%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20240517045508+00'00') /ModDate (D:20240517045508+00'00') /Title (IT-artikels) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 11 0 R 13 0 R 15 0 R 17 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 6132 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 63.970 521.469 682.764 re f 0.773 0.773 0.773 RG 0.75 w 0 J [ ] 0 d 45.641 64.345 520.719 682.014 re S 0.773 0.773 0.773 rg 61.016 617.359 m 550.984 617.359 l 550.984 618.109 l 61.016 618.109 l f 1.000 1.000 1.000 rg BT 278.868 698.693 Td /F1 10.5 Tf [(POST LIST)] TJ ET 0.200 0.200 0.200 rg BT 212.789 670.111 Td /F1 14.4 Tf [(INFORMASIETEGNOLOGIE)] TJ ET BT 221.824 643.466 Td /F1 11.7 Tf [(INFORMATION TECHNOLOGY)] TJ ET BT 61.016 583.841 Td /F1 14.4 Tf [(PHISHING E-MAIL WITH DECEPTIVE SUBJECT “IT ADMIN”)] TJ ET 0.400 0.400 0.400 rg BT 61.016 564.033 Td /F3 9.0 Tf [(Several observant colleagues and some students have reported a number of phishing emails being sent )] TJ ET BT 477.221 564.033 Td /F3 9.0 Tf [(\(usually in pairs\))] TJ ET BT 542.732 564.033 Td /F3 9.0 Tf [( )] TJ ET BT 61.016 553.044 Td /F3 9.0 Tf [(from a university account in the United Kingdom. The subject is "IT ADMIN" with no salutation or any other information )] TJ ET BT 61.016 542.055 Td /F3 9.0 Tf [(other than "You have a pending message click )] TJ ET BT 248.810 542.055 Td /F3 9.0 Tf [(here)] TJ ET 0.400 0.400 0.400 RG 0.18 w 0 J [ ] 0 d 248.810 540.904 m 266.819 540.904 l S BT 266.819 542.055 Td /F3 9.0 Tf [( to read".)] TJ ET BT 61.016 522.066 Td /F3 9.0 Tf [(With some students still on their autumn break and many colleagues only returning this week from the short school )] TJ ET BT 61.016 511.077 Td /F3 9.0 Tf [(holiday, mailboxes have filled up full, voicemails and Skype 4 Business voice messages might have been left and some )] TJ ET BT 61.016 500.088 Td /F3 9.0 Tf [(might be fooled into thinking that a message from "IT ADMIN" *might* be important.)] TJ ET BT 61.016 480.099 Td /F3 9.0 Tf [(This is a common tactic used by phishing scammers to attempt to con their victims into giving their usernames and )] TJ ET BT 61.016 469.110 Td /F3 9.0 Tf [(passwords.)] TJ ET BT 61.016 449.121 Td /F3 9.0 Tf [(Many phishing emails use short and cryptic messages to instil a sense of urgency to scare users into doing the attackers’ )] TJ ET BT 61.016 438.132 Td /F3 9.0 Tf [(bidding. In this case, a short mail about a mysterious "pending message" requires the victims to click on a link in order to )] TJ ET BT 61.016 427.143 Td /F3 9.0 Tf [(retrieve the message. In actuality, the link leads to a fake login page designed to collect the user’s login credentials and )] TJ ET BT 61.016 416.154 Td /F3 9.0 Tf [(deliver them to the attackers.)] TJ ET BT 61.016 396.165 Td /F3 9.0 Tf [(You should always inspect all URLs carefully to see if they redirect to an unknown website - )] TJ ET BT 427.667 396.165 Td /F3 9.0 Tf [(this scam links to weebly.com.)] TJ ET BT 61.016 385.176 Td /F3 9.0 Tf [( Also look out for generic salutations, grammar mistakes, and spelling errors scattered throughout the email. There are )] TJ ET BT 61.016 374.187 Td /F3 9.0 Tf [(several in this mail.)] TJ ET BT 61.016 354.198 Td /F3 9.0 Tf [(It is no coincidence that a compromised UK university email address has been used. Large institutions like universities, )] TJ ET BT 61.016 343.209 Td /F3 9.0 Tf [(with large numbers of students and personnel, are always a challenge to protect and are choice targets for phishing )] TJ ET BT 61.016 332.220 Td /F3 9.0 Tf [(attacks.)] TJ ET BT 61.016 312.231 Td /F3 9.0 Tf [(In the same way, some Stellenbosch University students and personnel are fooled by the scam and give the scammers )] TJ ET BT 61.016 301.242 Td /F3 9.0 Tf [(their passwords and login details by filling them in on the fake login page. The original email account is discarded by the )] TJ ET BT 61.016 290.253 Td /F3 9.0 Tf [(scammers and compromised Stellenbosch University accounts might be used. This has happened several times before.)] TJ ET BT 61.016 270.264 Td /F3 9.0 Tf [(So, do not be surprised if later this week there is a fresh breakout of these "pending message" mails from "IT ADMIN" but )] TJ ET BT 61.016 259.275 Td /F3 9.0 Tf [(this time coming from Stellenbosch University student or personnel accounts. It is very important to report this to the IT )] TJ ET BT 61.016 248.286 Td /F3 9.0 Tf [(Cyber Security team.)] TJ ET BT 61.016 228.297 Td /F3 9.0 Tf [(If you have received mail that looks like this, please immediately report it by sending the spam/phishing mail to )] TJ ET 0.373 0.169 0.255 rg BT 61.016 217.308 Td /F3 9.0 Tf [(help@sun.ac.za)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 61.016 216.157 m 125.681 216.157 l S 0.400 0.400 0.400 rg BT 61.016 206.319 Td /F3 9.0 Tf [(and )] TJ ET 0.373 0.169 0.255 rg BT 78.530 206.319 Td /F3 9.0 Tf [(sysadm@sun.ac.za. )] TJ ET 0.18 w 0 J [ ] 0 d 78.530 205.168 m 162.194 205.168 l S 0.400 0.400 0.400 rg BT 61.016 186.330 Td /F3 9.0 Tf [(Attach the phishing or suspicious mail on to the message if possible.)] TJ ET BT 61.016 175.341 Td /F3 9.0 Tf [(1. Start up a new mail addressed to )] TJ ET 0.373 0.169 0.255 rg BT 205.088 175.341 Td /F3 9.0 Tf [(sysadm@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 205.088 174.190 m 283.748 174.190 l S 0.400 0.400 0.400 rg BT 283.748 175.341 Td /F3 9.0 Tf [( \(CC: )] TJ ET 0.373 0.169 0.255 rg BT 307.247 175.341 Td /F3 9.0 Tf [(help@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 307.247 174.190 m 371.912 174.190 l S 0.400 0.400 0.400 rg BT 371.912 175.341 Td /F3 9.0 Tf [(\))] TJ ET BT 61.016 164.352 Td /F3 9.0 Tf [(2. Use the Title “SPAM” \(without quotes\) in the Subject.)] TJ ET BT 61.016 153.363 Td /F3 9.0 Tf [(3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It )] TJ ET BT 61.016 142.374 Td /F3 9.0 Tf [(will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of )] TJ ET BT 61.016 131.385 Td /F3 9.0 Tf [(the New Mail.)] TJ ET BT 61.016 120.396 Td /F3 9.0 Tf [(4. Send the mail.)] TJ ET BT 458.968 100.407 Td /F3 9.0 Tf [([Article by David Wiles])] TJ ET BT 61.016 81.918 Td /F3 9.0 Tf [(Posted in:E-mail,Phishing | Tagged:Phishing | With 0 comments)] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Annot /Subtype /Link /A 12 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 216.4756 125.6807 225.6331 ] >> endobj 12 0 obj << /Type /Action /S /URI /URI (mailto:help@sun.ac.za) >> endobj 13 0 obj << /Type /Annot /Subtype /Link /A 14 0 R /Border [0 0 0] /H /I /Rect [ 78.5297 205.4866 162.1937 214.6441 ] >> endobj 14 0 obj << /Type /Action /S /URI /URI (mailto:sysadm@sun.ac.za) >> endobj 15 0 obj << /Type /Annot /Subtype /Link /A 16 0 R /Border [0 0 0] /H /I /Rect [ 205.0877 174.5086 283.7477 183.6661 ] >> endobj 16 0 obj << /Type /Action /S /URI /URI (mailto:sysadm@sun.ac.za) >> endobj 17 0 obj << /Type /Annot /Subtype /Link /A 18 0 R /Border [0 0 0] /H /I /Rect [ 307.2467 174.5086 371.9117 183.6661 ] >> endobj 18 0 obj << /Type /Action /S /URI /URI (mailto:help@sun.ac.za) >> endobj xref 0 19 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000294 00000 n 0000000323 00000 n 0000000458 00000 n 0000000561 00000 n 0000006745 00000 n 0000006857 00000 n 0000006964 00000 n 0000007080 00000 n 0000007207 00000 n 0000007280 00000 n 0000007407 00000 n 0000007482 00000 n 0000007610 00000 n 0000007685 00000 n 0000007813 00000 n trailer << /Size 19 /Root 1 0 R /Info 5 0 R >> startxref 7886 %%EOF Phishing e-mail with deceptive subject “IT ADMIN” « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

«
»

Phishing e-mail with deceptive subject “IT ADMIN”

Several observant colleagues and some students have reported a number of phishing emails being sent (usually in pairs) from a university account in the United Kingdom. The subject is “IT ADMIN” with no salutation or any other information other than “You have a pending message click here to read”.

With some students still on their autumn break and many colleagues only returning this week from the short school holiday, mailboxes have filled up full, voicemails and Skype 4 Business voice messages might have been left and some might be fooled into thinking that a message from “IT ADMIN” *might* be important.

This is a common tactic used by phishing scammers to attempt to con their victims into giving their usernames and passwords.

Many phishing emails use short and cryptic messages to instil a sense of urgency to scare users into doing the attackers’ bidding. In this case, a short mail about a mysterious “pending message” requires the victims to click on a link in order to retrieve the message. In actuality, the link leads to a fake login page designed to collect the user’s login credentials and deliver them to the attackers.

You should always inspect all URLs carefully to see if they redirect to an unknown website – this scam links to weebly.com. Also look out for generic salutations, grammar mistakes, and spelling errors scattered throughout the email. There are several in this mail.

It is no coincidence that a compromised UK university email address has been used. Large institutions like universities, with large numbers of students and personnel, are always a challenge to protect and are choice targets for phishing attacks.

In the same way, some Stellenbosch University students and personnel are fooled by the scam and give the scammers their passwords and login details by filling them in on the fake login page. The original email account is discarded by the scammers and compromised Stellenbosch University accounts might be used. This has happened several times before.

So, do not be surprised if later this week there is a fresh breakout of these “pending message” mails from “IT ADMIN” but this time coming from Stellenbosch University student or personnel accounts. It is very important to report this to the IT Cyber Security team.

If you have received mail that looks like this, please immediately report it by sending the spam/phishing mail to help@sun.ac.za
and sysadm@sun.ac.za. 

Attach the phishing or suspicious mail on to the message if possible.
1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
2. Use the Title “SPAM” (without quotes) in the Subject.
3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
4. Send the mail.

[Article by David Wiles]

Email

Tags:

This entry was posted on Tuesday, April 10th, 2018 at 8:59 am and is filed under E-mail, phishing. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.

 

© 2013-2024 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.