%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R 15 0 R ] /Count 2 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> /XObject << /I1 14 0 R /I2 19 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text /ImageC ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20250726222558+00'00') /ModDate (D:20250726222558+00'00') /Title (Report 07-2025) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 12 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 2282 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 -77.179 521.469 823.913 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 45.266 746.734 m 566.734 746.734 l 565.984 745.984 l 46.016 745.984 l f 566.734 746.734 m 566.734 -77.179 l 565.984 -77.179 l 565.984 745.984 l f 45.266 746.734 m 45.266 -77.179 l 46.016 -77.179 l 46.016 745.984 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(SARS PHISHING SCAM)] TJ ET 0.400 0.400 0.400 rg BT 61.016 664.909 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 664.909 Td /F3 9.0 Tf [(January 01,1970)] TJ ET BT 173.588 664.909 Td /F2 9.0 Tf [( by )] TJ ET BT 188.096 664.909 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 637.420 Td /F4 9.0 Tf [(Please be on the lookout for the next phishing attack on the university network. This time \(as occurred several times in )] TJ ET BT 61.016 626.431 Td /F4 9.0 Tf [(2018\) it comes with a subject of SARS eFiling Letter Notification)] TJ ET BT 61.016 606.442 Td /F4 9.0 Tf [(This is an obvious phishing scam using a website to attempt to steal your login details.)] TJ ET BT 78.360 586.469 Td /F4 9.0 Tf [(1.)] TJ ET BT 91.016 586.453 Td /F4 9.0 Tf [(SARS willnot send you an email with the salutation: Dear Tax Payer, they'll address you personally.)] TJ ET BT 78.360 575.480 Td /F4 9.0 Tf [(2.)] TJ ET BT 91.016 575.464 Td /F4 9.0 Tf [(The sender is a compromised email address from an estate agent in Pretoria and not a SARS email address.)] TJ ET BT 78.360 564.491 Td /F4 9.0 Tf [(3.)] TJ ET BT 91.016 564.475 Td /F4 9.0 Tf [(The link takes you to a site that is not the SARS eFiling Server address.)] TJ ET BT 78.360 553.502 Td /F4 9.0 Tf [(4.)] TJ ET BT 91.016 553.486 Td /F4 9.0 Tf [(Apart from department admin who deals with SARS directly, university email addresses are not \(and should not )] TJ ET BT 91.016 542.497 Td /F4 9.0 Tf [(be\) used for SARS communication.)] TJ ET BT 61.016 522.508 Td /F4 9.0 Tf [(Here is an example of the email that several of our observant colleagues and students have already reported:)] TJ ET q 375.000 0 0 290.250 61.016 221.060 cm /I1 Do Q BT 61.016 203.269 Td /F4 9.0 Tf [(Here is the phishing website that will attempt to steal your login details:)] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Annot /Subtype /Link /A 13 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 221.0599 436.0157 511.3099 ] >> endobj 13 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/files/2019/01/sars1.jpg) >> endobj 14 0 obj << /Type /XObject /Subtype /Image /Width 500 /Height 387 /ColorSpace /DeviceRGB /Filter /DCTDecode /BitsPerComponent 8 /Length 37209>> stream JFIF;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82 C    !'"#%%%),($+!$%$C   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?:U;K7]\Uݜʹ`{YGĐxj 4R8b Æ'kx{dWX8j0񄦔ކ}֑m:-B+'IZXC0ES{`FNk'bKG&ye21Ő`mN \;Fw!*zfyG^0SHIVt6{p;xF<P4ƨy皻j6jPcdVڪnM5kKbjSA ͭOܒ`A:^w_Ecey >*Ʊhmij"7$K+l.㹅lGqSU}SM6%4PNɸè#5^K1/ԜT6}=/+9 3Rzĺ qREʲ?Ru+e7R[y,%Hr28x wX_.5 &#p}᰼FymH AT\ԙ IR\NngbL[Σ*ڙ_@hhƏƊ? ?$dt5hR<>|i<ꫀ3x=zVug(+\֔`R赭zQkYm%IWywcc cק{ĺZYIYGHpgҰx 7qߊ$rtLjl5KI%Lm#hm͟ax$diZHmZc#gn~nN@j=Owa嶚NIXyl%o*n$m;v5'ѭx -c])uC+|1O,I_Qּ֒0 r$l)1nW?\Yum RӬJcg;b$cxxs4m?u'Zig dv,B <猊|"Ҙ^Gy$8"(RNkx7YkeD؇]ɳ. _\ֽljmE G}Cqz«PZT70 (`&yb"ݻGO3UEJj宏qw Ln#O6eBc8ZV=л:2S:Jv 2D8ãa6T#퓚WorXl.Q̂ =ؖ.@`_Gh}֞˷y$,  j_'CBjT';4RsӅ疚|" I"2{Q$+o+!P89hhwryjͱĨCV F[K3ʲqGҾN]qM9vSik)N 9aimLȸ%2cAޢ6bC9y^HcVkHiYYNqں^M>Tgڍ:ъ3F}(Qj4(QF}ϵ(sF(ϵ@h>gڍ1HzRڎvchǠ.f}MS@Fwtv5NW?O<{J h"bm8g@%{>DcH~kmݚ$xn]A?^ǽG,keq$2F;O[U[;VhbrŊP)0NAk'[ePӭ'đ+1OAO.p +m ,JPRK1DYvf&LM'h>cI9e ?lHo/Nt ԵlkI" ^xo .,&\[,8%?/QkTfei*&#J~H<~JGYJ}a/(w'qu%D&q6s=?EBtDrM/!_4_?:z<| zs]TqWF$ # K 74PgcT\PpEW#2۰g?Z=1u@,>!̋{1#zU<7ዛhbѴƊDdڗXtG\m" $gA2i jR8i d+*G*YAr:UI fG7dɡX#p jRhrFo'=\ֽxf+g؅u=1Ya+3IiR6Z#wuYo xmƅ.z2Khʠ0ާ@8{֛"Ƒ@ԨfRI";~̠dfnUqamAslQ|\uh1@E2zy GbHnn}grЧJ*J*i 殁 C[&AUno[ܵh:Qt@d4\ :VƐ?\޾=gK`{tϽi*m6LhSoFWWVgJC*۠Ą/Nm ]I< 2I4{Y3cOQV? xyXZo#}*h6>TpxfbBF,C~wrCCG=?_q?4 &Y lSlBDgssҊ#C];-N }_dR뷁'nmONd6qX:-mRUw*ƇEh4L[<2 A`5<*͠TubwLP(-) 赝[Ȕ7yjK{U3sw.qNYd-CӞ t4܁L |猜~f$34Nەư[Mm?$T%U\8Ke=ybrrG=qjwI,$Qϻܐ@z2q|i=KEx"8)lɹL2`Y@;xjP_"!W20>Wz̚ŭޝG1C23tA)I݃wԃ>5meId!ި}qñ"]!v{(ԁl΋^%hd-cI'3I_isx^BvGH'ES'9[:$/%Y@=AuƇcSE~q >mmyK|lbϑMOaR]u V>Bf۞S MtKWVc| 72=I=ȭ Z.v4 Hyo[۬,lGdzkOV5tlg&0[@=[8;NnRbTU_BZfq \k3CĎI$G\[b,0wdM Ae @'[GOrs0΢hemD}1-u)tzK ]Xgy1i$  9h[G(al(9B,[J}:}ݛZ,""#w-%,Qugv+2AyR(k2"v! 5}h~# Qyg#0IB$cځ #΅*S8 C ;4u#Cz+nUq2G<ߐdRiTKE6{9de$n1q$sP7~*xй6" rp~þh] ¸7SEĉ\)Ӝ썛i>g[^|C<36bUg_ 1}895ϡZIƱB$‚23H]?k ]n<~Kn)+8ޣZ `-Mlv)Rrz`g[ϦZ+iqJ1=5i4В4&sO6bd2!pEc{wLі5HdloN8=Et-alivfhԪNL&텓923x$ư#q]+=Tg8$d=mr@((83&=)-')9?u?Ubw1)o5x]i"SBBfAsB~txWQ{ٴiHR;W0i y]8<-9"]L3{% Y A~~"}{IB Ԍf[B(j.qݣ8Qj4#=;bO}t,ld."RAWm)5bz+Qf$[$4X>߽Ӯ*g%aڬ%,T:QMϥ6oA8wgX('hC Omw3jT#KDn7pxzǨۙG@0rPh]n/,a8}n9 x~N :msf8*xq]Y @c$籧>CMؒIYb <~v6F\ItZ67Kqr0NI5bK w0S<+E꽲FqUMI VDٝdl Kqiq"M1@|gx5(g-OGOxgJHncRbA4Ӡ1w H#Ҧ@Z}k-nx{(H̏ PNHޒ?زdPXxƱcsubǬ_&S 8ɐߚ.M+Y|xY.u9]%zXŽڻF"MnhOZtϯ?y48Dy$>Dn非oT-$2'Ƒȟyъʬ,r)<笟ѠXcb'i~?5=?sMġz.a?d O'ٟ|krK R`3crr183ު0~l-ԓBfbwdrzj?Fom`cqjzT(qc{jeB !U#<Pi1Wn}j{m-,۬1F2B"`y'fi'.N0W-qVSR)"-$+ !_z/ף=?YVO5ջ9oYp'sPy"iռv YH* cn7?4}" ]$\6^35ϖ<@~n*}O>'O[17i{/<9,S'O@tXnLvz'zESRhGi6V zuPCncZٕ}iPE"6"!<w޵h bz'ƐHO(ؤ|?5n9?'j)p&dPrǑcКТ0jӢҊ(((((((((((())i(~'zQ?F?7cOf:'p@Z{%5mFdJTtLq}n%7%N+9T#V4Hª`: $f9'o_´33Y@@P0yt51 DDKp vtFoݐv"mb:* ."S=u^s:#":(岙3$ي8z|ڑMMKRh@qK%f~b{Eo_VWn81ʡ)a_/)tܿ AJ9ç^54ͧ9 1GWT?bc# .Iv`|v^[QW"dQZѰSEGZ'KG|=h!?GmD?tyEv <lj4Ah6 -QEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQERRPO_ תoEtdyk6Z=>=5dP<rq.{ Հof,Q^8>*34$:VXOV_΍y:GI.Yp{`T|'L d@i !t8N %?wݐy:zTs$zd?_΀0)ҤX,85//J "h4]kT/K/@G6x'+5V̿&bZ$@Xއ%FzUa!#t)b}:;dd7O0q^|O_ תoEtdyp7/GYMXZTSֹ…_ʓOG_Αbk?*<mΧ͈.CCiq,E"d}FGEq3xz6KUi0DdQ1W )t& p,C5e"\(R txG Y.' qӮAs }*XJ7n_1asE&fh]&g!sA'oaOm`yD?:6S=#xG]=veW7ބc#_Q\ Dl1)NbO: ={ӛw13 B^@r|% #d^D#;fgvz緭g/ttَ>s"MAx.J.V^iA Cc=wTKiCec(FI~կ=%EMݍhp[Eǟ>TCrON5-ߎt+kVb`zgsz9o63&7 (5ulH_gf Ã玸&P^LZl>6dKQ͸ #F;dق7Ɉl7d&]D;!#WiV#1t==jxH{YV V#qd#GOquoh[HDl'ln 2yKm{HfLy6om'rje >L.ΪĺE]*39F@鑚?]¢Řw1wI ,T>* ~{+-ƁLUvyɨ䣯gegYjsm8s.?@x,y`O7@zWd1󘜗NU)/]H0I| l bXYYCGg.ufxJUy$WmHǘFG8>:Wgh:+O 8d߸EuiX/$9!D8]gkL5~kDk88'wdI28텺2F@82o7-ujbۭdLEv:÷L0a1늽;oiƯOg#G-[H G\t8Sܫ%UpsP rzo4#hZ(Q2s!ϹFV7*\ / /6܍ch-`ǽ8}1ԼJ0=( J0=( J0=( 0=PFPFP(0=(Q@Q@Q@(}Tbjp(h'zQ?F?7c-w?iX\W~ ԴMF=8]D>e%6©ۘr*Nr8üx{MX\_<[-7)VLVw rNcH#{ 2P]~Y3{$m=M;Ep'I:S h35+ᷚȈax,Rc'.1xwW(l+3N~` 8<|;֬+-Sʎ 6?t7`唖8 D_׺]Oi@̑˺fUkMȧhmC{S8rb|CWG~ 5'f f?8Z&kd^i$){ ;AU/c$Z,,Vg/?: jM[*_ijmpۧ1 Hb6 m#O_2aY!C n _ ZGLBUDy >SaE] kțz>Y2O9%/-iRiHމveZ`T=zս+ƚߊ.m!E.HQ[S '4&j]ڬ˅yh2p0I;3VidwG)SP@NNA^ON&mo%ԳF"a q;N{61-[; kRO*Eos.A(Bw )uK6['LXG =OZV5.-RS Yc<8bhJhnX}^6 1@ 7EKiL!B2n_1Ç߿8Wf޲a;VprY6FwcvyXk{)hZUݓbc3#sO>fiOp̮[HTp>jX )tF/3FdS/OlaI[?jpNX\q@)־(R"#;wcDĻIt~}D5{(9bprq9#o8y[OiZJ&$I$ ;;dLgߞR`zR8)Ҳ$pqZ(&Ӻ< uid 0GNk^ឍu'ںrj"7R\|yqT^[s偷X eaNfO;=70|OIsI )0r{r@S\տog![[YK@Cls by.4˻r>.>=GjxPTO,lnQmFaW ma#ae95rZۼ2H03~|F{h=Z/ W4l|8ꢒ]MeTzݐymT;uGpr j֋^j:7FA +*x;?Qք ğzL$,}*XlumMGQ 6.DzMEs9VС&wcݬWp}@GV]ƹ`{}9⿆->kA5 -䏐1j8 ]Œz}X]IUv,xQJI-\CqI~`WCz(#]1 7bh_J4@+θ|(9lnE 

Prwn2Kբu y/I_Ba***Ee 0n pOUi\gdh 0Bk[MBge?ϟºXygDYmks:ӦTՍ:<҈ȲGZZ:\x5G:vw8tOh o;y Ʒ3a%t vJ j݉hط2a2!eܣU>M"M|ʥX6۟JŨ\!$[֐!y-RUe«9,?*l^5(i⚺gdf/%f[ ̓x鞴DXѤ/I ilXn|Kg8LmHnlෝ&UF%߀sN*;?#[$ls+wa2V*| Ow 3-ŬB!BF@5VZ[w#)Pݱ[1Bm&5 A|3kV1~@f=VQkwo  5/N+H$.&MUaWQPsmV=*,p7\ͤm)gmmޣ]M2~`XrMzqԟ5a q§GR.g#c-Du;kYmfV0ߧ+>;x5#p̳Y^e\qfk0C Ear@?_AC& Ci%)<Vz'f;!r~_ oeVBH1Qp ,5J_BPdi!j֢ o#-d`{+R}zj3$e[0Bqڗ4{*>m6p'̦INs:PҦ[I4}]bV&OF[;oMuq+&2^{j烵Kkzh1\*6*$>IŻXΤ+F"IMOmncxXv[IԕG#&6y-q9QemOP55)QEQEQEQEQEQEQEQEQEQE6Oj_\@u?F?70A^n@4@+/ÜxMXY71V{%N&K&@$gsU'mEUg`$00a9QnkNm VB_,:*+ 0:Q8mYzu^vzo KK8L"~kyJSvpH۱:+e H-n!XPYC`|U72AE.qqVGz3qke "FIcCsI&jf$LἐK,dt 8Hw%d\"d hQ%0Z67ry>}j 6Pﮮw^f%FGZeܖ!6oe-tv`p1va }2!&KvGqL=ƆZJk2Eԙl!`G"t{lEܧ͓+0 Ƌ-i/$?>V|Vdڞֶ'c7ex MEt..rIl2;Yb m'Å?eu=ѽ+"*cCy;_\xi-巐ȋ! 9%syԴ9$?'8F*6} Z9.&7QEKrk!l(W g7-okeNYo#M\k#׷! -nݟItV/^3oH# tأҀt((((;EPEPEPEPEPEPEPd>i~_`WCz(#]1834Ӭ_dځ_OkÏߘ~=z?<7 7bh4X.FH;Œ~"}9 #:ʴ#kd`mۣ ǾMXi)f`O[7wbe /OivO,q YP?SGXEۥ$hRյGfUt,TP\_."h#w$*s6߽v>X+qHm'ZY[nc"d@1՞e;)9)1 PVzEAITLP;Wp}jNg8y>DݔP)WY庍KU\?*Pׄgl CU]rE-Hqր)kz}Hӡ*QEʺƹleB0cJȿk;Z'gi mPanns]]jĊ@ T&_fFG$zRKGpJ4xs>-TQ\$強Gi>-E2 㸈I #@QEE5p2+Ȋd;T1qZ((%1%yWQk ȁE?4D,`1;J\d1LEQEQEQEQEQEQEQEQEQE6Oj_YG $ώ1?yՀ~'zS~(6-/MD˵Ez&6U]GJtxd4qgFgTe4}u:/hCVy at[[68v/ː皹jz_%#쯕YGP9pyu`)wmĉ@s[*LW}85wHVmi7wq؃˻0ĝˏxYjQZ-ܒ:C憑]L*r~sQdRj%pp !eQ# '(Ѽ/yw!?gāu}ޤ/R>m ײO#,;F^HP#+8 _ĚVosjQƖBL#pRrN{VTMocqmiGl6s!,I%vp0޽2Iw3OH!\Uh)Žp3sƕφ5|=X.i$y9oNH=+<*G ̤+HzbONM/_s^I*+A Ñ2n?Ezi`,.kR0A; Bfel1MKN$[6Hy8ІGa]j@(ռ%iu4B!m(J|tX#>)a.h`If?$`0*۰ Ăq*(Ӽ+iڤd!UNv#PEPEPEPEPEPEPEPEPEPmG<IǷ ?!KǜA5)0<תoE`WCz+;2ݞ/VN[/5Ţ`o9y Bh?ZM* 隍ٻGq+bwqr9}p֗;`I.!IKhr*xY|65{H5G8ݗU9WWt` .pLϑ+xCKT -Ĝ_n'1[⍊;Flʊٷ~FzuLg=ǭhxKUM.K)㐨,Hܱ]:w*W"W̚GfwR#I<`6GZ<;-N` I 쑓 S=^MQ s2i*;"c@oSV|Ait}j[HldñHɵ0HۜwhZxjH`0͸ nw4U1Kim%\$.#Ydtؖb\F2dU2>eHc',FԂc?ǥZF:[)ĬD`qяz_PEdӶO@=[GH:H_pm2W<6zWs4M*'c{_COo1mWQOEiXZG$K7X2/<'sW5.t^DEUTȱǀ~AȪm/GKQq); yc`c^Cy! uByf9Z*$Œ=), ̺b\s'zUG|>M,C#)sA֡oY-fwr~@[v#!%@}<[E8= OR:}WOw24"%t9m\̼\/ﴽrJ&1jC7r9ֽtK6+ B=0=)3Bek$NdhIROJQRVfkN4x&oj<.$*߻idTD2 iA^5 #_;N1ٲ4milQR!21zQclವ%"PK3Ӯ -k_XhꩴccÚ@ֲ<{"!.n㊡c}yo זujZGF)#<⾧ &gʃ*&{ m(aV2SzR`j55'nQIR#Z4ߎ hޭ ?]Í y[H.rT \Υv[IQ*tj帍18{yėMѧMoq} [on-"mH;UsgwqnN1\&Vϔ7\׆k-ׇ;)#>$;ommc5A8E``ǃӥX|A{a{ ki@LM!988j֛c,BH+)㶊Y$lK3>lx=kO%+h#_TTP=}鋤 dlU;qds#g(,AY-.g$+`:Ⅵŕ2ܱ ~e_,2A]"ZRi ß,\q^ fZ,BoU %+,r,ܫ)j8!%$HxU@@)M(QaaF{F}(Sw+QM4=J)޾%aNȠ҇>h=٠( ڏyΓPBQ9>jOR`y Uފ>(zWTv8e=ÜxMXRMi-k6g'CsssQsE7bsǁou=cWKRR0bC\ng\>tj Q /2nS\zܵ^=¯bYT_R3޸~nsoz۹ȡw9& |~_ij1sl3UBp W=E"]F떞"}:4idD8WAmi6Xi(U۫ u?Z"/Ѐ5d1U{/Q_zOnV+<7o{`TlZ]2X $+;spy>-6q<H2W1x_[[v8`(eL$y8x9縮8k:MYc/L 1#S̸F9UԭcDJB\ z85\xTItߴxyf0 V\nv}o\m%m%i!byH)U.y q;ԑjV^MyZ=zq[IcR:+ɕ’p;SWOL{ 'K`Tg (8@:k{ζh1`#㴐Q#2r- #rJ0 @Uwrrz֏<7sk dbs'@-Ҁ5}Bfo gu> m'zU2֕zɯC& s6?A},˓ҡoyec&:\:Xx:3[^^<>p}ksuigw05"mnzZ3xWKA#ZGmXA".T{.9 ceZ꺜֥ikkrwR~T Z_\llei` JPv7 `-eZ^QEco?eqph(gr~`X\rˣ3"b_S),1?r`>V}/8\+I,@؊It9Q[.o]+mm1n3>{8"9b bxVљSAtomn7] Hg@Y33'v:G~/eCeZeR{xc^ҧwx;\Z p@L.#߸R9SG#5&tR`h0f7g`uEPt ΗܬEnٻI<C}4q]C9EbWȥiZu({Oz:[o?s[y .B5WRvX#f9ę`1|WZxPܶ[6ݠpx96/+ @9nNd`۱qևnQJ*Q[W-$ӥ!ʆ6 W'pTWfiZs=䚐wck,zU^A-Í+&[y$҈a_-7]Bs-.^֊mJ:nn؏GKɗx~>B|cua-H೔ncb'ʯh5f8_gʌ=GO-԰,'ȑq\o-*QQMwZJ$ӥxGk) ޲ԵVKHٔgZk"%];N:R,VE9=6x.^ՂIM!*TҲ{WN-Χ4O92L#p|9jj65֞tD_J',M2 x\RN95=qڼ7VY'8 ?J\5'7jZ!Q0|+*43`gl9Լg-mfx%7z$Un4Em "FTf+kh.ޅ ֫\Lu9-bPo]ndUdATt#Ga{}vDxR@ʑx;EL$ՙxyeI`*hY<01" Tv?_Y'iGNkx#_;MDy[u} q$VMF`.ܪmmy&Ѣ[$&89 \XBwI2X\䟭%fMGAӼUuKMSujpbPBQ9>jOR`y Uފ>'zWTv8e=/VȽ׬_KZh-LgRQY=EsEys-ŧN$TpX;*]$1JZ𶍩X[^_6$L%&yP:SH_~]ܐ (Xψ˲UqTUX%{rC9l̠vQ=(Ѩ9>#jVyg 3ʻ2 P\cu֎mE ==(^(((((((((((/0I 5rj (偯'O+X qHNq]щc( W-q,kx-d8OJGXڅoe.k\Un.#HfLF+_SAwS*v9yN>mz$"_no.Gdrv}=*cNsz8sk&DԢY-UF21W 0w3+NR;T̉uvi0Um=qn@zɯ^M?U*I_/2oh>_72JMcĮNN=@J[\XE]OS㹴e<;6ns&4f` ѱZ_m Jqæub9&S՛ķ~JǻYI~N)\Ɲi{EU%m%hYs&3 ^$ĺ٢MA+m1n8Ew"E\f Vect\j&41ƥw9q[\U斴EIK#HpSqU~[n$ X!67rri$oCwyg$r 1HJ|9/{RnTqsUķNQ[QM:.OXn˺MgwiwuI4ŖEVi(1uqmH.ْcԓެ+4>iI%Ki\>:ʤ}y50#Q!Tw_j!qp-Ԭ䜱Qʥs ((((((((((((ė oym,o@i6^x̴[6V^}+Ѧ9ФOcTúcg65.)kN' ku@ + JnK1@}}AY-UnZHNC'#ڻ?Gt@Ӣ`k#J ;,MIEŽIs\vv\=J kh[Euo [_&%ui1f'ږ=O%@E5XVl-IMquyuX7G0Aq dti4+|u**T!ן5ٟiO0Żm#wLc*woGy[k0+$cZYGrZ\o0Un+oLXw#f,X?ȁ⪴{wRDɬB aPہ~~6@F2$x wk1+k=):|KhUH˝=N/]ҵH[ֺE)" 2A+Fhy|-&"nY )UGg/$5jZ՝̯ kA P iZy4\>%vI1’+W8PCqϥi;ӭn[$R#Y^Nxd`}/Z.:QE(((((((((((((((((((((((lp(/֮ SO:#G Uފ g}@旫^¨Wd "h@X0$o*XH䷉dҩM+q^ϼ`\ڶ\]^\uskn,a˂+w'ֻsX1V6Vį ҝg>oQv񮻩kq%vxbtX m 5%X sΡ5ݻj@#zuߵ:˥Ttmog}fp7ĵ.omS~do7b峆pĎ|HԒ(]$yY̋obݞsъM6Ѥ9vXT>To~V~څ}8[$p1mn!_ 3.[ d2xĚ+ݪ<|rN2+c:}- "JF 0+9ԤC4.h%4PQ@ 3IE.h%4PњJ(sFi(4f\њJ(sFi(4f\њJ(sFi(4f\IE.h%4PQ@ 3IEEt\.ܜLH\*4.2zf!`(.L(@9Uފ>'|AzWLvG&c~8:mQQ"EQ ?٫?GEz2 >5gm{??= MQϻO|GAG'#14QGd}{?G'#AN; ug݇'#14{?(Rd}y??= MSPϻO|GAK #ch=14{?(Ck>?= M??&(PϻO|GA~ch14QGd}{??= MQvG #che=??&O|GAE{(vAg݇'#14{?(Ck>?=OG E{Ya #ch??&(PϻO|GAG'#A=; Hߘ?= MQv??&O|GAE{(vAg݇'#AHߘ(Ck>?= MGE{Ya "M??&(PϻO|GA#~ch14QGd}{??= MQv??&O|GA#~che=14{?(Ck>?= M??&(PϻO|GAG'#A=; G #che=14{?(Ck>?= M''# MQvr>,>}G-QQEtƔ-8Rw endstream endobj 15 0 obj << /Type /Page /Parent 3 0 R /Annots [ 17 0 R 20 0 R 22 0 R ] /Contents 16 0 R >> endobj 16 0 obj << /Length 2741 >> stream 0.153 0.153 0.153 rg 0.773 0.773 0.773 RG 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 263.638 521.469 494.346 re f 0.773 0.773 0.773 rg 45.266 263.638 m 566.734 263.638 l 565.984 264.388 l 46.016 264.388 l f 566.734 757.984 m 566.734 263.638 l 565.984 264.388 l 565.984 757.984 l f 45.266 757.984 m 45.266 263.638 l 46.016 264.388 l 46.016 757.984 l f 61.016 279.388 m 550.984 279.388 l 550.984 280.138 l 61.016 280.138 l f q 375.000 0 0 260.250 61.016 488.734 cm /I2 Do Q 0.153 0.153 0.153 rg BT 61.016 470.943 Td /F4 9.0 Tf [(If you receive an email like this, please report it to IT Cyber Security as soon as possible.)] TJ ET BT 61.016 450.954 Td /F4 9.0 Tf [(Once you have reported the spam or phishing mail, you can delete it immediately. You can report this in two ways:)] TJ ET BT 78.360 430.981 Td /F4 9.0 Tf [(1.)] TJ ET BT 91.016 430.965 Td /F4 9.0 Tf [(By reporting it on the ICT Partner Portal. Go to )] TJ ET 0.373 0.169 0.255 rg BT 91.016 419.976 Td /F4 9.0 Tf [(https://servicedesk.sun.ac.za/jira/servicedesk/customer/portal/6/create/115)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 91.016 418.825 m 388.133 418.825 l S 0.153 0.153 0.153 rg BT 388.133 419.976 Td /F4 9.0 Tf [(. Fill in your information and add the )] TJ ET BT 91.016 408.987 Td /F4 9.0 Tf [(email as an attachment. Your request will automatically be logged on the system.)] TJ ET BT 78.360 398.014 Td /F4 9.0 Tf [(2.)] TJ ET BT 91.016 397.998 Td /F4 9.0 Tf [(By sending an email. )] TJ ET BT 108.360 387.025 Td /F4 9.0 Tf [(1.)] TJ ET BT 121.016 387.009 Td /F4 9.0 Tf [(Start up a new mail addressed to )] TJ ET 0.373 0.169 0.255 rg BT 255.080 387.009 Td /F4 9.0 Tf [(csirt@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 255.080 385.858 m 319.232 385.858 l S 0.153 0.153 0.153 rg BT 319.232 387.009 Td /F4 9.0 Tf [(.)] TJ ET BT 108.360 376.036 Td /F4 9.0 Tf [(2.)] TJ ET BT 121.016 376.020 Td /F4 9.0 Tf [(Use the Title SPAM \(without quotes\) in the Subject.)] TJ ET BT 108.360 365.047 Td /F4 9.0 Tf [(3.)] TJ ET BT 121.016 365.031 Td /F4 9.0 Tf [(With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New )] TJ ET BT 121.016 354.042 Td /F4 9.0 Tf [(Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will )] TJ ET BT 121.016 343.053 Td /F4 9.0 Tf [(appear in the attachments section of the New Mail.)] TJ ET BT 108.360 332.080 Td /F4 9.0 Tf [(4.)] TJ ET BT 121.016 332.064 Td /F4 9.0 Tf [(Send the mail.)] TJ ET BT 432.949 312.075 Td /F4 9.0 Tf [([ARTICLE BY DAVID WILES])] TJ ET 0.400 0.400 0.400 rg BT 61.016 293.586 Td /F2 9.0 Tf [(Posted in:E-mail,Phishing,Security | | With 0 comments)] TJ ET endstream endobj 17 0 obj << /Type /Annot /Subtype /Link /A 18 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 488.7343 436.0157 748.9843 ] >> endobj 18 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/files/2019/01/sars2.jpg) >> endobj 19 0 obj << /Type /XObject /Subtype /Image /Width 500 /Height 347 /ColorSpace /DeviceRGB /Filter /DCTDecode /BitsPerComponent 8 /Length 16520>> stream JFIF;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82 C    !'"#%%%),($+!$%$C   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$[" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?Y"tioƃ 2N=<}Kh ~@Uzu?wǷ0ibyI&E'rO¼Lգ)Hu20 k{eEvVўeN7ec||I*XiveGS7] ͱV&"3 }%$YfKvc{@zYw ǫi ;Y Ǫ[NODa uʐzֵ_܈ 4e *G8MNWF{ $H eRi5CZ~U[4rcV#1Ɗ(`s]wGFiT_QGbDjD;p"*?'(z'(z'(e<ȣʏ|<} <} .w*?'("5?УO(e<ȣʏ|<B1?B]ʏ|<ȣOУOТ9p~B*?/(z'(z'(e<ȣʏ|<B5?Т9p"*?'(} <} .w*?'("1?УO(e<ȣʏ|<B1?B]ʏ <ȣO(} .w*?'("1?B1?B]ʏ|<ȣOУO(e<ȣʏ|<B1?B]ʏ|<ȣO(} .w*?'(~B1?УOТ9p~B*?'(S} <B]ʏ <ȣO(} .w*?'("5?УOТ9p"*?'(} <B]\G$c_3ij1aDѻf;ևOQ']EnLO'vӸz* N߳gimU6?У͏z')hw9ğ)sԺv>,|לJ<РIK/1gGx2,gsEX ȸ6F<#N>#nPTu ^hVVKnt)32P?* ^ιo^ڹپ,cS92k>SiK;FPPH6Z\KnKIS1`J)O<㹽nNqyR PKwV09Utomoo.glQw#2Ox:V ?r7rB)n}~(K1Z5ulr8`zHdz>scsζslmH5oռQkIϟ, =ϢT.&3sxiYIFUʇS֚Y4;^I*JwFA9qڤ8.(I784{Sa6:$̻l?7ϗz7O6K}Rs18.O]Tc8/~W=ϗz7NkbU 8 sGщ+k37ϗz?G/oΝGBbrc|~tyFghP)1|ѿ:<~u"ٻ.icZ9=ϗz7N?*W=ϗz7O[Vs C 1>a{_>_ߝ|:wGץRs1|:<~tRRWv[3=ϗz7N8gV֋FӾ?GRc|~tyF|Q*.>f'/oΏ>_ߝ/?*n*V85$JO#I#Y'4]Nt]7QIMTTWz8{G?T>{ۋ7G01'<9K_CoYv n-F N2GLT> ̧yP%|1b'Cie. Hq cV'״!^dKR=zȯV#-([OOc8K u=o#,KZ\N\UִL[4clrUؿ|Bi­G z'Qp>:mcG0@_2y$㧯X򺻒}3_n­G z'R­G z'Qpċh֯d%HXz aX[iw-YJryy}?V=([OO;+ gxð3FH z?\p1ߚ־ cDKX(2)%#=Oo?S ?—o?S? ?Ž`$&&DT`Fz~_ѼK_A-!W?|Bi­? z'Q>Gqm?¾#[J 玽>zտxOWijZ` XCaPG;s_V­? z'Q )Bvws>֟; e!N9@M}Jxv c$$b 9} )G*Ч>`+.-'dBۼzm 3xI{1ݹ,Hǚp;9?V=([OO>-=5RT\AmoR0L '9dQ- [` }{ )K )S]#.G#xfYھf2s9fjQ%RKr+UOD4 OOV>Q<;mq$>g=i˖pRϱq8=c) _UOD4 w:beRi5=ϋ4qT:n\| H^[^n&131!F?W=(aoO)Hܧ>mj;e#u12 p8sUwڗ-8#ay ?*|/9=)V#=*U-/$07_1Moh2ܼb'.I*'* ?A_^­? z'Q )Wsi~ka6;#8kRvxPسHY3w8_^­? z'Q )@Zݵqī8 QHnzUI[[]PFʙIW } )G*Ч  &A0Ly>oVW,Af0FUOD4 OUOD4 9} )G*Чc¾[OOoS? ?Ž`G_p­? z'Q )G0X{V=([OO,|=QW?|Bi­? z'Q>V=([OO,|=G_p­? z'Q )G0X{V=([OO,|=Q_p­? z'Q )G0XzoS? ?˜ <'±:GtOEnx f]#5  +юS ?]k^|$v:W O7 cMsȢvY976k: B}Rd(VvUاқc=gJ]$8[iO|C]>#"{绶+ϗ5dznǶ)0!޿{f^mAqlBɻSN]q;]x4o44Hn g5-m `1PT=sPh#=vgW.udjwšZ݋IBEumtL7E*`[J.YV/PX籪r{^,"e urH$^qRK໻nguYG]7|5 ،BVX]k.Z%(U;V]jwe-!e.1 |?tkٴq)I=21qKUgvݷBgΆ7u :V F cĒI>ӯײ\3oyQEzQ@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@0醐ϋ?b?6_mEzQaOG$vzW E\U>&|7(P((((((((([D[̬ FG*`v:[j[3IY%Г {a:!lZq,7c5euGb[FUHrҼS5VUTxJ|6 f6c{Xmn c #.qxmR+l#q$cq?)4k0hLm8#=0k)sQŻZm$o+7>(ގ I;<[#c+xf䶴`VFˎFT^yS_,bimZ+Y TDr`.[*@=(CkK,V*Q+ icA?X]^ŕo-JS}o4D ́\5m@J [!a!Rł ƀ;OzvI\\G$m(*Z1J&EqцGҼZ M.Ṃ%[];Q29Q^mG hU?DQE ( ( ( ( ( ( ( ( ( a &&|O ş1_ğQ^vGSQ ?]kN|$vzWO5vίke,RV+5-Pb3ql6pT4q&_q1l2n槸ak.[ak؅lq=+gyg^of%h ˷AvmA[t@L[ ܃k^uL\<-mQتq8# ⏂+lEa5Ͳ8WV#8KfeRM5IEUQ@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@0醐ϋ?b?6_mEzQaOG$v:W E\U>&|7(P(((((((((((=*&JzTgg̞4ݧueԯbu.x:nhkʓ\+)e{tſ|MQx;urvgws^]CZ%4F1b[3`$h&)RG\~N j-:ZBkN"ʐ8 `/Zڴc_ʤNJfi5|IV%Qn8'5<;\˩.>ΎU|3*(IZ'bB鑫*Dw1P$ۀk?7lx\\e>zWV\3o,sҥeP>=٦J *-dVygW'QO J;#)(.]ܧJȻ?w?r+Ϛ^EQEQEQEQEQEQEQEQEQEQEQEA)h3_47_aj?0&7LIymWîbKR(QUU$Ċ&2YjqGd!T1*>NH^]%}>o݄5:R7JNIY$-.bUzg\ֱi[NgpCʒj7{R*?3ȧפ_X OHH[Bl~9S~E ( ( ( ( ( ( ( ( ( ( ( a !3_mE,$ڊ>ŸOI" ]'s-w)Ҹ|Lo-QYENhS Z`c'?; T+0o\e\TX.MEF #9֋L֕} uQ@Q@Q@Q@Q@Q@QCWWx ͞|E/岒si:bz&2vKE,v.wnlm Ir@$x3y9znK_nK_ `K{cOrrrw~_և_#p72ݧ HeC3%X OWA* 'Kd,A fwbEQFh((((((((((}0&|O ş1_ğQ^vGSQ ?]kN|$vzWO5 |7I:oIїF;un>$X G9櫏 [䱽sS1ǧn*Iс8"wIAbʪ g{99O7INVSaxilolo1?d_΀QSty6JMҝ'̏moFI{)|6H (((((((((()L4ϋ?b?6_mEzQaOG$v:W E\U>&|7(P(((((((((J$<,QBDd)21C*t{y.bedM"7gX[g3x[g57g!:dkF۝w?aưďu2( _]gjxlHҲ(灆Lqaʍa?lw1Z*]%z~T]**gC~ժ(TU:|#?7P~նkRDZqv^\ӎ\i/}Qc;YrUE.IR>abgo囍DrA穪#_ ?߸4}˙,{<[,@94dv/OQ/jy?Mo@aEbTYcڵtŝmT\e$pX3ㄓ{(`(((((((((}0bg>,$ڊveb8?1⸄77n73mO9PJz񞵙 Az^+4/Wh϶X5D7u)Q`H=@j^8ՑYHa9`r 1ceп_ݡͥGV/}k|bQckq"R2Nǜv޺fv>w/Wh϶X/F+οw]~{ C;Xk?QҼv>'. }/?~Ѱ=)^u BKƗ~>Xk?Q`zWп][kt7f\؃u+ՃGF0-) ((((((((((}0bg>,$ڊ4ba\~h(ׂt`Bоz^S'6y*O[њ/R')o [?¾evr>7U}f׹–(-GQ;? _.]®@ۜkؿKxoz7=o ʯ`GSl%̹~%ԴO#c6Ns8ǨJqik*< Ϙ[su}Y-GR–+f%GCȱO,k 樉G~nCڰ#mW–)Kxoz,Mjp:{׹–(-GV. r-GR–(Yp܃U}^V?R-][hvY"\('>׍fqNz;C0URմ/EgօQ@Q@Q@Q@Q@Q@Q@Q@Q@0醓>ygW'QO J;#)(.]ܧJȻ?w?r+Ϛ^EQEQEQEQEQEQEQEQEQEL 0)hd`QKE@&E-Y`RE QKE@&E-YmQdbQL((((((((((iHLş1_ğQG?b?6(쏰Ȼ?w?r+I" ]*>kyzEVg(QEQEQEQEQEQEQEQEQESY<)?R0pb0pbdz|kyzEVg(QEQEQEQEQ(((((2DkVUa&?*=}f Mu̗ ͐bMapc4"g5Q8P}oI^@^zuR:S~N "mmͮ4BQB:޺4ޗh(((((((((((}0bg>,$ڊygW'QO J;#)(.]ܧJȻ?w?r+Ϛ^EQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEOBg>,$ڊJO'g}:;UAOLa:7୕{Z\۟I}:<|Q aO#s?>?G>/AGe(aOϏϴQQ<9Ϗ͟i2{0}'uge(L?I}:<| >/AGG~|_Ώ>?_6}_Q<9Ϗ͟iiy#s?>?G>/AGeGG~|_Ώ>?_6}_Q<9Ϗ͟i2{0}'ugeGe(aOϏϴQ =b?>ty}:2}_a؏Ϥ|_ξlLiy#s?>?G>/AGe(aOϏϴQ =b?>ty}:22{0}'uge(L(aOϏϴQQ<9Ϗ͟i2{0}'ugeI =b?>ty}:2}_a؏Ϥ|_ξlLiy#s?>?G>/AGe(aOϏϴQQ<9Ϗ͟i2{0}'ugeGe(aOϏϴҏQ<9с󯛾/AGe('59{gwoϬfǹ̜x69W/c endstream endobj 20 0 obj << /Type /Annot /Subtype /Link /A 21 0 R /Border [0 0 0] /H /I /Rect [ 91.0157 419.1436 388.1327 428.3011 ] >> endobj 21 0 obj << /Type /Action /S /URI /URI (https://servicedesk.sun.ac.za/jira/servicedesk/customer/portal/6/create/115) >> endobj 22 0 obj << /Type /Annot /Subtype /Link /A 23 0 R /Border [0 0 0] /H /I /Rect [ 255.0797 386.1766 319.2317 395.3341 ] >> endobj 23 0 obj << /Type /Action /S /URI /URI (mailto:csirt@sun.ac.za) >> endobj xref 0 24 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000350 00000 n 0000000387 00000 n 0000000525 00000 n 0000000607 00000 n 0000002941 00000 n 0000003053 00000 n 0000003168 00000 n 0000003288 00000 n 0000003396 00000 n 0000003523 00000 n 0000003624 00000 n 0000041002 00000 n 0000041100 00000 n 0000043894 00000 n 0000044021 00000 n 0000044122 00000 n 0000060811 00000 n 0000060938 00000 n 0000061065 00000 n 0000061193 00000 n trailer << /Size 24 /Root 1 0 R /Info 5 0 R >> startxref 61267 %%EOF E-mail « Informasietegnologie

Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

E-mail

« Older Entries
Newer Entries »

Phishing: Email from “Stellenbosch University Helpdesk”

Wednesday, December 13th, 2017

This morning’s spear-phishing attack comes in the form of a fake mail from “HelpDesk” about an alleged “Email Update”

The spear-phishing mail is as follows:

“Notice From Stellenbosch University HelpDesk: 

In an effort to increase the level of security for our  email accounts User, We are implementing a new email password policy for your protection. If you have not update your password recently click here: sun.ac.za to update your password or your e-mail will be temporarily  suspended .

Thanks for your co-operation.”

This is, of course, a phishing scam and you shouldn’t consider it as legitimate even though it allegedly comes from the “Helpdesk”.

The poor grammar, lack of official branding and threatening tone of the mail makes it a classic phishing scam, but with the added danger of students and personnel falling for it because of the  salutation “Notice from the Stellenbosch University HelpDesk:”

We have already blocked access to the server, but there is a high risk that users who are currently on holiday and accessing university mail through their ADSL internet connections or cell phone, will still have access to the scammer’s server and will be fooled by the “forged” login page and provide the scammers with their usernames and passwords. If this happens the scammers will gain control over the personnel or student account and continue their attack from “within” the university network.

Always send the spam/phishing mail to the following addresses:

help@sun.ac.za and sysadm@sun.ac.za.

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords for these accounts.)

IT has set up a website page with useful information on how to report and combat phishing and spam. The address is:

https://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/ As you can see the address has a sun.ac.za at the end of the domain name, so it is legitimate. 

Email

Tags: ,
Posted in E-mail, phishing, Security | Comments Off on Phishing: Email from “Stellenbosch University Helpdesk”

E-mail scam with subject: “morning”

Wednesday, December 13th, 2017

It seems that scammers are now attempting to use student e-mail addresses to send out spam. 

If you get mail with the subject of “morning”, supposedly coming from a student account (studentnumber@sun.ac.za) with the following content, please ignore and delete it.

We are conducting a  standard process investigation involving a late client who  shares the same surname with you and also the circumstances surrounding investments made by this client.Are you aware of  any relative/relation having the same surname? Send email to: scammer@scam.com

This is a typical Nigerian 419 Advance Fee scam. Do not respond to this mail. The scammers just want to see who will respond so they can con you out of some money.

A reminder again of how to correctly report spam and phishing scams:

Send the spam/phishing mail to the following addresses: 

help@sun.ac.za and sysadm@sun.ac.za.

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (which is safe): http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

IT has set up a website page with useful information on how to report and combat phishing and spam. The address is: https://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

As you can see the address has a sun.ac.za at the end of the domain name, so it is legitimate. We suggest bookmarking this.

[Article by David Wiles]

Email

Tags: ,
Posted in E-mail, Security | Comments Off on E-mail scam with subject: “morning”

Phishing scam targeting Apple users

Thursday, December 7th, 2017

If you are the owner of an Apple product like an iPhone, iPad or MacBook and have an AppleID, then please be aware of a phishing scam currently making the rounds. It targets university personnel (using university usernames – including student numbers)

The subject lines will be “Account Suspension Notification” or “Account Activity Notification” and will tell you that because AppleID account has been logged in from “multiple locations and different countries” your account has been suspended, and you need to log in using your AppleID to reactivate your account on Apple.

Now, if you don’t have an Apple product, this would be something to ignore and spot as a phishing scam, but if you do have an Apple product you might *panic* and click on the link.

This is exactly what the scammers want you to do. You would be taken to a forged website that looks like the Apple Login page and asked to type in your Apple ID username and password. That is what the scammers are after! They can then access your real AppleID account and steal information, credit cards details etc.

  1. Don’t open links inside emails, especially if you’re not 100% sure who sent it.
  2. if you’re about to click on a link from a company as reputable as Apple, It will always have a customer service department you can contact. You can ask if Apple has sent you a link requesting updated contact information. Or better yet, log into your Apple account; click on the Manage My Apple ID tab, to make sure your information is up to date.
  3. Ensure you have up-to-date antivirus and malware/anti-phishing software installed on your computer.

[Article by David Wiles]

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on Phishing scam targeting Apple users

Spear-phishing scam from “university personnel”

Wednesday, December 6th, 2017

Spear-phishing is a targeted form of phishing in which fraudulent emails are sent to specific individuals at an institution, like the university, in an effort to gain access to confidential information.

This morning we are starting to see the spear-phishing scam emails being sent out in the name of known individuals at the university – in Tygerberg’s case – the Dean, Prof Jimmy Volmink.

Below is a mail that is being sent out “in the name” of Prof Volmink, entitled “Invoice Problem”. (click on image to enlarge) It was sent to several university addresses, uses a forged e-mail address from another university, and has been designed to convince people that it is legitimate.

This is a dangerous phishing scam because it seems to come from a known person.Do not respond to it and if you do receive it here is what to do:

Send the spam/phishing mail to the following addresses help@sun.ac.za and sysadm@sun.ac.za.

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (which is safe): http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords for these accounts.)

IT has set up a website page with useful information on how to report and combat phishing and spam. The address is:

https://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

As you can see the address has a sun.ac.za at the end of the domain name, so it is legitimate. I suggest bookmarking this.

[ARTICLE BY David Wiles]

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on Spear-phishing scam from “university personnel”

Phishing attack with subject: “Re-Validate”

Saturday, December 2nd, 2017

With the graduation just around the corner and most students already on holiday, and many of our colleagues already taking a well-deserved break, and collectively we all tend to be a little less vigilant.

The end of the year vacation period is generally a time when phishing attacks on our email accounts drop, and it is speculated that the phishers know there are significantly fewer employees working during the holidays, so there are fewer opportunities for targeted users to actually open malicious attachments.

However spear-phishing attacks increase when the Information technology and “cyber-security”  centres of large enterprises like the university security operations are lightly staffed or understaffed. The scammers know that there is a greater chance for them to gain access to accounts via spear-phishing as the “watchdogs” are fewer.

What is spear-phishing?

Spear-phishing is a targeted form of phishing in which fraudulent emails are sent to specific individuals at an institution like the university in an effort to gain access to confidential information. Often a trustworthy entity is impersonated that uses “urgent” language to requesting sensitive information or actions.

[In August this year the MacEwan University in Canada was targeted when a series of fraudulent emails convinced MacEwan University staff to change electronic banking information for one of the university’s major vendors, resulting in $11.8 million being transferred to criminals.]

The following spear-phishing e-mail is appearing in some student and personnel accounts and it seems to be targeting university accounts specifically as the salutation is a personal name: (in this case your e-mail address, or in some cases your display name in e-mail e.g Wiles, David <dw@sun.ac.za>

The mail will look like this:

~~~

From: Zimbra <infog@adm.orel.ru>
Sent: 01 December 2017 22:15
To: Your Own name <your-e-mail@sun.ac.za>
Subject: Re-Validate

 
Dear your-e-mail@sun.ac.za , 
Your account has exceeded it quota limit as set by Administrator, and you may not be able to send or receive new mails until you Re-Validate your your-e-mail@sun.ac.za account. 
To Re-Validate account@sun.ac.za account, Please CLICK: Re-Validate your-e-mail@sun.ac.za Account
 
~~~
 
If you click on the link you will be taken to a website that will show the following login window where you will be asked to fill in your personal details and password. Once this happen the spear-phishers will have gained control over your email account and will proceed to locate more sensitive information like other e-mail addresses and bank account details, for example. Your e-mail account will then be used to attack other university accounts.


Please be aware of this spear-phishing scam. No university department or division will ever ask you for passwords via e-mail.

[ARTICLE BY DAVID WILES]

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on Phishing attack with subject: “Re-Validate”

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.