\ߋ?P̿~mRG[U=Ϣ 4?ƮӵqhcWiP4[Q@•M%*Bֱ]LqrELU7kT6.h-sZ!99>TW{uw|I=WȔ<LMSR_{д8LqQrx'zurG*ˀ㟛:ujPo91Ud]I8n[@G DƬijn-k:5ռZwu:ڠg  H~L4M"߼PnP{wGjIads+Ɓ''簫 s2Gcr(a3sG fEQH l楆5G%r31@- K@Q@Q@?71+ʱƌŋ8t3T-nl*KXwo"0pY9԰γxuγK'7-q#ɴd+2?h6帟'`@@98kdkMSwv$,[|˘'8jO S q49`s)iko5} NN}'>†W p˹1VSo쿐ѴjTui)?qp<@Ob*:- >QEW7u|GE-|oKEY+MjJ 4?ƮT=[ (()W|_R? +@2??Ε׷{oYyyw{to\zP66M5o[vQ/!mSskЫ}$HFSuL¦&7iHњ8d}/YTlG>*vp^i-װ+=jc'dɆ2ݣ+f]c,aSUX:42X$:Lo kwZFBO$y]ORyq*ٵ*3jMqK ׭jzBZ#Tyq*R *NE?-`Q~z(}`i GzX\ͳ &v~&n?m"@2ֻKxZ2y75Ha$D'ȋyH`y>0.A62<4Ă *1UW})vQ@Q@Q@Q@QEQI**?g )iA(uu|GE-|oKEY+MjqhcWh:T=E-% U? _@W{?<' =y>m׷em ď&*yisR&B21zRK}gV[Q: 3ԫ x_A $3Y3Gտ dT1c%Y$jlgT8KGGDr Op?!M';` waF8}yfވЕGIv5ki/.0>U1'jי+_0٣}1'hğOA?щ?F$/?уx4bO&4x4bO|RIϭgxqS@rqZϹJ#I֧EI8Ŵu`ƶ"9GWKiVjV;UV_șפqwIWIEluCC Mg_w-jc"!p='d}zҵ{}*?{o/`&rY9\gkM$7>-z4gU< z?nF)MBCx@!wv;JX6YV)o c~%x9! ĴW?kRWpg-x'w_7xraId(ȯ{iً\NJc2_gV9y7Z*FvcH:=F[ſ|lq5'tG5+k麺Z?jPo%OMׁMsN;AeQ i>-ЀwWҋZ=uhij sys}]'Ui3겏ޝvC3O5ް^ RIbE^PXM{;?rⰠφ͒#FjKv-  #+5/xzig#9\e#o>7?z襢}kI\F5v_M4O1{-(aJA4@W{?:wiWKۢFss^jEgk5:Efblahyl“g9#ղ~%pMq>3~iA-X]JA4l]A[@@b0>Mg0gD~$8lWl7Џv35zP)a~T- 4ZVׂ%>Z gsL6 62+Kᖗj 4Y?^Bۉem5Qd ?'V x#ŗO;~M9.n녮C2ź#<~5&DaF}7b\~gAKEt}>8 Į ;J#Պǥ9Lddz1Ve? X;X+zI8{p$|*U?y\wZ=q]Q?e6m|+'M]o\d6꥘6 ?M_Vup?.ٟOG#kmBؿinҤ0qoJi hUU[ .~#'fd8i{>xsCv;Bi[˳?ʷM9pM2o>õBl# 3=A u*A R'Kxl5ȵn^hvVΧJevtl`5q*ť +dAUuIaK9,gd v%a{}e)H,%\mds?v?:nηSs|q:hk=3wޏh-Iвdnן3[V\tJZA})i(+g[WI\ߋ?P̿~mRG[U=Ϣ 4?ƮWkI\F5vh (*JU_A4e׷<_ZMiqRV^U^j%ZU& c'=s@ t-*.Hr!ffâiD #8ծ,.e2|? F;~4:?/OOʿm D#EoMѿ?V\>a4_!, wA_ש1s}_/akW1\;ٕbiG5G9 @}n*hcP,2s^9yK7_T2*h?jO6,`Sv ]}Hsfcr'Q^/{M1xI*?j#+?{ w=Lng2nj]pMxKK}OOU1d*5+>OM/s9[§GM_A?mNfYoo&`A(JAnK ;+?dV)#fJ}ߙK_K=R?pwox3Z?qQNdypܟZ񎴤#]αjw3[g+~\aI 'Z>: g7ZWζ$ Ve ʟgWDg&0c( Xߧ)xXhV#1X]([_1HոzY5Y4w %[jU1qvq:{zʴkds(pWAKkZ[}*;A: 4b,ē,}nSǨvTܑ?&'!yjdݤ1mq"WMY71_-#ly $s'λvYz? \F=5SZ7X4[IۻCtgd03=)h]^-Mo=$sQEm+oşmo(_?O^)h׭Z*̞_hcWh+3$DoAҡh (*_R? +fmiQ!ff8VW{?7vsʲRT=E>Pbi/X+)Tav9œMRҴM2x[q̒HFXcn8*79n@PIjȮyk=t-1"%,R~n~^dޘ $x#΀5ÃN8PjBON+%9WGʒrI>\I4lP绁\Focq$d=fG;NJ&e,3M&p9=:i#,O =:v , xZߐ4M6hVr`YɭA<`cxz(z)>Dߠz(z)>Dߠ"pX:Mqj WdpN~Aq[Lw+*;__/toAX>7FHZ.rm.m8 ?Z|(i̯h?#ᯟ_iZ|kyFH뺹PH-H 53GS9ᯌb0n#Ϡ Qlѩv rxF{׳SPnwSstXw{pURo$?A֖?xK8Ԃ -ۧ<4>̃^ih<,H,[u篵N~x#Cv' d=+⼿&-gʿUKFqS-&4HpP{nGRUx^i >V8=D庭iߋ//m!mV`<^ScG̕%s>c$z^Y~^1LQ A-{.k>.4Qe2 Z.uA`=yGP﵋{f s}~޼_a5ֻ{511YQjQ͠b#+1ϵYlێќ@3'?F$>|g19<gAk^O3U=umd,9ھJ3F3-L$С+7|x]aPy#x ^-╾s@m.TZ n qO}KY?ХV6%{r;c޷<~S#Gէ+P,jD6+\9Zu2t%. %31_5M2{4]θV `9an4zG .?3Xz4?*<YzQ3gֺs*s *lyr>)i(+g[+g[׭Z(#o'W&'s 4?ƮT=EP0_IJA4e׷Oc]\EfU9rjoG53nT ,:rz{X\MHc86E)e͈F@q*Է\A<ӑǾj\K~хm6Q 积׮.pUN7qۊħFCǏ-) 3brRڢpCGDZ_z?Ij1Q18Ɠ|=hl 1Q'hOƏz?IhO@I5 HIDW ZqC*N{o&VeBrKD#Ѵ]:f%Y*泵U"8'<{zToK8hΌ"30b2;w>)9;?*?/G_ʱZ sx吁}*T-,hҴ#yaց~L*O&?濕cDZʄ$ ~Cg&/ *Ely15<U-% ANSb'=9jkm~hFs'`k| *?濕T_ʼ-[š2 -\p'I(IHĎ<>Nܕn3_ʰ&0|?RX*?/@"|mo-?eQ tGqIG%v/Pw&bݍj*\㢾k .sKsyIӃ<+u-96/DclPxϨ#uc[%'S ?usҾa]Iױ b"J>'vH{e.Zm+>{":A42$vU񇉤eER@\\scKd&$lXv#|*˹|{9[>𮡩x/Mҿ.d86&w 8oRkεZw}vsca.dԣ߁\~>;xO_-O竪,?<^jЗ+?3CoG]έ+x-z-^mVy1,D,hZW #N%>\N>l>?"eLiӿEIqʳ5oٷRˢkVHyU81XKlFGq)Z#^d.-jr6J=Gu+ms[;˛ktXgf1?e!1}HϜ>ؼ2_]mn9l[SOы̏%ienSî#)w#51o=O?@MUa'C(.ZP~Y G5?hſ?d Nxۂˌzz@5-h4>E SOdTzƌA=O?@ǶMP! +"/OP__0ymSӨ5B6,ΎM"H2s[ϋz'(} Ώ1 &$`A<=e+HH+ӿAZ>|_?GOPuׇ%Iw26Fۻn܁gÚr@|n XwcZ^|_?GOP|^,y=9?Aiḭ5fHd *ӽkD|_?@~$^M_OIUA']ϟOQ=GU,n"Q(?MgsuWvS/Уϋz'){(vF2Y՗ʶzU4qiwr͏LWWL} <B8oqpko+A$ݮgessO*&|aA*h2WxosJnWJ V]W')w1^_\zH/tZ]Q2+/2I<*?/_yKw ogtӭQoWٞd?OQATrqZ"ן1~/ԣ|GC3FzE/01+00q}-G71[,y!Շ/²7S.aPOٟ}^}1BC~54}ˌ04NҮ!kpTMҳoK ;['+,_H$Dz X;ۯW(#98߀Db<ؿBĝ{>QZ?ghb:ʚV@:- JZb ( y2߷tր>I*4T{ybw%;P0EU̞_hcWiڼ/;Eޱ8xEe>cuW_ ?\IKOCbҿ.? JƋأ%Yv} ?\T?h+Y:LoPWH~^R*+ =ac <IШeN\J=5(ZrB~ؘcn +񟵦X̆LGc <3+m+#}q$q6q4vڎ)/7Ry})ܘѓ|_П!GxW>$X*&fә\}93R7=4@.t>ރ t9\o//Sx7(BEqcN >qxH3L$$Vގ1Ehx7+&1zbD?mC=(tBzmb.Ps >]I>WooR}?Ȯ5"i0Zn1L tZz|B f<܀.ӟ$NJ.vο)<}?ߐ-~"ِgnBsR#gMgJCFF 9Fx)GsL!GSx7+w8[,r$`agf_0<)<}?"۟l2pimL7=~d ): >revn}?ȣEbc_ ?\Uc;oEhOȬOL|7A+?1 h]hx(DſXoW4c_`6ПſGx+ JƏL|7A+,F#-|>oV'&>qoW4X.'oQ"?1 hҿ.?tm?ȣEbc_ ?\E]hx(BEbc_ ?\E]hx(DſXoW4c_`6oQ-|ҿ.? JƋѷ-|>ПſXoW4c_`6oQ?"?1 h0i_`6oQ"?1 hҿ.?tm?"'oV'&>qoW4X.G<[Is6A?bc_ ?\E + JƏL|7A+,F ?\G&>q bzO&>qT|Q]Fi.ĊhܣE?XS-̈́y%RB22(fW7k_/k*(*D=?GQEIvzZSQL%/oƑ:QEI.Ҙ~F$PjEٌ4=?+?FbtcJ(oSGJ>}(EnGQL†EDQ@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@;Ҋ(ܾ ȡ/~?QE ? endstream endobj 17 0 obj << /Type /Annot /Subtype /Link /A 18 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 415.6546 125.6807 424.8121 ] >> endobj 18 0 obj << /Type /Action /S /URI /URI (mailto:help@sun.ac.za) >> endobj 19 0 obj << /Type /Annot /Subtype /Link /A 20 0 R /Border [0 0 0] /H /I /Rect [ 86.0357 395.6656 164.6957 404.8231 ] >> endobj 20 0 obj << /Type /Action /S /URI /URI (mailto:sysadm@sun.ac.za) >> endobj 21 0 obj << /Type /Annot /Subtype /Link /A 22 0 R /Border [0 0 0] /H /I /Rect [ 179.0417 364.6876 547.2047 373.8451 ] >> endobj 22 0 obj << /Type /Action /S /URI /URI (http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki Pages/Spam sysadmin Eng.aspx) >> endobj 23 0 obj << /Type /Annot /Subtype /Link /A 24 0 R /Border [0 0 0] /H /I /Rect [ 230.0837 344.6986 308.7437 353.8561 ] >> endobj 24 0 obj << /Type /Action /S /URI /URI (mailto:sysadm@sun.ac.za) >> endobj 25 0 obj << /Type /Annot /Subtype /Link /A 26 0 R /Border [0 0 0] /H /I /Rect [ 332.2427 344.6986 396.9077 353.8561 ] >> endobj 26 0 obj << /Type /Action /S /URI /URI (mailto:help@sun.ac.za) >> endobj 27 0 obj << /Type /Annot /Subtype /Link /A 28 0 R /Border [0 0 0] /H /I /Rect [ 221.0807 258.7756 341.6267 267.9331 ] >> endobj 28 0 obj << /Type /Action /S /URI /URI (http://www.sun.ac.za/useradm) >> endobj xref 0 29 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000346 00000 n 0000000383 00000 n 0000000518 00000 n 0000000581 00000 n 0000004890 00000 n 0000005002 00000 n 0000005109 00000 n 0000005225 00000 n 0000005290 00000 n 0000006447 00000 n 0000042176 00000 n 0000042295 00000 n 0000046497 00000 n 0000080099 00000 n 0000080226 00000 n 0000080299 00000 n 0000080426 00000 n 0000080501 00000 n 0000080629 00000 n 0000080760 00000 n 0000080888 00000 n 0000080963 00000 n 0000081091 00000 n 0000081164 00000 n 0000081292 00000 n trailer << /Size 29 /Root 1 0 R /Info 5 0 R >> startxref 81372 %%EOF PHISHING: Absa Surecheck Profile App « Informasietegnologie
Language:
SEARCH
  • Recent Posts

  • Categories

  • Archives

PHISHING: Absa Surecheck Profile App

Over the weekend and as already reported by a number of Tygerberg colleagues & students, a variant of last week’s ABSA phishing scam has started flooding our email.

The tactics have changed slightly and the criminals are now using a South African domain name to launch their attack. Below is the example of the phishing email, with the forged “ABSA Bank” login page to attempt to convince you to give your bank details willingly to the scammers.

The subject of the email is “Absa Surecheck Profile App – Upgrade | FICA information” which is designed to say absolutely nothing. It is what is known in information technology circles as “techno-babble”

While the methods used to steal a your banking details may differ, the process followed by fraudsters to steal money from their victims in South Africa are nearly always the same:

  1. Get the person’s Internet banking details, typically through a phishing attack. (as shown below)
  2. Get a banking account/s to which money can be transferred to and withdrawn.
  3. Clone the SIM card used by the victim.
  4. Create beneficiaries (using the list of banking accounts) and transfer money to these beneficiaries.
  5. Withdraw the money from these accounts.

Here are the obvious warning signs:

  1. The sender is not an ABSA email account (in this case a “throwaway” German email account used to send millions of phishing e-mails)
  2. Vague and deceptive subject lines (Techno-babble)
  3. An attached file (.htm) that contains a web page that opens up in your browser and links in the background to the server in South Africa.
  4. Impersonal salutation. “Dear Valued Customer”. Banks will never address you like this. They have your money – so it stands to reason that they will know your name as well.
  5. “Online verification” has **** to convince you that the email is genuine, but university addresses end with ac.za, not co.za.

 

The web page that you are directed to is actually the .htm file based on your computer (as an attachment, but links directly to the phishing server in the background.)

In this case is iteron.co.za which is listed as “undergoing maintenance” but is fully functional in the background.

 

 

If you have received an email that looks like this please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing email to the following addresses

help@sun.ac.za

…and sysadm@sun.ac.za as well.

 Attach the phishing or suspicious email on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe): http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new email addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing email from your Inbox into the New Mail Window. It will attach the email as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the email.

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

[ARTICLE BY DAVID WILES]

Tags: , ,

Comments are closed.

 

© 2013-2021 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.