This morning’s spear-phishing attack comes in the form of a fake mail from “HelpDesk” about an alleged “Email Update”

The spear-phishing mail is as follows:

“Notice From Stellenbosch University HelpDesk: 

In an effort to increase the level of security for our  email accounts User, We are implementing a new email password policy for your protection. If you have not update your password recently click here: sun.ac.za to update your password or your e-mail will be temporarily  suspended .

Thanks for your co-operation.”

This is, of course, a phishing scam and you shouldn’t consider it as legitimate even though it allegedly comes from the “Helpdesk”.

The poor grammar, lack of official branding and threatening tone of the mail makes it a classic phishing scam, but with the added danger of students and personnel falling for it because of the  salutation “Notice from the Stellenbosch University HelpDesk:”

We have already blocked access to the server, but there is a high risk that users who are currently on holiday and accessing university mail through their ADSL internet connections or cell phone, will still have access to the scammer’s server and will be fooled by the “forged” login page and provide the scammers with their usernames and passwords. If this happens the scammers will gain control over the personnel or student account and continue their attack from “within” the university network.

Always send the spam/phishing mail to the following addresses:

help@sun.ac.za and sysadm@sun.ac.za.

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
2. Use the Title “SPAM” (without quotes) in the Subject.
3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords for these accounts.)

IT has set up a website page with useful information on how to report and combat phishing and spam. The address is:

https://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/ As you can see the address has a sun.ac.za at the end of the domain name, so it is legitimate. 

Tags: phishing, spear phishing

This entry was posted on Wednesday, December 13th, 2017 at 11:41 am and is filed under E-mail, phishing, Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.