Earlier this week Tygerberg was subjected to a particularly pervasive attempt by phishing fraudsters to obtain usernames and passwords from users by fooling them to “Activating” their Outlook 2016 account.
Although mostly unsuccessful due to the fact that most personnel are wide awake and sensitive to phishing attacks, this does not stop the attempts. The fraudsters merely change their tactics. Stealing data and gaining access to personal details such as usernames and passwords is very, very profitable!
Today’s phishing scam uses a different method by hiding behind an educational institution’s name and adding a “throw-away” website address at the end.
——————————————————————
Dear Account User,
We are shutting down your Bulk SMS, Cellfindportal today in a course to activate Microsoft Outlook Web access 2016. You need to upgrade your Bulk SMS, Cellfindportal immediately otherwise it will be deactivated.
To activate go to http://bulk-sms-cellfindportal-sun.ac.za.webeden.co.uk
The Information Technology department encourages you to take the following measures to protect your account.
Sincerely
IT Customer Support Center© 2016 CELL FIND LLC. All Rights Reserved
—
The University of Stellenbosch is a charitable body, registered in
Republic of South Africa, with registration number ZA005336.
——————————————————————
We’ve removed the dangerous part of the mail, but you hopefully can see how we can be fooled if we see the “sun.ac.za” address and see the “disclaimer” at the end, and think that it is from the University.
Information Technology will never send you mail like this and if they do mail you, it will always be branded and linked to a sun.ac.za site, and the grammar will be a lot better than this example, and will be bilingual at least!
[ARTICLE BY DAVID WILES]