%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R 12 0 R 15 0 R ] /Count 3 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> /XObject << /I1 14 0 R /I2 17 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text /ImageC ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20250612105002+00'00') /ModDate (D:20250612105002+00'00') /Title (Report 06-2025) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Contents 7 0 R >> endobj 7 0 obj << /Length 4215 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 -31.525 521.469 778.259 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 45.266 746.734 m 566.734 746.734 l 565.984 745.984 l 46.016 745.984 l f 566.734 746.734 m 566.734 -31.525 l 565.984 -31.525 l 565.984 745.984 l f 45.266 746.734 m 45.266 -31.525 l 46.016 -31.525 l 46.016 745.984 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(PHISHING: ABSA SURECHECK PROFILE APP)] TJ ET 0.400 0.400 0.400 rg BT 61.016 664.909 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 664.909 Td /F3 9.0 Tf [(January 01,1970)] TJ ET BT 173.588 664.909 Td /F2 9.0 Tf [( by )] TJ ET BT 188.096 664.909 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 637.420 Td /F4 9.0 Tf [(Over the weekend and as already reported by a number of Tygerberg colleagues & students, a variant of last weeks )] TJ ET BT 61.016 626.431 Td /F4 9.0 Tf [(ABSA phishing scam has started flooding our email.)] TJ ET BT 61.016 606.442 Td /F4 9.0 Tf [(The tactics have changed slightly and the criminals are now using a South African domain name to launch their attack. )] TJ ET BT 61.016 595.453 Td /F4 9.0 Tf [(Below is the example of the phishing email, with the forged ABSA Bank login page to attempt to convince you to give )] TJ ET BT 61.016 584.464 Td /F4 9.0 Tf [(your bank details willingly to the scammers.)] TJ ET BT 61.016 564.475 Td /F4 9.0 Tf [(The subject of the email is Absa Surecheck Profile App Upgrade | FICA information which is designed to say )] TJ ET BT 61.016 553.486 Td /F4 9.0 Tf [(absolutely nothing. It is what is known in information technology circles as )] TJ ET BT 356.639 553.486 Td /F2 9.0 Tf [(techno-babble)] TJ ET 0.153 0.153 0.153 RG 0.18 w 0 J [ ] 0 d 356.639 552.335 m 419.666 552.335 l S BT 61.016 533.497 Td /F4 9.0 Tf [(While the methods used to steal a your banking details may differ, the process followed by fraudsters to steal money from )] TJ ET BT 61.016 522.508 Td /F4 9.0 Tf [(their victims in South Africa are nearly always the same:)] TJ ET BT 78.360 502.535 Td /F4 9.0 Tf [(1.)] TJ ET BT 91.016 502.519 Td /F4 9.0 Tf [(Get the persons Internet banking details, typically through a phishing attack. \(as shown below\))] TJ ET BT 78.360 491.546 Td /F4 9.0 Tf [(2.)] TJ ET BT 91.016 491.530 Td /F4 9.0 Tf [(Get a banking account/s to which money can be transferred to and withdrawn.)] TJ ET BT 78.360 480.557 Td /F4 9.0 Tf [(3.)] TJ ET BT 91.016 480.541 Td /F4 9.0 Tf [(Clone the SIM card used by the victim.)] TJ ET BT 78.360 469.568 Td /F4 9.0 Tf [(4.)] TJ ET BT 91.016 469.552 Td /F4 9.0 Tf [(Create beneficiaries \(using the list of banking accounts\) and transfer money to these beneficiaries.)] TJ ET BT 78.360 458.579 Td /F4 9.0 Tf [(5.)] TJ ET BT 91.016 458.563 Td /F4 9.0 Tf [(Withdraw the money from these accounts.)] TJ ET BT 61.016 438.574 Td /F4 9.0 Tf [(Here are the obvious warning signs:)] TJ ET BT 78.360 418.601 Td /F4 9.0 Tf [(1.)] TJ ET BT 91.016 418.585 Td /F4 9.0 Tf [(The sender is not an ABSA email account \(in this case a throwaway German email account used to send millions )] TJ ET BT 91.016 407.596 Td /F4 9.0 Tf [(of phishing e-mails\))] TJ ET BT 78.360 396.623 Td /F4 9.0 Tf [(2.)] TJ ET BT 91.016 396.607 Td /F4 9.0 Tf [(Vague and deceptive subject lines \(Techno-babble\))] TJ ET BT 78.360 385.634 Td /F4 9.0 Tf [(3.)] TJ ET BT 91.016 385.618 Td /F4 9.0 Tf [(An attached file \(.htm\) that contains a web page that opens up in your browser and links in the background to the )] TJ ET BT 91.016 374.629 Td /F4 9.0 Tf [(server in South Africa.)] TJ ET BT 78.360 363.656 Td /F4 9.0 Tf [(4.)] TJ ET BT 91.016 363.640 Td /F4 9.0 Tf [(Impersonal salutation. Dear Valued Customer. Banks will never address you like this. They have your money )] TJ ET BT 91.016 352.651 Td /F4 9.0 Tf [(so it stands to reason that they will know your name as well.)] TJ ET BT 78.360 341.678 Td /F4 9.0 Tf [(5.)] TJ ET BT 91.016 341.662 Td /F4 9.0 Tf [(Online verification has **** to convince you that the email is genuine, but university addresses end with ac.za, not )] TJ ET BT 91.016 330.673 Td /F4 9.0 Tf [(co.za.)] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Page /Parent 3 0 R /Contents 13 0 R >> endobj 13 0 obj << /Length 1104 >> stream 0.153 0.153 0.153 rg 0.153 0.153 0.153 RG 0.18 w 0 J [ ] 0 d 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 54.289 521.469 703.695 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 566.734 757.984 m 566.734 54.289 l 565.984 54.289 l 565.984 757.984 l f 45.266 757.984 m 45.266 54.289 l 46.016 54.289 l 46.016 757.984 l f q 375.000 0 0 351.000 61.016 406.984 cm /I1 Do Q 0.153 0.153 0.153 rg BT 61.016 389.193 Td /F4 9.0 Tf [()] TJ ET BT 61.016 369.204 Td /F4 9.0 Tf [(The web page that you are directed to is actually the .htm file based on your computer \(as an attachment, but links directly )] TJ ET BT 61.016 358.215 Td /F4 9.0 Tf [(to the phishing server in the background.\))] TJ ET BT 61.016 338.226 Td /F4 9.0 Tf [(In this case is )] TJ ET BT 118.040 338.226 Td /F4 9.0 Tf [(iteron.co.za)] TJ ET 0.153 0.153 0.153 RG 0.18 w 0 J [ ] 0 d 118.040 337.075 m 164.561 337.075 l S BT 164.561 338.226 Td /F4 9.0 Tf [( which is listed as undergoing maintenance but is fully functional in the background.)] TJ ET BT 61.016 318.237 Td /F4 9.0 Tf [()] TJ ET endstream endobj 14 0 obj << /Type /XObject /Subtype /Image /Width 500 /Height 468 /ColorSpace /DeviceRGB /Filter /DCTDecode /BitsPerComponent 8 /Length 35560>> stream JFIF;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82 C    !'"#%%%),($+!$%$C   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?A3LokK6_I+&ݡO'#VDygƛ7K:lqC4Xgg޿DN~{$~m WWYGԦ{\ŷTFx/4nPこTVV@є8`Hl*eR.#8O.p%>>VrqXjƸ'(_o̼mB$a>WH;mO |z$k2H\8k(.dx*0H"J1iK!befͻixXdHEGƦU&dydtZ2$v,kBO=W*A$$t҉\`vɫoE| 3{].n{w#4F t$P2.<1 o*&cIiw8 HP3QA Esˣ%Γ=34^xHWwr~g8,[P`}͍&Yݏ?(?N1z9˕jS>l?δ7wmoq;*m=kw.b2(՘>xد;HUگ'$~|yE(_8fyM֛pmhe6[?miZDA,^7V=Eww_ȕٌ |?; VmRXeȈqٶTe?zQ11Vtu{X.!\Gq;oF x~)2CFm*rF v“$p#NdĖ9$Cf}trf'N,\mOW ?U[] Ohcl?kLP5*E >8*PoȣHӰQD{xGc)?j$Ps"(P@*;6 k!*,A@r^_1jQ(VGʂzz7\[[ 7>R +)fuN Z-Ob97<'=,Ȉ#@c·M:@!E!>`]ǎCBn -6084G/幤Såƒ?aҿ??_3yKCQ PJǨ8-KCQ PKǨ81,^I CRiʣJ!{ӫտ5o XK jz?04WU^[[G|ո?V, h_ؿgRogWIG~jou4[?pkNpY6/)=H㎕}Ƭ?|5a|=68QC׃*U+5c1{!Y[ k.Oz?|ճ!?zq%N>[W?|l?fEjl'#b@{׬Vuz? XK[ ಜ_3J I[zջ:zOgXgOOK[ dsv>Š.hr iu+iW<ڑ m5jC[.[FA׵O- WSly!Nޝ0Kmk֗d$6VSʐ"{!ؗb3ߓϽ|+[h.r!=xgzΝ9iUwC5^cP'=nKmoNT&Tc*:qҘi7w:v\{V-ߏ㿭sާcB*IvN*Ľ +~,VC+I61~cV孲٢YXq8UUh.XsQ]c(w4k&wJv(5 2X)\) p}3I2OǕVRg8 I㰆-sƳ=L{:aBF)9"Y5[To##fVzR^M]Rڲ"౑NH8}Xe[k,uۂ\š `m6a2IW; 3^ĥ$-I>)(&Z\/.cM`gJo%ϝoS#wT17t8Vnsj#PeCnҙ=1I+'ec;B^DO;}+45KNus,\428lnZ<gYZ4#DO4SR.lt2OIM)Z+t K(b  /T{%"e|d?jmv'uMgY7!GcڡC !KS%tv *XH$ihîA~3## "I) VRF[nz/_qZӵ ΂<Cz62PE;6VV9Ux2{Ti{8N|"ė4i=yl>|oLgO> ѦGFʂ+sɭn9 MЮ<z2tX2J&GACN3$5%CR kNgxJ: k̲%#T}#;qyj)mA@5dYk֍mpze@E[u^EW A 9#84"pxm P`:i=xkXխh DEWlQݏl*t2Pp_Zq, +O:cmy4犩_mv8Q;Eݙ:}4hcʎsa0W!NI9ڴ/ZʎX%IC^i.MH[alޜ(#?0UN9ߋ;OS,B۷ncЃC%'VD2p Xuڬ^Hqo+)b?c)\³`@O=DK$oB#<s/֭Ԥ+'+xCQ$ػv׿qqq Ui޻is^&(]+}6 z=b"/b[ҜX'-;ՁU4g-m+(oB@bI#yb]x|Mp/$>cnY9|=? 3tֱň\*jk%2#sW(RpnW诈TRD>ָkt $X (lpһXG׎Շi1Zt/.go.G@d1a[mVGFA $%G#F=ֵu n p\Sָ 蚎qg!`[&%)UCw7MuĖR VKD.lA{;F";=7gj $*Eaj~xgQf6ڔ'#:/urI?!xScnr3ZPbR@xԡBj(Bj(\V@FR_Z׹<ˀ FF}+sMq'Qt<{YŤMcg'q1gfmr=Z[RCe/#6,|zo#Bj؋Uq /G;f'xmn0 xbdicYr9TQb.-`qGS#3h֓B!мj0Ӓd QP9a3g-Ƕ; `kiq%Ψ?1W!8x8;PrX!@1-{kIa9 ȨoIP}o_Licdnjݥ")eg`ˀ ڛ~i9KE AՍv0yHc'hL`h 6/C*m#}=kOL\ơmor$9= ohF:+קT3Z1`}:wC[WRdcHm݁Z3x9`حaeGy?\j+2}v+{aw-yսk[O7(3 Pԭ'K9,7,W]øݶ Y6b%e2n[FOIs[C/)SM\<0. DYٙQ:7Z״kٴZOCIP͸?Jl ޥrL,#"i瑃I?RMkuf dc? %0!PX@^m32/O9BÐ9x>^ml8,d==) lnM_k'݇ۊ1L)QP/ C\Q/ C\PO6GϽG`#K"m9vQXZod.j:V#${Iq oKr+=?9]25fqp1ܟN*ONtG4c:n?ݠ ]:{kan#*$A'>xx>`{cq HV,iu'6(?X8a:r7Am9@ZQm/f!8x4׌`#Yk;zH0y9r(0joRA q۹9Wt˛C%>LFC\z4YG|>GތzhȤ4??Pz0}١Q"C<EfdX$h4VՆ~,#cGN]h"ZiP3 0Z?v([-Ю:~ͫvMޤn*!zI=:v5~OP.surniwʂ"qW9,_C<EPތ}j٠Q"C<EPތzhȣ$EaW[@f\꫖<1|j~ևa?(,?P]NsF0FAl~KjcЀgsa~OR}{Py}veem۰IlݺpjWE#Y4C<EgF)#N^,|E/١1"(}hfyG|>Cv}kXӢ;OC49߀0r1Ӛ ?IX@:}0ɓ{CVy,fyG|Ͻ>$EfyG|8jp]#nW%sI o(IXs?!@#Q51X\=XɌc9okȣ$Erj:c@w:vEƷm-pvNt z}濐 |E1ԝ 4??G٠??P9i )*8p#aUUތ3A=u_d9 H?T'd)d*\^,?_Cm=KFuIY:Ndʅ1^s\58;ۭaVuNb.DqȪ9k=- xr9cVVAH]U TiFl֍:S4%Lw߿Ҹ?W02:shO#-vl6as-Wڋr8Coc%Үب)bF|\Sp1 khAJ5 vH+#GfZ;}r:NzvP[i$Q,T1GѝsTëz04S:pμ\XAœ7yԯ^A+yc5xe͇_c޿ޥ=ka ijƮJH(V yuMugq|Pnս>8J |ݙn"+/)"y0 *͏cF.z\nwK6YG̠O8 8>6*?{ Xn~纊.E#)El1{8ڙ/[?/DH朎gf1Z|G QO ^vt[r0sMkN1mA/B:R4c$sFmzmyy$d_28Z5ܘ08quZU܉%h=8R ?3IKϧX][F22Wĉu5w,%"@`2mXKTnLʟ"2S;HN-R3j(|9v>XPStқ/cr|' Y.Cld&1K/-%;ݸŌw]+Q^y/a,(kl+"۶WMk@^;I"f9;7|+-3L6*1rk8Sj:AҖzR(QEQEQEQEQEQEQEQEQEQEQEQEQEQEQExB׺ME:_Q@$Rp?2+^]ڥ)Uu*ݭ""n(~ur+&ܩqـ@qV䳶iv-sIOJ|glN `ng9޵n %1 8Lntby%x6c<h%Qg%??*}:Av0Dv u(GdhUM5=iRqOVQTEWIҝsGۭsq~aր,QQ26ԕ0=:S_A0II$@h~o~CsR+e`kDFBېO!20Pm}p*)HAumJM]X D%k.V 3^-]DV@9$nL9j.ZgHɀ<Jͳme ssӿמ+'9N-F+Xѵ(& uЈM/If kjʑ XԎxA'5h6u,Y9 nl-o_W_czk&p maӜRSA$R.C1$3]mo쵭.Gwr7gk^Zqsס5V_ڔ3˪;+dڬAhuZ<'[_Lm<1/,$oJz=+:Ok`AIRI'p88ׯduhuZҗ /~ue瀵[]˸ ~ny?[<-ڔwOp!ܕ=9kuZOU ๣(^6w=a>ћ|A0xo_ƟcFem3G#5%)(Z)(JZ( ( ))yJZ(JZ(J(h)(hJ(hJ(h4QI@ E%RQ@//{Qx&:%VDBttU(zPh "~R~tyKRQ@Cտ:<k(k_:_:<k(k_:_:<k(kԔP~XoΏ,zRQ@cտ:<ߝIEGVǫ~u%=[ԔP~XoΏ,zRQ@cտ:<ߝIEGVǫ~u%=[ԔP~XoΏ,zRQ@cտ:<ߝIEGVǫ~u%=[ԔP~XoΏ,zRQ@cտ:<ߝIEGVǫ~u%=[ԔP~XoΏ,zRQ@cտ:<ߝIEGVǫ~u%=[ԔP~XoΏ,zRQ@cտ:<ߝIEGV6N[} rsJG, U#XI[(;_Bj)|u!x&:A6_?Uʧ&G@Q@Q@RPEQEQIK@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@f(((((%VCTAJ隟WeVCTA+\P) ^5xB׺MEuGlHͽ<~ /*7XZM:77袀 :77袀 :77(ާszΊJ]:7SE9֯z_ Bph#:7Zl3ʑp]>Ib@sތZ)2(#֌ހLZ2=hh(((((((((Ͻ.h(@](]:uWUާszΊ(ާszΊ(ާszΊ(ާszΊ(ާ?PNm؟zO{P?WS_Bj(uКQԚGlch((()(hOpj_r ּU[FC "'.E¸_IwSGd?4m _}*uOk~KXj oH/Iv#m'S儑_ rGojraF6j\~ޝn7wA5`E9u!7v03ד޻XՕTZK_>+-mwi$6$F8'uzn~QIC.9E'^OAUJSJZl7y{_kgm? e,qg*?|Ah~]qv"we# mkW>k(5;鮣HWY8$Tux]~aw_;#uVRY{FZt}{?43k1DпSҡspZV,66D{U+! m`=*֝o+!2p7zdD_OKgm䁎3^mdЇǘB)-OO'zzݘd$Z9II9#=G2_p`FC}:ʩ> Rmۏ??=&Z2a9.sʕص =ftPU LҔkaPP+ьud<aKئpՆ 7è$DӢT#^hCLއZT ʭjosqIj2' 5ƒg򧚥3/>?jo|l|MiP_JakxŵF.22r}*JSvJ\<*^U4:!2b젖x8ȐTӳ-47~TpFĻCk\$HyDOD6)D2}*z3օ(֔Zٗ}E qcTwMѿTy퇅U^՜怔J[oҨ[3mH z{VuMFm4"XG"$qךt䢌qnfzC*I\ׂ;'Ԛ).m~#*"`|'+*URO8z7G=.]ʴzGo ʳ`$ sTNY!lou6#Ƴ0Vb6SIe9}~B5F|bHfs܊aId%cB@L{7\'{)tR=6p=HuJ8S' {b? b7z+'eNkhkU~Z}jQEQEQEQEQEboƠs_SB&QWn׊|u!x&^/_ HMpAI&G?ր(((((O_ş,/j_,gUIS-Ƈw+o7+5džϓ"P^|o4[B5?ѵKŧȏ1!& Q25٭_lfܿ}-3ϭNbHD7nO'z^A+BE +_w¾TRA.)chKT 0AB)`&mdWh0ͻ7#MuTxmČc4יU±Q|ve8V$qQ'uMmݸOS$T$ζ79b # D۶aYgBSiXHI>b\7 I(񾿥xȅA ;W??; |AK}h$ aehӫz[-ZIv) 9].&dK;o c$⤝d'ny'(%1`>'a4㴵tkioJh@xSG}j@K!#85m7@r@U/:+4.&.qS?}y<~pE^!D1Vb@=Oֶ)jUX76z}qCsިxHg.nXf5[x;tڷ;50iaig)]-ON%ZqwtXft(b\ѿUYʈo0nz ENOU}Mֶ 脻 >% ; jj]YAI\* ӌ]Ч5%Vc9'8k?v|! ײHe'E T'?cdGA{dydąY"b:O%AFju (Q@Q@Q@Q@mbjy5Pu!x&^/_ HMpAI&G?ր((()(hTXQPxEW%MN*ȳפ oC~g1OAAF$9#9m|q Ώx 㼝ܤ8`z{?}L]_?̛mxQf TWiO{(%b{cxW,֮5մ߳O&H;v L(Qr].r_閚[]$JETi:Mgsgf@pFjl(YY(X x"qM-1b5kf GAAo*MF$ݻosm}ݵm;w}qc4d=oRy9[g)Fv:L㴀y> r:-x:Tl =F#GR;Y״“jwZFLݷb>0ػ%ܓvj{gRWyN@ܱf Y+?[&" 4Fi.`;?d:0RGcQ:t9M&g]Mw7̤ Rpc=.ÅI&o<@@s<sHRScX{MlCD rrD '&x#[S´=G$FFEQgMةRAs >)YUp\y{GO`)^5v0y;xQWfʬ!6=?Ѥg^@>xiRZڝ5hRN@v1 \ x =)BjKUҞBg*^`I4۳1 Dp~rFNA,3Y]GG}NpTb@20`;jI-\N229n-՞2Z38Opo{Xz gq$I \W[>$?*-cz{nfQu~Z}jQE((((k#`zTj@/{Q ^5 "4QQEQEQEQIK@ *ȳפ bEAu_A52 hzH"{ Ir  ic?Ƹytb0Wk WGlHmb}M_?̊;2KܪKNXwm4V|Wa|`ǡ⌺取Mr*f8.xzsy\t>8xG>\]6ue tB[[zt">p:_u?,ܳ-lb&'+riqS'獯 5[ᨀ5.X~q Avye2CCvvˈS-zzT+%xHrRz3Nz7O 5Iou;{zc+nzEi{:ȋ Ȥ}_jxNc .SZyз}!;\ҼGsa*b9*='R hnOO|*ryT,dFd_*a 6T*q^{ٙ4BTu5Ik[!^unM5 fRr*W޾2f2{.Ͽl] ֞d P& v?q|VHoqqJ\=cOAM&int#L}`xZдn- iP'8չk0NR|963<8pz5}[b7'чYA<ڶr{h?O|V`\}M&yWi}pkap93r>'٢DNBT=3ޮioϖ-)fix)`y%fr%H|Uфɥʮ1\?,~U|+xM]?R2VEymgk]Ԭ}U#.[#uۺ?CTyef^x.Kbn>ݸ8.9Hf 11O.JB1ϧ֙%…,K9h=F**ֵjUwo"' ہɫQW?#X>v36{#LqKeYن+m%hn-az鎤~rW~x{ţRԬ-jd% z`]mal'k [qz0QW<9; /~:hO;|S%Xv>v$iZ, X=NOҸ |`'zC+IJieqZ/?Tz5ZVn>jQE((((k#`zTj@/{Q ^5 "4QQEQEQERRPE~EW%MXO-zŤF88#45 #4M'HV`WkAp]{3&?JZ t[m&̹Jvԥ#\eUVGf)* @#֍l~vAceAқ_ƭQ@/K}Q_ƭQ@BQˮs3Ҽ| І5!}h ۱ӦkӨ8c ZD-J6z ciq޵(9J)$\[P* 9R heETD'IK>gER)$vH$J9lpI+Wh m( $drOҹOV֬6 IEӊhBqOs;IfmlI2 z| ~*ЂpTZE Wϛ}$hI?ELC('8+U+` {Z4Pz,pa14l2nfRCpG\c^)K,xiq-ebg@;H"Q@/K2ϤEU7F?y煲>0!Mk–V$ע2}5@[z`Vsm>^P}}Ըf/֫V QEQEQEQEQEfQGMk#`z9/^/_ _Bj(?e\#EFRi"((JZ))hr_I?/R:ab\^2+GQ.5:ui,r|Cd_ҧq`p xeXgm9sָ!`eDS.[3\p%X@Bۯ"EoӻH(Qwg>IX(j!*r}3\{(XNr;t=X BʛsW 2;|ќrquo|-iGY-1ܐe? Y$wA hB7R-%{P!g⫩8"$b;}O8|($M?,JY]<|H-Yo:: "ָ?ZmbH`1;Sr(΢1MQ nv-6sG*5g K׶XaV%4j<2+@_j|![IZw] cq  =h|qzcO1O$]2O[̲]Фc=IOmcR ƃ>^,a$&WRAzj?>cK[,ggDBY, 0ы(T`E=1N,{p1OmO,Y]IA_c<׃Qޟ65 7.HBzF-<[$~Fy~ƶ6&7cOjTT" eF8(h((*U5ZEeL%Fr8~@|O4 -VV )j5`Q^|xڭ'E}e9OFzhj_?&|͡ԯDǘ :]C&עcmc =j[ZU{BYX,]:N=밢xd(ICWY=1h8u J&䡁~9=]oedI6Z}9^UZlք:֫UZ^!EPEPEPEPEPOF5Pu!x&^/_ HMpARi "chQ@Q@Q@Q@Q@ +BbE^rBϽ:omj&oo} TU\ޏQZzoN€,Uӿo}; EVNG([; ?ӿo} 4UoG(N€,Uӿo}; EVNv?@Ua]tWP*Eg)W>Eg)W>Eg)W>Eg)W>Eg)x*_NH2T֫UZ@Q@Q@Q@Q@Q@m?T֟B?uКArWf9%U)y2mqVՌ_^9GMLu=age*zYAz~F˯?UX+߳Qz~V8z~HLr4lKF:{ZU~\_u~Z}j(((((i#`zTj@/{Q ^5 "cjM#A6_?Tr6()h ( ( ))hSbE]CVЊ*,Ee 8*1ր9 |%-%D2)9ޣ=xtVP,N 02Ԓ1׎EaEx~ qwɀ g{yzfZ\E;+bש@*I$qƊU;ή j!_~fE,<3 ZXN#Qs<,t'Yi_XKfݹ$@.$He ~u*g^[j\$wZm+s1u hdj!8=1퍧>xgE;VW[2=K r[Ee&XH18jc8@AY.fe#4{xa9j啖o ꦴa؀!ǨZ՗F[LΏlj#Zyߘ@TR>(#gyh^K7 =WntmU[`$2q u z[AU1ưLa2X\G<('ȠkmX傃85\IcPRy iujb#=_ rNj92pvsڤ<5{4OL#V*gG$;{?MuT`;[9a#E77KmmNQߜܓN[Jzݭ%Ue20 M֧_ Lίzag j6"@,AO'V#I6@*zsӸ sa,!I0vsֺ"> Wp%۸g}kK Y%C֧(OT6b9:_ioʳoS+/ _H#\WUG!H$u*>qS\ƾW_ ҳ{vi y[L~9E٭fYֹi*u+HYˎBżgRB;Oon糖zO?&3C*"fw-פk/~KTE!EEL8SesW?s?W▿Div,@$syI'73T*)+ NJ5:q_u~Z}j(((((i#`zTj@/{Q ^5 "c}jM#A6_?ToZJZ((((OrX^9(M?/UˈE/Rf_ h+ ?>eܽNOJ{CDw+0ryʼn.f8 ydyi"ɂPzQO]&sR 2kBGtC@8<7#Ak֏2Hs0|-Pq33;jmon^~x_K7 sO6FOhq_R{k%Ιyݒ{uUt+s#$Q|=ͺfC['~?ZgC(\i j&džmTo-$a ?/SCƤ\7t.X3a8P9.9?[wOtR0-e*<`\@ <'CS$1n/i=~6 yC--ayLt`@o٧.<ņ9OM],2U]ۺgַ( <#yxC,#|A,AL }*Fdf0G263nl"|+G}֬Uly9NAV.1gшBʶ( ngl<?֭EQEfT6b62|ȵ).`1]2 3UatI|{ XdNQ^Sib ܒKGk۾|i7H2Lbvo~ .ZM>kFt:@Gu>Ͽ}v*2սNYZPTE('{w}OuO ki{|z*οx⍾Gi=꓌;sKFcdHlLՙ5o^iOȺdUdZ1`y6te 9/$`̷1*68tؠ>$z s8\4oFexYp /zH|e;gw.͡q$C=\?/9%i5MmuneO2.~'Yx)s䦐]p=p>^y`j.Q̈P~l=8d:8u ]r>SONߏzi!v6d9lq);손cߵ%e;c#-ƠQE endstream endobj 15 0 obj << /Type /Page /Parent 3 0 R /Annots [ 18 0 R 20 0 R 22 0 R 24 0 R 26 0 R 28 0 R ] /Contents 16 0 R >> endobj 16 0 obj << /Length 4243 >> stream 0.153 0.153 0.153 rg 0.153 0.153 0.153 RG 0.18 w 0 J [ ] 0 d 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 158.215 521.469 599.769 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 45.266 158.215 m 566.734 158.215 l 565.984 158.965 l 46.016 158.965 l f 566.734 757.984 m 566.734 158.215 l 565.984 158.965 l 565.984 757.984 l f 45.266 757.984 m 45.266 158.215 l 46.016 158.965 l 46.016 757.984 l f 61.016 173.965 m 550.984 173.965 l 550.984 174.715 l 61.016 174.715 l f q 375.000 0 0 252.750 61.016 505.234 cm /I2 Do Q 0.153 0.153 0.153 rg BT 61.016 487.443 Td /F4 9.0 Tf [()] TJ ET BT 61.016 467.454 Td /F4 9.0 Tf [(If you have received an email that looks like this please immediately report it to the Information Technology Security Team )] TJ ET BT 61.016 456.465 Td /F4 9.0 Tf [(using the following method:)] TJ ET BT 61.016 436.476 Td /F4 9.0 Tf [(Send the spam/phishing email to the following addresses)] TJ ET 0.373 0.169 0.255 rg BT 61.016 416.487 Td /F4 9.0 Tf [(help@sun.ac.za)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 61.016 415.336 m 125.681 415.336 l S 0.153 0.153 0.153 rg BT 61.016 396.498 Td /F4 9.0 Tf [(...and )] TJ ET 0.373 0.169 0.255 rg BT 86.036 396.498 Td /F4 9.0 Tf [(sysadm@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 86.036 395.347 m 164.696 395.347 l S 0.153 0.153 0.153 rg BT 164.696 396.498 Td /F4 9.0 Tf [( as well.)] TJ ET BT 61.016 376.509 Td /F4 9.0 Tf [(Attach the phishing or suspicious email on to the message if possible. There is a good tutorial on how to do this at the )] TJ ET BT 61.016 365.520 Td /F4 9.0 Tf [(following link \(Which is safe\): )] TJ ET 0.373 0.169 0.255 rg BT 179.042 365.520 Td /F4 9.0 Tf [(http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx)] TJ ET 0.18 w 0 J [ ] 0 d 179.042 364.369 m 547.205 364.369 l S 0.153 0.153 0.153 rg BT 78.360 345.547 Td /F4 9.0 Tf [(1.)] TJ ET BT 91.016 345.531 Td /F4 9.0 Tf [(Start up a new email addressed to )] TJ ET 0.373 0.169 0.255 rg BT 230.084 345.531 Td /F4 9.0 Tf [(sysadm@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 230.084 344.380 m 308.744 344.380 l S 0.153 0.153 0.153 rg BT 308.744 345.531 Td /F4 9.0 Tf [( \(CC: )] TJ ET 0.373 0.169 0.255 rg BT 332.243 345.531 Td /F4 9.0 Tf [(help@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 332.243 344.380 m 396.908 344.380 l S 0.153 0.153 0.153 rg BT 396.908 345.531 Td /F4 9.0 Tf [(\))] TJ ET BT 78.360 334.558 Td /F4 9.0 Tf [(2.)] TJ ET BT 91.016 334.542 Td /F4 9.0 Tf [(Use the Title SPAM \(without quotes\) in the Subject.)] TJ ET BT 78.360 323.569 Td /F4 9.0 Tf [(3.)] TJ ET BT 91.016 323.553 Td /F4 9.0 Tf [(With this New Mail window open, drag the suspicious spam/phishing email from your Inbox into the New Mail )] TJ ET BT 91.016 312.564 Td /F4 9.0 Tf [(Window. It will attach the email as an enclosure and a small icon with a light yellow envelope will appear in the )] TJ ET BT 91.016 301.575 Td /F4 9.0 Tf [(attachments section of the New Mail.)] TJ ET BT 78.360 290.602 Td /F4 9.0 Tf [(4.)] TJ ET BT 91.016 290.586 Td /F4 9.0 Tf [(Send the email.)] TJ ET BT 61.016 270.597 Td /F4 9.0 Tf [(If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and )] TJ ET BT 61.016 259.608 Td /F4 9.0 Tf [(password you should immediately go to )] TJ ET 0.373 0.169 0.255 rg BT 221.081 259.608 Td /F4 9.0 Tf [(http://www.sun.ac.za/useradm)] TJ ET 0.18 w 0 J [ ] 0 d 221.081 258.457 m 341.627 258.457 l S 0.153 0.153 0.153 rg BT 341.627 259.608 Td /F4 9.0 Tf [( and change the passwords on ALL your university )] TJ ET BT 61.016 248.619 Td /F4 9.0 Tf [(accounts \(making sure the new password is completely different, and is a strong password that will not be easily )] TJ ET BT 61.016 237.630 Td /F4 9.0 Tf [(guessed.\) as well as changing the passwords on your social media and private e-mail accounts \(especially if you use the )] TJ ET BT 61.016 226.641 Td /F4 9.0 Tf [(same passwords on these accounts.\))] TJ ET BT 432.949 206.652 Td /F4 9.0 Tf [([ARTICLE BY DAVID WILES])] TJ ET 0.400 0.400 0.400 rg BT 61.016 188.163 Td /F2 9.0 Tf [(Posted in:E-mail,Phishing,Security | Tagged:ABSA,ABSA Banking,Phishing | With 0 comments)] TJ ET endstream endobj 17 0 obj << /Type /XObject /Subtype /Image /Width 500 /Height 337 /ColorSpace /DeviceRGB /Filter /DCTDecode /BitsPerComponent 8 /Length 33433>> stream JFIF;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82 C    !'"#%%%),($+!$%$C   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$Q" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?JiI]33ISP˃-jxqb$3]2DU,FA籫<յ8dI ZRQ@@<+wf~ \9bu5  ڿƽqWnIp\ꀬD+1n^_Ks Ewq=C7.?缟ѣOqEOˏ'j ({}>q=AE\y?G.?缟Ѩ8J,lF\y?PQEOˏ'j ? ,lF\y?PQEOˏ'j ({}>q=AE\y?G.?缟ѨhMˏ'he5 X q=lF7.?缟ѣO4Q`&e4}{},Q*,7rI ܅u2)e˖e^ 3/# i}wqެOUi@s$S1+'ђ{,W3-(4ycX/{k]%j[p==Y4fu:&UBŊ̠#Rg> x/ľ umSM[˔vԈ@p: -5ͷd&/ ?][gL'6x(. __vI yiNd` M*a-7 %4[F@++4DO1N^ R'IUM/#IXW r8:qY l⺿wG1z իJF7܆.9'4{h]lGR_<bY$yOl~U;]k)W3*:<=Lt_UH>ol8Ȑ7ˏqBad r9cwO5'-8~!9RO% By :,n  A-ς-.$ ?7#鎧։.#KjOe4\_T2 rMEF-v THd皘x6WeJ9ןj?_/w 7c`T/UvBlU]ySœJ&UHR,˼OC>£%c' +o'\U4|8Dt2m']ǂuձ.-guIqkkRJd8auqc@Uc8IA*_ O#N8<NلUrst>Gb>ȑ/!P T =4igs5.=N>|>t%2b1[S˷}Hs+栗0c=(JwRS{38|zb2$1K=s;Lnr 8O߫pΡ)  :94ۡd%Ons\mo_r<Ui|OqN@ɿ>-ͽR!s{q`Gy,ky؅.73 v t9x\oFͺo ꋹ3׀g^MUeۨLP L`H}Nk#ND#R3vWʸD)Rݛ%U9g_).*g_).*3B~"+.nTy3?G3?^i?B O]*< o  o LдGE} .Õg o7Q o7WhZ_УB~"aʏ3u7u7>k?B O]*< o  o LдGE} .Õg o7Q o7WhZ_УB~"aʏ3u7u7?-?/Qi?BG:MsT:MsU(дEr| @?| @ _}~#9QξS\UξS\UzgE} ?-?/Qv?g_).*OIiI`\Pд\淡[jڜwEt 0 m9*95ntGr͎G/O;ir@u򒤌7qz4ʀGN 9 #9iޓm&Tgg9dr{Z?XifQ̄gRzd3괫Hfd>7+gW3~9dmabpU9c{_[![XKlQbir5 G'{˸h?_Ub9bHA뜟ҧu )S֞zm?x {{MeA+h㚓˸h&Le]$8)Bb@ѰXczwڶƍYƁX>!U ?seT#yǧ3s OJRC>VƏ.zE|,gEF˴;ȭ(z`4.zE|˸E|fN^vq$CXJ^e%Xo9=3ҝ.y\ #+P79sϮlyw?/]?@dk^ gӦX==֙ #)Ptwm891O[>]?Gs="+Cy$^i:+~s3c {d֦?_GD( ]\7 z.G*b6UsǷsjՊBhU"'4.zE| S#KDsÂ36X0%e JrO#OA.Cmm=xҷ|Ə.zE|V1n5 FVч,>L7.!}8c_<ƆX˲eͧ\F{uޝKWED9uV>> ?.zE|˸j\"RNwh+1@PiWM^<2o!Hz:cW J@F Db{u٣RrBE'4{+xPӦߴms̫\iX, ?_<ƩE-Cy2Noa3DH DY*줌*L%Oz3ب?hOM(>f__{6Q i@ Y_e>޿*+m?7&@ >Oz3ب?hOM(>f_bw*@ ?m?74ϧ=hOM(??c2_3?hOM(>V3/gQ^; i@ 6Q}f_bw&@ ?m?74ϯTWDoG4M&}fpV3/gQ^; i@ 6Q}X̿*+m?7&@ >Oz3ب?hOM(>V3/g^= i@ '4M&}fqz3ب?hOM)}jqz3hE&Dك Zܗyޗ +?,_RC?R%Ù3(Sh[)7Ef XN sMbi|9߲WE5:+iչ5m(AX!exU#xEmW7OIe]mnǏfT~mRL}kI\F5v5$DoZOsE (2zQTg."Ӥ;]3 vZVefg^%Ix=15GZcm[KOjeǎ 曮*gCԮ#tV,3t<DŽJouM)lI#a['9+ ͣߊi(;lujZwbkO}*>.s rzp=gƟZ.A8x;Xχ`"ԏf#=fe(E4kՑ5 NX5GgsN.z!ȼr|Ⱥ`==}JmŏIO kn y <l ק(qk+f,qԟڽk][h&"B~U.fe[kTCի̥KJ7?QgʴU/j g >2+RNhUB g;<&U5Ld~b~>j<]h'ˍc,udnSW}M7Qh6#pM.%ka-gdCW"N4&T*lg${ rk;Z]B2WVx{ZDKWO< Z=ѧޏ{]OO4i=B[gpJ /{ibjj^z>KZ5Gڽ#^}ގPѯz>Yi>r֍{zOj>kޏ{G}W_^}޲>G}j^z>G(}hW(z[cj +֍8i\"|Nzk ?HxH#ȪEװnиu2W[5GoP^q嶬䯉s/c kHIiwk[Cnf #?&xCAjڙѻ v9< z*<}jvG"%䜓M=x|MWXhRYa}ަ?ELJ>xT{CBqOaEPHW7W7/[QGE-̞_hcWiڸ_M4O14[Q@Š(QK@ )h|b6 W\$+:JQMYѭ*3U!>Xd fkԾ|3K%F[sZZ+8ь]bN"QZ[@zjt2;,d֭dѓZbdw&6!(YTmE|?Y&ƗbFel?4Vu){,ƶ{D oĠm .2x:qȘWmC`qӀWҹ4f:}nq" U(o:v-A]V7 .~hϱKUoYfeFٻi`wk2Odet#寪2hɣ)1|ؿ+)Ckb cN?>|QY$ZVC+p3O+|2h<1_qC|"Iv.e?/Gi8PC(6g澏'֏O<=45?&0QӮ$OA?fƗ}h4⬚?m?_o&fƗ}hnjOfƗk꼟Z2hcw_q3?K o5^O>}Z;Shgi'֌Z>X| o43~4M}WFMVx>Tgi?m?_o&'hnjOfƗ/1\i7_TѓGՠ3o%Om9x[3˧買?}9FM c_qJ(Um8o&_5F}sQ:fV;.g71PyCvytM}9FO?.5}_P>;Uᙼm=M}Wz3MaK.})^ˈqZyq"g;T( Q@s~-[o1]%s~-[o1@2nKE~mRL}kI\F5v5$DoNԞ`(QECHz3`G(h^\i h|g: I\iJN*΃A??ƐZYl?ƋOqv4l?h§򿸹ES#gF{ Ok@GփA??Ƌj+U?6:l..QTt4l?h§򿹗(:l?t4]waS_˔U?6:l.e*΃A??Ə6]TW2OgAG΃A??Ƌ*+rFgAEp?̹ER#gl?h§򿹗(:l?t4]waS_˔U?6:l.e*΃A??Ə6]TW2OgAG΃A??Ƌ*+rFgAEp?̹ES#gF{ \l?h#gu=Os-UO6:l.eQU?t4:l.e1U?t4Z\˸OqsU?Jk@G2Ƨ򿸹ES;j6g0#Kv"ܬ4ؙBQHQEW7W7/[QGE-̞?hcWkڸ_M4O1Ih (|_CE(_A4⿴AW}>zty+EM;ZMjxbA>'ϱ/e8`߅y2:)m340\gOt5Gm8u#!#Ս6ÓjFQ՞g (e 7)'y q*?+ǥ. ørW~qMQehO&[ iE? l$0ֻ?e3*A)f_ʏa.,_yv / Q*6$^zGT3?!3"2cK(\ TS?4TL Q%%Pf0;y7bX0n#tqZIwόrc+SKǯeG2MM }AEiO iZpK4i/Y?+^ ioS?4U 7ĸHw0Z0h ^ SK/eK jhw?2uE}ٿᔏ OR?4T}Vaa;_j?WڽL R)_*>0Z0h/+^ iR?4T}Vaa;_j?ڽOQQ SK7eGfFA}ٿᔿiS?4*?֌'?#ڏfRK/eG2 xڏfS?4*OQQYф0Z0E}_j_e3CK(S?4T}Vaa?xQ=هiUgQQYфj[\I:#m$fnA^?ey7eJ!|NA|QEW7W7~7?z襢?O^)h2{Di7э]qhcWh*^`(R? O?׷?>:u#!tMhy I#{?)k#{kѮ.X,jC+~zƺmh{#?j__VHSwϒ񣬄< JԌ[0Asֲ?|RoW6fĖ% ͂NI!Ы+4ja2u Ы+4¬B|j{L!O.c Q _)¬B|¬B|*H~Q _)?r>!Ы+4>!Ы+4jʿ? !Ы+4Zv Ug1(/  UBWRWhY ]K_񣖷v?i,?  ?vx?¹UUԿ?V|BWRWh݇?!Ы+4ji,?/  ?v?¹UUԿ?UBWRWire??vx?]2AO_g/u?Ɛ,?UԿja2}#gZ|;5:4w pr0ovyyeyvS5|=s“v2\Irqעin )l^;+~u:oS$},W đ_Bs 88=:Y7{ (\Ʊo>hQ:uvWQ ➟4$$$.ZBvz^c>\>kcNZqS?տGiϓr2jC*:- >QEW7u|GE-|oKEY'MjEq_hcWkP4[Q@•?/i)S>"x&,t3UobZPC 2I-VW{?żWrȅ#PIWd{N2QxƧ\ӭ˚Q2NGbe-'vy`rK(9LFcV08$UV*޸gKh3kDc6ɴϯ@>Dѫ]%ErWץ#xK]+J6,UҬ\kH/]&0Az,dq|E4qHn6,nǥD*VE_N:Yfb@d~ _60qi?YGVɲXh8]6P3p#1>$@ZB t$ g GOq#Tdd3Kc >Y$Qݶӌouh卮HZf0U'.@]zFr3@ qF)GJ(LPGҖJ]v,HVz?K3ƅq$y"ᔸycwJ/#m[j}?U!kk GҼgG(tJ5|ۇ|cΚMKc; \\8- z`YMXm%p`ch-zp='լ#~]JgqN(吽R<BCՈ7~[ @_kUF@`y=?:vJMA#.;c?QsKw!9 mq=*o <8%؟kFEeê΂HՔ8b% G/QQI?OΑdG'G笟"Ov?/_ʀ+KH:-QEmtm|GE-|oKEY'Mj{WkI\F5vhAEP0_IJA4e׷N2ysnal>[2h%BY.-J0x^fkhqjmKys欍L,W:ǿ^RgēĤǦ45=X)Fq~>UusER9RemFƦ:d70H5p,eqhFmoNwIyÃWRyP$gj' tQEQE!B?Z*W4P0xRH4g̓Gl~m/ր̓Gl~l/ր̓A }/_%؃GL~u[P ]v qޭ$A#cT *1svc&QLsi&ovҶ`yg#:>*ectZ(``:4stBcTe}I@Yͳ[DZqMg 8М~m=J[&1vѮ/N0*夭6pOr7w6GJ((((Y᷽Bt3T梁M?2C:^e,148*G4mGCxjTǒ3fk"*zzsI|H-Iご‘\Se5O%i'Km{l\gqkO]0˓SCMHt-*7XC'17H9V>!ʶ29#0\p1t9 4iG&ؚHN)y&N׊NQӺF/?MQ/^EmXt<+K&hOVM1տRbq@DoN_oiS?տWҖtJZ(+g[WI\ߋ?P̿~mRG[U=Ϣ 4?ƮӵqhcWiP4[Q@•M%*Bֱ]LqrELU7kT6.h-sZ!99>TW{uw|I=WȔ<LMSR_{д8LqQrx'zurG*ˀ㟛:ujPo91Ud]I8n[@G DƬijn-k:5ռZwu:ڠg  H~L4M"߼PnP{wGjIads+Ɓ''簫 s2Gcr(a3sG fEQH l楆5G%r31@- K@Q@Q@?71+ʱƌŋ8t3T-nl*KXwo"0pY9԰γxuγK'7-q#ɴd+2?h6帟'`@@98kdkMSwv$,[|˘'8jO S q49`s)iko5} NN}'>†W p˹1VSo쿐ѴjTui)?qp<@Ob*:- >QEW7u|GE-|oKEY+MjJ 4?ƮT=[ (()W|_R? +@2??Ε׷{oYyyw{to\zP66M5o[vQ/!mSskЫ}$HFSuL¦&7iHњ8d}/YTlG>*vp^i-װ+=jc'dɆ2ݣ+f]c,aSUX:42X$:Lo kwZFBO$y]ORyq*ٵ*3jMqK ׭jzBZ#Tyq*R *NE?-`Q~z(}`i GzX\ͳ &v~&n?m"@2ֻKxZ2y75Ha$D'ȋyH`y>0.A62<4Ă *1UW})vQ@Q@Q@Q@QEQI**?g )iA(uu|GE-|oKEY+MjqhcWh:T=E-% U? _@W{?<' =y>m׷em ď&*yisR&B21zRK}gV[Q: 3ԫ x_A $3Y3Gտ dT1c%Y$jlgT8KGGDr Op?!M';` waF8}yfވЕGIv5ki/.0>U1'jי+_0٣}1'hğOA?щ?F$/?уx4bO&4x4bO|RIϭgxqS@rqZϹJ#I֧EI8Ŵu`ƶ"9GWKiVjV;UV_șפqwIWIEluCC Mg_w-jc"!p='d}zҵ{}*?{o/`&rY9\gkM$7>-z4gU< z?nF)MBCx@!wv;JX6YV)o c~%x9! ĴW?kRWpg-x'w_7xraId(ȯ{iً\NJc2_gV9y7Z*FvcH:=F[ſ|lq5'tG5+k麺Z?jPo%OMׁMsN;AeQ i>-ЀwWҋZ=uhij sys}]'Ui3겏ޝvC3O5ް^ RIbE^PXM{;?rⰠφ͒#FjKv-  #+5/xzig#9\e#o>7?z襢}kI\F5v_M4O1{-(aJA4@W{?:wiWKۢFss^jEgk5:Efblahyl“g9#ղ~%pMq>3~iA-X]JA4l]A[@@b0>Mg0gD~$8lWl7Џv35zP)a~T- 4ZVׂ%>Z gsL6 62+Kᖗj 4Y?^Bۉem5Qd ?'V x#ŗO;~M9.n녮C2ź#<~5&DaF}7b\~gAKEt}>8 Į ;J#Պǥ9Lddz1Ve? X;X+zI8{p$|*U?y\wZ=q]Q?e6m|+'M]o\d6꥘6 ?M_Vup?.ٟOG#kmBؿinҤ0qoJi hUU[ .~#'fd8i{>xsCv;Bi[˳?ʷM9pM2o>õBl# 3=A u*A R'Kxl5ȵn^hvVΧJevtl`5q*ť +dAUuIaK9,gd v%a{}e)H,%\mds?v?:nηSs|q:hk=3wޏh-Iвdnן3[V\tJZA})i(+g[WI\ߋ?P̿~mRG[U=Ϣ 4?ƮWkI\F5vh (*JU_A4e׷<_ZMiqRV^U^j%ZU& c'=s@ t-*.Hr!ffâiD #8ծ,.e2|? F;~4:?/OOʿm D#EoMѿ?V\>a4_!, wA_ש1s}_/akW1\;ٕbiG5G9 @}n*hcP,2s^9yK7_T2*h?jO6,`Sv ]}Hsfcr'Q^/{M1xI*?j#+?{ w=Lng2nj]pMxKK}OOU1d*5+>OM/s9[§GM_A?mNfYoo&`A(JAnK ;+?dV)#fJ}ߙK_K=R?pwox3Z?qQNdypܟZ񎴤#]αjw3[g+~\aI 'Z>: g7ZWζ$ Ve ʟgWDg&0c( Xߧ)xXhV#1X]([_1HոzY5Y4w %[jU1qvq:{zʴkds(pWAKkZ[}*;A: 4b,ē,}nSǨvTܑ?&'!yjdݤ1mq"WMY71_-#ly $s'λvYz? \F=5SZ7X4[IۻCtgd03=)h]^-Mo=$sQEm+oşmo(_?O^)h׭Z*̞_hcWh+3$DoAҡh (*_R? +fmiQ!ff8VW{?7vsʲRT=E>Pbi/X+)Tav9œMRҴM2x[q̒HFXcn8*79n@PIjȮyk=t-1"%,R~n~^dޘ $x#΀5ÃN8PjBON+%9WGʒrI>\I4lP绁\Focq$d=fG;NJ&e,3M&p9=:i#,O =:v , xZߐ4M6hVr`YɭA<`cxz(z)>Dߠz(z)>Dߠ"pX:Mqj WdpN~Aq[Lw+*;__/toAX>7FHZ.rm.m8 ?Z|(i̯h?#ᯟ_iZ|kyFH뺹PH-H 53GS9ᯌb0n#Ϡ Qlѩv rxF{׳SPnwSstXw{pURo$?A֖?xK8Ԃ -ۧ<4>̃^ih<,H,[u篵N~x#Cv' d=+⼿&-gʿUKFqS-&4HpP{nGRUx^i >V8=D庭iߋ//m!mV`<^ScG̕%s>c$z^Y~^1LQ A-{.k>.4Qe2 Z.uA`=yGP﵋{f s}~޼_a5ֻ{511YQjQ͠b#+1ϵYlێќ@3'?F$>|g19<gAk^O3U=umd,9ھJ3F3-L$С+7|x]aPy#x ^-╾s@m.TZ n qO}KY?ХV6%{r;c޷<~S#Gէ+P,jD6+\9Zu2t%. %31_5M2{4]θV `9an4zG .?3Xz4?*<YzQ3gֺs*s *lyr>)i(+g[+g[׭Z(#o'W&'s 4?ƮT=EP0_IJA4e׷Oc]\EfU9rjoG53nT ,:rz{X\MHc86E)e͈F@q*Է\A<ӑǾj\K~хm6Q 积׮.pUN7qۊħFCǏ-) 3brRڢpCGDZ_z?Ij1Q18Ɠ|=hl 1Q'hOƏz?IhO@I5 HIDW ZqC*N{o&VeBrKD#Ѵ]:f%Y*泵U"8'<{zToK8hΌ"30b2;w>)9;?*?/G_ʱZ sx吁}*T-,hҴ#yaց~L*O&?濕cDZʄ$ ~Cg&/ *Ely15<U-% ANSb'=9jkm~hFs'`k| *?濕T_ʼ-[š2 -\p'I(IHĎ<>Nܕn3_ʰ&0|?RX*?/@"|mo-?eQ tGqIG%v/Pw&bݍj*\㢾k .sKsyIӃ<+u-96/DclPxϨ#uc[%'S ?usҾa]Iױ b"J>'vH{e.Zm+>{":A42$vU񇉤eER@\\scKd&$lXv#|*˹|{9[>𮡩x/Mҿ.d86&w 8oRkεZw}vsca.dԣ߁\~>;xO_-O竪,?<^jЗ+?3CoG]έ+x-z-^mVy1,D,hZW #N%>\N>l>?"eLiӿEIqʳ5oٷRˢkVHyU81XKlFGq)Z#^d.-jr6J=Gu+ms[;˛ktXgf1?e!1}HϜ>ؼ2_]mn9l[SOы̏%ienSî#)w#51o=O?@MUa'C(.ZP~Y G5?hſ?d Nxۂˌzz@5-h4>E SOdTzƌA=O?@ǶMP! +"/OP__0ymSӨ5B6,ΎM"H2s[ϋz'(} Ώ1 &$`A<=e+HH+ӿAZ>|_?GOPuׇ%Iw26Fۻn܁gÚr@|n XwcZ^|_?GOP|^,y=9?Aiḭ5fHd *ӽkD|_?@~$^M_OIUA']ϟOQ=GU,n"Q(?MgsuWvS/Уϋz'){(vF2Y՗ʶzU4qiwr͏LWWL} <B8oqpko+A$ݮgessO*&|aA*h2WxosJnWJ V]W')w1^_\zH/tZ]Q2+/2I<*?/_yKw ogtӭQoWٞd?OQATrqZ"ן1~/ԣ|GC3FzE/01+00q}-G71[,y!Շ/²7S.aPOٟ}^}1BC~54}ˌ04NҮ!kpTMҳoK ;['+,_H$Dz X;ۯW(#98߀Db<ؿBĝ{>QZ?ghb:ʚV@:- JZb ( y2߷tր>I*4T{ybw%;P0EU̞_hcWiڼ/;Eޱ8xEe>cuW_ ?\IKOCbҿ.? JƋأ%Yv} ?\T?h+Y:LoPWH~^R*+ =ac <IШeN\J=5(ZrB~ؘcn +񟵦X̆LGc <3+m+#}q$q6q4vڎ)/7Ry})ܘѓ|_П!GxW>$X*&fә\}93R7=4@.t>ރ t9\o//Sx7(BEqcN >qxH3L$$Vގ1Ehx7+&1zbD?mC=(tBzmb.Ps >]I>WooR}?Ȯ5"i0Zn1L tZz|B f<܀.ӟ$NJ.vο)<}?ߐ-~"ِgnBsR#gMgJCFF 9Fx)GsL!GSx7+w8[,r$`agf_0<)<}?"۟l2pimL7=~d ): >revn}?ȣEbc_ ?\Uc;oEhOȬOL|7A+?1 h]hx(DſXoW4c_`6ПſGx+ JƏL|7A+,F#-|>oV'&>qoW4X.'oQ"?1 hҿ.?tm?ȣEbc_ ?\E]hx(BEbc_ ?\E]hx(DſXoW4c_`6oQ-|ҿ.? JƋѷ-|>ПſXoW4c_`6oQ?"?1 h0i_`6oQ"?1 hҿ.?tm?"'oV'&>qoW4X.G<[Is6A?bc_ ?\E + JƏL|7A+,F ?\G&>q bzO&>qT|Q]Fi.ĊhܣE?XS-̈́y%RB22(fW7k_/k*(*D=?GQEIvzZSQL%/oƑ:QEI.Ҙ~F$PjEٌ4=?+?FbtcJ(oSGJ>}(EnGQL†EDQ@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@;Ҋ(ܾ ȡ/~?QE ? endstream endobj 18 0 obj << /Type /Annot /Subtype /Link /A 19 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 415.6546 125.6807 424.8121 ] >> endobj 19 0 obj << /Type /Action /S /URI /URI (mailto:help@sun.ac.za) >> endobj 20 0 obj << /Type /Annot /Subtype /Link /A 21 0 R /Border [0 0 0] /H /I /Rect [ 86.0357 395.6656 164.6957 404.8231 ] >> endobj 21 0 obj << /Type /Action /S /URI /URI (mailto:sysadm@sun.ac.za) >> endobj 22 0 obj << /Type /Annot /Subtype /Link /A 23 0 R /Border [0 0 0] /H /I /Rect [ 179.0417 364.6876 547.2047 373.8451 ] >> endobj 23 0 obj << /Type /Action /S /URI /URI (http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki Pages/Spam sysadmin Eng.aspx) >> endobj 24 0 obj << /Type /Annot /Subtype /Link /A 25 0 R /Border [0 0 0] /H /I /Rect [ 230.0837 344.6986 308.7437 353.8561 ] >> endobj 25 0 obj << /Type /Action /S /URI /URI (mailto:sysadm@sun.ac.za) >> endobj 26 0 obj << /Type /Annot /Subtype /Link /A 27 0 R /Border [0 0 0] /H /I /Rect [ 332.2427 344.6986 396.9077 353.8561 ] >> endobj 27 0 obj << /Type /Action /S /URI /URI (mailto:help@sun.ac.za) >> endobj 28 0 obj << /Type /Annot /Subtype /Link /A 29 0 R /Border [0 0 0] /H /I /Rect [ 221.0807 258.7756 341.6267 267.9331 ] >> endobj 29 0 obj << /Type /Action /S /URI /URI (http://www.sun.ac.za/useradm) >> endobj xref 0 30 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000357 00000 n 0000000394 00000 n 0000000532 00000 n 0000000595 00000 n 0000004862 00000 n 0000004974 00000 n 0000005089 00000 n 0000005209 00000 n 0000005317 00000 n 0000005382 00000 n 0000006539 00000 n 0000042268 00000 n 0000042387 00000 n 0000046683 00000 n 0000080285 00000 n 0000080412 00000 n 0000080485 00000 n 0000080612 00000 n 0000080687 00000 n 0000080815 00000 n 0000080946 00000 n 0000081074 00000 n 0000081149 00000 n 0000081277 00000 n 0000081350 00000 n 0000081478 00000 n trailer << /Size 30 /Root 1 0 R /Info 5 0 R >> startxref 81558 %%EOF PHISHING: Absa Surecheck Profile App « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

«
»

PHISHING: Absa Surecheck Profile App

Over the weekend and as already reported by a number of Tygerberg colleagues & students, a variant of last week’s ABSA phishing scam has started flooding our email.

The tactics have changed slightly and the criminals are now using a South African domain name to launch their attack. Below is the example of the phishing email, with the forged “ABSA Bank” login page to attempt to convince you to give your bank details willingly to the scammers.

The subject of the email is “Absa Surecheck Profile App – Upgrade | FICA information” which is designed to say absolutely nothing. It is what is known in information technology circles as “techno-babble”

While the methods used to steal a your banking details may differ, the process followed by fraudsters to steal money from their victims in South Africa are nearly always the same:

  1. Get the person’s Internet banking details, typically through a phishing attack. (as shown below)
  2. Get a banking account/s to which money can be transferred to and withdrawn.
  3. Clone the SIM card used by the victim.
  4. Create beneficiaries (using the list of banking accounts) and transfer money to these beneficiaries.
  5. Withdraw the money from these accounts.

Here are the obvious warning signs:

  1. The sender is not an ABSA email account (in this case a “throwaway” German email account used to send millions of phishing e-mails)
  2. Vague and deceptive subject lines (Techno-babble)
  3. An attached file (.htm) that contains a web page that opens up in your browser and links in the background to the server in South Africa.
  4. Impersonal salutation. “Dear Valued Customer”. Banks will never address you like this. They have your money – so it stands to reason that they will know your name as well.
  5. “Online verification” has **** to convince you that the email is genuine, but university addresses end with ac.za, not co.za.

 

The web page that you are directed to is actually the .htm file based on your computer (as an attachment, but links directly to the phishing server in the background.)

In this case is iteron.co.za which is listed as “undergoing maintenance” but is fully functional in the background.

 

 

If you have received an email that looks like this please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing email to the following addresses

help@sun.ac.za

…and sysadm@sun.ac.za as well.

 Attach the phishing or suspicious email on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe): http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new email addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing email from your Inbox into the New Mail Window. It will attach the email as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the email.

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

[ARTICLE BY DAVID WILES]

Email

Tags: , ,

This entry was posted on Monday, October 16th, 2017 at 10:39 am and is filed under E-mail, phishing, Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.

 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.