%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R 25 0 R ] /Count 2 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> /XObject << /I1 24 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text /ImageC ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20250714190757+00'00') /ModDate (D:20250714190757+00'00') /Title (Report 07-2025) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 12 0 R 14 0 R 16 0 R 18 0 R 20 0 R 22 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 7931 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 80.351 521.469 666.383 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 45.266 746.734 m 566.734 746.734 l 565.984 745.984 l 46.016 745.984 l f 566.734 746.734 m 566.734 80.351 l 565.984 80.351 l 565.984 745.984 l f 45.266 746.734 m 45.266 80.351 l 46.016 80.351 l 46.016 745.984 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(SARS PHISHING SCAM FROM SUN EMAIL)] TJ ET 0.400 0.400 0.400 rg BT 61.016 664.909 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 664.909 Td /F3 9.0 Tf [(January 01,1970)] TJ ET BT 173.588 664.909 Td /F2 9.0 Tf [( by )] TJ ET BT 188.096 664.909 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 637.420 Td /F4 9.0 Tf [(If you receive an email with the subject SARS eFilings from any university email account, do not respond or click on the )] TJ ET BT 61.016 626.431 Td /F4 9.0 Tf [(link. This is not a legitimate email from SARS.)] TJ ET BT 61.016 606.442 Td /F4 9.0 Tf [(The suspicious email is being sent from compromised staff email accounts informing users that "An EMP Statement of )] TJ ET BT 61.016 595.453 Td /F4 9.0 Tf [(Account for the tax payer listed below has been issued by SARS" and you "need to log into the google doc with your )] TJ ET BT 61.016 584.464 Td /F4 9.0 Tf [(correct details to view the document". \(as shown in example below\):)] TJ ET BT 61.016 564.475 Td /F4 9.0 Tf [(It is important that you help us by spreading the word, informing us about suspicious mails and letting your colleagues and )] TJ ET BT 61.016 553.486 Td /F4 9.0 Tf [(friends know about the scams. You are our eyes and ears, and your input, information and questions are extremely )] TJ ET BT 61.016 542.497 Td /F4 9.0 Tf [(valuable.)] TJ ET BT 61.016 522.508 Td /F4 9.0 Tf [(When you click on links and provide your information on phishing emails, criminals will be able to gain access to your )] TJ ET BT 61.016 511.519 Td /F4 9.0 Tf [(personal information. If you clicked on the link of this phishing email, immediately go to the www.sun.ac.za/useradm )] TJ ET BT 61.016 500.530 Td /F4 9.0 Tf [(website and change the passwords on all your university accounts.)] TJ ET BT 61.016 480.541 Td /F4 9.0 Tf [(Remember that once the phishers lose control of one compromised account they might simply move over to another )] TJ ET BT 61.016 469.552 Td /F4 9.0 Tf [(account and they might also close the website they were using once it is blocked by us and would use another one that )] TJ ET BT 61.016 458.563 Td /F4 9.0 Tf [(looks and acts in the same way.Currently, the phishers are servers in Europe to launch their attacks.This is a common )] TJ ET BT 61.016 447.574 Td /F4 9.0 Tf [(tactic with a spear-phishing attack such as this.)] TJ ET BT 61.016 425.785 Td /F4 9.0 Tf [(To help us, please:)] TJ ET 0.153 0.153 0.153 RG 85.866 408.612 m 85.866 409.024 85.696 409.434 85.404 409.726 c 85.113 410.017 84.703 410.187 84.291 410.187 c 83.878 410.187 83.469 410.017 83.177 409.726 c 82.885 409.434 82.716 409.024 82.716 408.612 c 82.716 408.200 82.885 407.790 83.177 407.498 c 83.469 407.207 83.878 407.037 84.291 407.037 c 84.703 407.037 85.113 407.207 85.404 407.498 c 85.696 407.790 85.866 408.200 85.866 408.612 c f BT 91.016 405.796 Td /F4 9.0 Tf [(continue to watch out for mail like or similar to this and do NOT respond to it, click on links or provide your email )] TJ ET BT 91.016 394.807 Td /F4 9.0 Tf [(address username or password)] TJ ET 85.866 386.634 m 85.866 387.046 85.696 387.456 85.404 387.748 c 85.113 388.039 84.703 388.209 84.291 388.209 c 83.878 388.209 83.469 388.039 83.177 387.748 c 82.885 387.456 82.716 387.046 82.716 386.634 c 82.716 386.222 82.885 385.812 83.177 385.520 c 83.469 385.229 83.878 385.059 84.291 385.059 c 84.703 385.059 85.113 385.229 85.404 385.520 c 85.696 385.812 85.866 386.222 85.866 386.634 c f BT 91.016 383.818 Td /F4 9.0 Tf [(report the new phishing mail to the correct e-mail addresses of Information Technology Cyber Security using the )] TJ ET BT 91.016 372.829 Td /F4 9.0 Tf [(method added to the bottom of this post)] TJ ET 85.866 364.656 m 85.866 365.068 85.696 365.478 85.404 365.770 c 85.113 366.061 84.703 366.231 84.291 366.231 c 83.878 366.231 83.469 366.061 83.177 365.770 c 82.885 365.478 82.716 365.068 82.716 364.656 c 82.716 364.244 82.885 363.834 83.177 363.542 c 83.469 363.251 83.878 363.081 84.291 363.081 c 84.703 363.081 85.113 363.251 85.404 363.542 c 85.696 363.834 85.866 364.244 85.866 364.656 c f BT 91.016 361.840 Td /F4 9.0 Tf [(remember, just because a mail comes from a student or a personnel e-mail address and has university )] TJ ET BT 91.016 350.851 Td /F4 9.0 Tf [(branding does not mean in any way that it is legitimate)] TJ ET BT 61.016 330.862 Td /F4 9.0 Tf [(If you have received mail that looks like this please immediately report it to the Information Technology Security Team )] TJ ET BT 61.016 319.873 Td /F4 9.0 Tf [(using the following method: \(especially if it comes from a university address\))] TJ ET BT 78.360 299.900 Td /F4 9.0 Tf [(1.)] TJ ET BT 91.016 299.884 Td /F4 9.0 Tf [(Start up a new mail addressed to )] TJ ET 0.373 0.169 0.255 rg BT 225.080 299.884 Td /F4 9.0 Tf [(sysadm@sun.ac.za)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 225.080 298.733 m 303.740 298.733 l S 0.153 0.153 0.153 rg BT 303.740 299.884 Td /F4 9.0 Tf [( \(CC: )] TJ ET 0.373 0.169 0.255 rg BT 327.239 299.884 Td /F4 9.0 Tf [(help@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 327.239 298.733 m 391.904 298.733 l S 0.153 0.153 0.153 rg BT 391.904 299.884 Td /F4 9.0 Tf [(\))] TJ ET BT 78.360 288.911 Td /F4 9.0 Tf [(2.)] TJ ET BT 91.016 288.895 Td /F4 9.0 Tf [(Use the Title SPAM \(without quotes\) in the Subject.)] TJ ET BT 78.360 277.922 Td /F4 9.0 Tf [(3.)] TJ ET BT 91.016 277.906 Td /F4 9.0 Tf [(With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail )] TJ ET BT 91.016 266.917 Td /F4 9.0 Tf [(Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the )] TJ ET BT 91.016 255.928 Td /F4 9.0 Tf [(attachments section of the New Mail.)] TJ ET BT 78.360 244.955 Td /F4 9.0 Tf [(4.)] TJ ET BT 91.016 244.939 Td /F4 9.0 Tf [(Send the mail.)] TJ ET BT 61.016 224.950 Td /F4 9.0 Tf [(IF YOU HAVE FALLEN FOR THE SCAM:)] TJ ET BT 61.016 204.961 Td /F4 9.0 Tf [(If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and )] TJ ET BT 61.016 193.972 Td /F4 9.0 Tf [(password you should immediately go to )] TJ ET 0.373 0.169 0.255 rg BT 221.081 193.972 Td /F4 9.0 Tf [(http://www.sun.ac.za/useradm)] TJ ET 0.18 w 0 J [ ] 0 d 221.081 192.821 m 341.627 192.821 l S 0.153 0.153 0.153 rg BT 341.627 193.972 Td /F4 9.0 Tf [( and change the passwords on ALL your university )] TJ ET BT 61.016 182.983 Td /F4 9.0 Tf [(accounts \(making sure the new password is completely different, and is a strong password that will not be easily )] TJ ET BT 61.016 171.994 Td /F4 9.0 Tf [(guessed.\) as well as changing the passwords on your social media and private e-mail accounts \(especially if you use the )] TJ ET BT 61.016 161.005 Td /F4 9.0 Tf [(same passwords on these accounts.\))] TJ ET BT 61.016 141.016 Td /F4 9.0 Tf [(For more information on reporting and combating phishing and spam:)] TJ ET 0.373 0.169 0.255 rg BT 339.638 141.016 Td /F4 9.0 Tf [(http://blogs.sun.ac.za/it/en/2017/11/reporting-spam-)] TJ ET 0.18 w 0 J [ ] 0 d 339.638 139.865 m 545.243 139.865 l S BT 61.016 130.027 Td /F4 9.0 Tf [(malware-and-phishing/)] TJ ET 0.18 w 0 J [ ] 0 d 61.016 128.876 m 152.042 128.876 l S 0.153 0.153 0.153 rg BT 402.934 110.038 Td /F4 9.0 Tf [([Information supplied by David Wiles])] TJ ET BT 61.016 90.049 Td /F4 9.0 Tf [()] TJ ET q 225.000 0 0 145.500 61.016 427.766 cm /I1 Do Q endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Annot /Subtype /Link /A 13 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 427.7659 286.0157 573.2659 ] >> endobj 13 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/files/2018/08/burden.jpg) >> endobj 14 0 obj << /Type /Annot /Subtype /Link /A 15 0 R /Border [0 0 0] /H /I /Rect [ 225.0797 299.0512 303.7397 308.2087 ] >> endobj 15 0 obj << /Type /Action /S /URI /URI (mailto:sysadm@sun.ac.za) >> endobj 16 0 obj << /Type /Annot /Subtype /Link /A 17 0 R /Border [0 0 0] /H /I /Rect [ 327.2387 299.0512 391.9037 308.2087 ] >> endobj 17 0 obj << /Type /Action /S /URI /URI (mailto:help@sun.ac.za) >> endobj 18 0 obj << /Type /Annot /Subtype /Link /A 19 0 R /Border [0 0 0] /H /I /Rect [ 221.0807 193.1392 341.6267 202.2967 ] >> endobj 19 0 obj << /Type /Action /S /URI /URI (http://www.sun.ac.za/useradm) >> endobj 20 0 obj << /Type /Annot /Subtype /Link /A 21 0 R /Border [0 0 0] /H /I /Rect [ 339.6377 140.1832 545.2427 149.3407 ] >> endobj 21 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/) >> endobj 22 0 obj << /Type /Annot /Subtype /Link /A 23 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 129.1942 152.0417 138.3517 ] >> endobj 23 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/) >> endobj 24 0 obj << /Type /XObject /Subtype /Image /Width 300 /Height 194 /ColorSpace /DeviceRGB /Filter /DCTDecode /BitsPerComponent 8 /Length 10899>> stream JFIF;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82 C    !'"#%%%),($+!$%$C   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$," }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?K^tAm챷̹dwӿ% O<km:+YG'1RYjpYlPAS(QF(1F(1@b(b (QEQE% O𿄭 27Opr9Kڕ>st+Y,tKyWl p{֕72(ʿfYDj$+_'mYz"0W ]k3vr5մ GQrH Vf<09dGm>e l% @9}Əg=ᴙLs{\x?IJFb+Tbp}Ǡ8MFI2 ۙUQ~i qQv"xlYBHdv nr{ }hKl6bg/'j)옷Xϻ8}jZʶ6O"ó`0n˵Z{,Wlp9݌ӚBvdW=,&XXmj&8 ۛ$|zS vP>b=:`=k7^-[pѤɸg88݃Oo&vq:+x\A*Epf91qĭ'}fl(m vۥtTW:.P,c+1 1Sj;EʖH{h:\4PSzd0Oüw>%Y\<|7NI<~Ess>&2ٶqm'`9hhwz vpP!9sy J()i{, *违UdXgv ǀ>S󬮡;w}8|L|(_Ώ:8AvTzE qks:H<YR,{Ev ] *?vܰiOfdծ?ypLc=ԔEx L,7; m+Bvn ķ[p"Yʁ9Ucg*N 5gpɍѥWpnNcG9,G1RM %"GFI]>l{8 +_  8_6; +iwysZmZk]Zج,dP!G>+grYbYH m(ϰ,&69!+"[aJP.#XD:6ً1Ʈ~4xK;av.@EP7uY * F@]z2u,<6l^Vf2`s7E5%;/dy7.fT=FOzJ;p}n[~*V֊,g{wUw187F^>`@8#EkEkekeq煀pXBӯR 9Lf8r0O^㏡>GCNMr,1h`8MhA*]ۼDҬ -#߅ys@ 0"VdUl"{Luietv#Q)s(|V/| j\[;M,+1fRH*|E76svP0;7U-sCNԾ!zF%僙|P dtLJaɎdf`36 '֦qwm$f:%0-*מo|mXY ";l \cOQ#2POݷvr-4H'yU'kg͟-Hs팚_K&i$mBYKݎ?4{-R\$?QxR/|}Z_4Ic?_0F ̓€,Eytb*0OU(])E(0* 8N:՘mHXS"Iǔ[#$?Z>%l?l #dq?I䙆~m< rG<^,ԷG.[6?tq wZEy乑cB0^Prq:*5[8yur&DȪ@#{hNqm5/#jwpۂJ}ӍeFj6km% I ܃@0Xt˱gvE$wv~wPhv:4]R~،~Ri8=]v<{&iJD `I'$ƭ  )$O;|)ݓ<ߧ}foZEևj:I &aIJ: ⇖╯Me嫲mXsǹ\M}cu!Ӯ v6b[0vA׌1C:U~&hv4+}oB۲ \=)K.ħof9(2xZ($y/ ٭9=H?K'mഴkRS Ys1}i9((—=R(d{uVSЂQwJM͌2T$d#w\5Rg8!3\DK[H5Oi$p*8۴HI<j& :ˀJ.H8P=QE=2,*ț%C_Ns\|Ege%[ sq$q3*0VaT7zXVǎodQP˧n# P=ejJ6Z[ۛo>+D$*oN<)mI [}~cuH.L:vւk&FQP ~Rdj;B10ws ͐6sӭhGH(9Or~7!KIZ if7ܥ+!#?!یcO}%4*ۼv奚71F1ԑǠ9sJXKEΪA xt,#FIdb?kOovI,Or!U9lHԉ[Ǻ\0,6+QZ6wvXu";푃h `1G ㏧ȼ)Bţ-$}E6:4K XREEm/s3靼29 x^ԅ0" @wg~rAV20 OhqTӡP^22<ퟻ>.N܃8>sע1z6n `;Wo la ['.WfO98ZPd. m>Hv?'''MD<#.Ռl &v醎2AclQ@wѮiyd9s$ѮOh1v2sZ(;B1nl s1z<B%ҭULmۿcckfO hѼo bQ]bʟvO}kШ?͋Gg:2I0luk7 ~G̪x#vT9"QEpTұi k¢GW $[x >py<3G={Ƈ9E91F%c$v@ (A6.s~T(6/\ (*JZ(/DQ8yk9Zu-r~Q^:Wq:1EPEPEPEPEPEPEPEPEPEPEPM(qEYWW++cU4G-@ 0qGdڍO3"p d`#aǽKvL>z ed=iPI 7V3ol^Y3[(w .7 s%~K$-Bc#PEwUs.YN6>n9j& 4ou4v؇@_8vGRu˰&G-IF׷t.Bwc)Qk06}N}(FʖU(|#o\tFNߟqנ Z+%P9lC cKBc@01'P:Em\ ԋy~b$|p_(BڙNcO{E6* ͸Ѣ%/Ʃb]03s^"4h϶lʿa -8T.V[Px?ZТUT:c! %oG[I~FMO9?ƨkmfZIe*Ma?x9ztI(Gv&ΆzٍvS+ٍpr0yn}\(;/ }G=vfb;/QY7/zỌ=_"AN2Š2(@fE(((`36zHWvN[۞S? )U-0Q#F[c I$zN}zV%&GOvjB#̅0?5zT  c k&&Z@'nEdZʨ-'8ך62<̃'1޴h UxXJ$pS?);ס<ןi@G,nR  縭(5O)y76{5V1p5Ee+T2%Uӌn$N6XQТ(cT#ߛبkJI#?'[PtHcPLo\4^V9| ʨŸ::I`A9OLh2jRVD_>j' 1޴(kbUHF>%`+(( O]袪_& (((((((((((((((((( endstream endobj 25 0 obj << /Type /Page /Parent 3 0 R /Contents 26 0 R >> endobj 26 0 obj << /Length 627 >> stream 0.153 0.153 0.153 rg 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 719.245 521.469 38.739 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 45.266 719.245 m 566.734 719.245 l 565.984 719.995 l 46.016 719.995 l f 566.734 757.984 m 566.734 719.245 l 565.984 719.995 l 565.984 757.984 l f 45.266 757.984 m 45.266 719.245 l 46.016 719.995 l 46.016 757.984 l f 61.016 734.995 m 550.984 734.995 l 550.984 735.745 l 61.016 735.745 l f 0.400 0.400 0.400 rg BT 61.016 749.193 Td /F2 9.0 Tf [(Posted in:E-mail,Phishing,Security | | With 0 comments)] TJ ET endstream endobj xref 0 27 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000339 00000 n 0000000376 00000 n 0000000514 00000 n 0000000631 00000 n 0000008614 00000 n 0000008726 00000 n 0000008841 00000 n 0000008961 00000 n 0000009069 00000 n 0000009196 00000 n 0000009298 00000 n 0000009426 00000 n 0000009501 00000 n 0000009629 00000 n 0000009702 00000 n 0000009830 00000 n 0000009910 00000 n 0000010038 00000 n 0000010163 00000 n 0000010290 00000 n 0000010415 00000 n 0000021483 00000 n 0000021548 00000 n trailer << /Size 27 /Root 1 0 R /Info 5 0 R >> startxref 22227 %%EOF E-mail « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

E-mail

« Older Entries
Newer Entries »

Phishing: Email from “Stellenbosch University Helpdesk”

Wednesday, December 13th, 2017

This morning’s spear-phishing attack comes in the form of a fake mail from “HelpDesk” about an alleged “Email Update”

The spear-phishing mail is as follows:

“Notice From Stellenbosch University HelpDesk: 

In an effort to increase the level of security for our  email accounts User, We are implementing a new email password policy for your protection. If you have not update your password recently click here: sun.ac.za to update your password or your e-mail will be temporarily  suspended .

Thanks for your co-operation.”

This is, of course, a phishing scam and you shouldn’t consider it as legitimate even though it allegedly comes from the “Helpdesk”.

The poor grammar, lack of official branding and threatening tone of the mail makes it a classic phishing scam, but with the added danger of students and personnel falling for it because of the  salutation “Notice from the Stellenbosch University HelpDesk:”

We have already blocked access to the server, but there is a high risk that users who are currently on holiday and accessing university mail through their ADSL internet connections or cell phone, will still have access to the scammer’s server and will be fooled by the “forged” login page and provide the scammers with their usernames and passwords. If this happens the scammers will gain control over the personnel or student account and continue their attack from “within” the university network.

Always send the spam/phishing mail to the following addresses:

help@sun.ac.za and sysadm@sun.ac.za.

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords for these accounts.)

IT has set up a website page with useful information on how to report and combat phishing and spam. The address is:

https://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/ As you can see the address has a sun.ac.za at the end of the domain name, so it is legitimate. 

Email

Tags: ,
Posted in E-mail, phishing, Security | Comments Off on Phishing: Email from “Stellenbosch University Helpdesk”

E-mail scam with subject: “morning”

Wednesday, December 13th, 2017

It seems that scammers are now attempting to use student e-mail addresses to send out spam. 

If you get mail with the subject of “morning”, supposedly coming from a student account (studentnumber@sun.ac.za) with the following content, please ignore and delete it.

We are conducting a  standard process investigation involving a late client who  shares the same surname with you and also the circumstances surrounding investments made by this client.Are you aware of  any relative/relation having the same surname? Send email to: scammer@scam.com

This is a typical Nigerian 419 Advance Fee scam. Do not respond to this mail. The scammers just want to see who will respond so they can con you out of some money.

A reminder again of how to correctly report spam and phishing scams:

Send the spam/phishing mail to the following addresses: 

help@sun.ac.za and sysadm@sun.ac.za.

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (which is safe): http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

IT has set up a website page with useful information on how to report and combat phishing and spam. The address is: https://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

As you can see the address has a sun.ac.za at the end of the domain name, so it is legitimate. We suggest bookmarking this.

[Article by David Wiles]

Email

Tags: ,
Posted in E-mail, Security | Comments Off on E-mail scam with subject: “morning”

Phishing scam targeting Apple users

Thursday, December 7th, 2017

If you are the owner of an Apple product like an iPhone, iPad or MacBook and have an AppleID, then please be aware of a phishing scam currently making the rounds. It targets university personnel (using university usernames – including student numbers)

The subject lines will be “Account Suspension Notification” or “Account Activity Notification” and will tell you that because AppleID account has been logged in from “multiple locations and different countries” your account has been suspended, and you need to log in using your AppleID to reactivate your account on Apple.

Now, if you don’t have an Apple product, this would be something to ignore and spot as a phishing scam, but if you do have an Apple product you might *panic* and click on the link.

This is exactly what the scammers want you to do. You would be taken to a forged website that looks like the Apple Login page and asked to type in your Apple ID username and password. That is what the scammers are after! They can then access your real AppleID account and steal information, credit cards details etc.

  1. Don’t open links inside emails, especially if you’re not 100% sure who sent it.
  2. if you’re about to click on a link from a company as reputable as Apple, It will always have a customer service department you can contact. You can ask if Apple has sent you a link requesting updated contact information. Or better yet, log into your Apple account; click on the Manage My Apple ID tab, to make sure your information is up to date.
  3. Ensure you have up-to-date antivirus and malware/anti-phishing software installed on your computer.

[Article by David Wiles]

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on Phishing scam targeting Apple users

Spear-phishing scam from “university personnel”

Wednesday, December 6th, 2017

Spear-phishing is a targeted form of phishing in which fraudulent emails are sent to specific individuals at an institution, like the university, in an effort to gain access to confidential information.

This morning we are starting to see the spear-phishing scam emails being sent out in the name of known individuals at the university – in Tygerberg’s case – the Dean, Prof Jimmy Volmink.

Below is a mail that is being sent out “in the name” of Prof Volmink, entitled “Invoice Problem”. (click on image to enlarge) It was sent to several university addresses, uses a forged e-mail address from another university, and has been designed to convince people that it is legitimate.

This is a dangerous phishing scam because it seems to come from a known person.Do not respond to it and if you do receive it here is what to do:

Send the spam/phishing mail to the following addresses help@sun.ac.za and sysadm@sun.ac.za.

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (which is safe): http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords for these accounts.)

IT has set up a website page with useful information on how to report and combat phishing and spam. The address is:

https://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

As you can see the address has a sun.ac.za at the end of the domain name, so it is legitimate. I suggest bookmarking this.

[ARTICLE BY David Wiles]

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on Spear-phishing scam from “university personnel”

Phishing attack with subject: “Re-Validate”

Saturday, December 2nd, 2017

With the graduation just around the corner and most students already on holiday, and many of our colleagues already taking a well-deserved break, and collectively we all tend to be a little less vigilant.

The end of the year vacation period is generally a time when phishing attacks on our email accounts drop, and it is speculated that the phishers know there are significantly fewer employees working during the holidays, so there are fewer opportunities for targeted users to actually open malicious attachments.

However spear-phishing attacks increase when the Information technology and “cyber-security”  centres of large enterprises like the university security operations are lightly staffed or understaffed. The scammers know that there is a greater chance for them to gain access to accounts via spear-phishing as the “watchdogs” are fewer.

What is spear-phishing?

Spear-phishing is a targeted form of phishing in which fraudulent emails are sent to specific individuals at an institution like the university in an effort to gain access to confidential information. Often a trustworthy entity is impersonated that uses “urgent” language to requesting sensitive information or actions.

[In August this year the MacEwan University in Canada was targeted when a series of fraudulent emails convinced MacEwan University staff to change electronic banking information for one of the university’s major vendors, resulting in $11.8 million being transferred to criminals.]

The following spear-phishing e-mail is appearing in some student and personnel accounts and it seems to be targeting university accounts specifically as the salutation is a personal name: (in this case your e-mail address, or in some cases your display name in e-mail e.g Wiles, David <dw@sun.ac.za>

The mail will look like this:

~~~

From: Zimbra <infog@adm.orel.ru>
Sent: 01 December 2017 22:15
To: Your Own name <your-e-mail@sun.ac.za>
Subject: Re-Validate

 
Dear your-e-mail@sun.ac.za , 
Your account has exceeded it quota limit as set by Administrator, and you may not be able to send or receive new mails until you Re-Validate your your-e-mail@sun.ac.za account. 
To Re-Validate account@sun.ac.za account, Please CLICK: Re-Validate your-e-mail@sun.ac.za Account
 
~~~
 
If you click on the link you will be taken to a website that will show the following login window where you will be asked to fill in your personal details and password. Once this happen the spear-phishers will have gained control over your email account and will proceed to locate more sensitive information like other e-mail addresses and bank account details, for example. Your e-mail account will then be used to attack other university accounts.


Please be aware of this spear-phishing scam. No university department or division will ever ask you for passwords via e-mail.

[ARTICLE BY DAVID WILES]

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on Phishing attack with subject: “Re-Validate”

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.