Several staff are receiving a “threatening” e-mail with the subject “<your email address> DO NOT IGNORE THE WARNING”

Your e-mail address will be inserted at the begining of the message, and then proceeds to inform you about your account being used for “spam activities” and that it will be blacklisted and permanently suspended.

Here is an example of the mail (with all the dangerous stuff removed)

If you are fooled into clicking on the link, you will be taken to a website (based in Zimbabwe) and your e-mail address will be automatically inserted in the field, and you will be asked to type in your password, and then the scammers will have gained access to your network account!

This is a typical tactic employed by phishers targeting university e-mail accounts. They use your contact details and intimidating language to cause you to panic and “click on the link they provide.

When spotting phishing scams remember:

1. Don’t trust the display name.
2. Look but don’t click.
3. Check for spelling mistakes.
4. Analyse the salutation.
5. Don’t give up personal information – ever.
6. Beware of urgent or threatening language in the subject line.
7. Review the signature (remember the university’s own centennial celebration and “water-wise” branding is being used in *some* external phishing attacks)
8. Don’t click on attachments.
9. Don’t trust the header from an email address.
10. Don’t believe everything you see.

Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it’s legitimate. Be sceptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it.

If you have received mail that looks like this, please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to the following addresses: help@sun.ac.za and sysadm@sun.ac.za. 

Attach the phishing or suspicious mail on to the message if possible.  

1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
2. Use the Title “SPAM” (without quotes) in the Subject.
3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
4. Send the mail.

[Article by David Wiles]

This entry was posted on Thursday, March 15th, 2018 at 12:49 pm and is filed under E-mail, phishing, Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.