%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R 15 0 R ] /Count 2 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> /XObject << /I1 14 0 R /I2 19 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text /ImageC ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20250727111801+00'00') /ModDate (D:20250727111801+00'00') /Title (Report 07-2025) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 12 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 2282 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 -77.179 521.469 823.913 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 45.266 746.734 m 566.734 746.734 l 565.984 745.984 l 46.016 745.984 l f 566.734 746.734 m 566.734 -77.179 l 565.984 -77.179 l 565.984 745.984 l f 45.266 746.734 m 45.266 -77.179 l 46.016 -77.179 l 46.016 745.984 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(SARS PHISHING SCAM)] TJ ET 0.400 0.400 0.400 rg BT 61.016 664.909 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 664.909 Td /F3 9.0 Tf [(January 01,1970)] TJ ET BT 173.588 664.909 Td /F2 9.0 Tf [( by )] TJ ET BT 188.096 664.909 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 637.420 Td /F4 9.0 Tf [(Please be on the lookout for the next phishing attack on the university network. This time \(as occurred several times in )] TJ ET BT 61.016 626.431 Td /F4 9.0 Tf [(2018\) it comes with a subject of SARS eFiling Letter Notification)] TJ ET BT 61.016 606.442 Td /F4 9.0 Tf [(This is an obvious phishing scam using a website to attempt to steal your login details.)] TJ ET BT 78.360 586.469 Td /F4 9.0 Tf [(1.)] TJ ET BT 91.016 586.453 Td /F4 9.0 Tf [(SARS willnot send you an email with the salutation: Dear Tax Payer, they'll address you personally.)] TJ ET BT 78.360 575.480 Td /F4 9.0 Tf [(2.)] TJ ET BT 91.016 575.464 Td /F4 9.0 Tf [(The sender is a compromised email address from an estate agent in Pretoria and not a SARS email address.)] TJ ET BT 78.360 564.491 Td /F4 9.0 Tf [(3.)] TJ ET BT 91.016 564.475 Td /F4 9.0 Tf [(The link takes you to a site that is not the SARS eFiling Server address.)] TJ ET BT 78.360 553.502 Td /F4 9.0 Tf [(4.)] TJ ET BT 91.016 553.486 Td /F4 9.0 Tf [(Apart from department admin who deals with SARS directly, university email addresses are not \(and should not )] TJ ET BT 91.016 542.497 Td /F4 9.0 Tf [(be\) used for SARS communication.)] TJ ET BT 61.016 522.508 Td /F4 9.0 Tf [(Here is an example of the email that several of our observant colleagues and students have already reported:)] TJ ET q 375.000 0 0 290.250 61.016 221.060 cm /I1 Do Q BT 61.016 203.269 Td /F4 9.0 Tf [(Here is the phishing website that will attempt to steal your login details:)] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Annot /Subtype /Link /A 13 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 221.0599 436.0157 511.3099 ] >> endobj 13 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/files/2019/01/sars1.jpg) >> endobj 14 0 obj << /Type /XObject /Subtype /Image /Width 500 /Height 387 /ColorSpace /DeviceRGB /Filter /DCTDecode /BitsPerComponent 8 /Length 37209>> stream JFIF;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82 C    !'"#%%%),($+!$%$C   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?:U;K7]\Uݜʹ`{YGĐxj 4R8b Æ'kx{dWX8j0񄦔ކ}֑m:-B+'IZXC0ES{`FNk'bKG&ye21Ő`mN \;Fw!*zfyG^0SHIVt6{p;xF<P4ƨy皻j6jPcdVڪnM5kKbjSA ͭOܒ`A:^w_Ecey >*Ʊhmij"7$K+l.㹅lGqSU}SM6%4PNɸè#5^K1/ԜT6}=/+9 3Rzĺ qREʲ?Ru+e7R[y,%Hr28x wX_.5 &#p}᰼FymH AT\ԙ IR\NngbL[Σ*ڙ_@hhƏƊ? ?$dt5hR<>|i<ꫀ3x=zVug(+\֔`R赭zQkYm%IWywcc cק{ĺZYIYGHpgҰx 7qߊ$rtLjl5KI%Lm#hm͟ax$diZHmZc#gn~nN@j=Owa嶚NIXyl%o*n$m;v5'ѭx -c])uC+|1O,I_Qּ֒0 r$l)1nW?\Yum RӬJcg;b$cxxs4m?u'Zig dv,B <猊|"Ҙ^Gy$8"(RNkx7YkeD؇]ɳ. _\ֽljmE G}Cqz«PZT70 (`&yb"ݻGO3UEJj宏qw Ln#O6eBc8ZV=л:2S:Jv 2D8ãa6T#퓚WorXl.Q̂ =ؖ.@`_Gh}֞˷y$,  j_'CBjT';4RsӅ疚|" I"2{Q$+o+!P89hhwryjͱĨCV F[K3ʲqGҾN]qM9vSik)N 9aimLȸ%2cAޢ6bC9y^HcVkHiYYNqں^M>Tgڍ:ъ3F}(Qj4(QF}ϵ(sF(ϵ@h>gڍ1HzRڎvchǠ.f}MS@Fwtv5NW?O<{J h"bm8g@%{>DcH~kmݚ$xn]A?^ǽG,keq$2F;O[U[;VhbrŊP)0NAk'[ePӭ'đ+1OAO.p +m ,JPRK1DYvf&LM'h>cI9e ?lHo/Nt ԵlkI" ^xo .,&\[,8%?/QkTfei*&#J~H<~JGYJ}a/(w'qu%D&q6s=?EBtDrM/!_4_?:z<| zs]TqWF$ # K 74PgcT\PpEW#2۰g?Z=1u@,>!̋{1#zU<7ዛhbѴƊDdڗXtG\m" $gA2i jR8i d+*G*YAr:UI fG7dɡX#p jRhrFo'=\ֽxf+g؅u=1Ya+3IiR6Z#wuYo xmƅ.z2Khʠ0ާ@8{֛"Ƒ@ԨfRI";~̠dfnUqamAslQ|\uh1@E2zy GbHnn}grЧJ*J*i 殁 C[&AUno[ܵh:Qt@d4\ :VƐ?\޾=gK`{tϽi*m6LhSoFWWVgJC*۠Ą/Nm ]I< 2I4{Y3cOQV? xyXZo#}*h6>TpxfbBF,C~wrCCG=?_q?4 &Y lSlBDgssҊ#C];-N }_dR뷁'nmONd6qX:-mRUw*ƇEh4L[<2 A`5<*͠TubwLP(-) 赝[Ȕ7yjK{U3sw.qNYd-CӞ t4܁L |猜~f$34Nەư[Mm?$T%U\8Ke=ybrrG=qjwI,$Qϻܐ@z2q|i=KEx"8)lɹL2`Y@;xjP_"!W20>Wz̚ŭޝG1C23tA)I݃wԃ>5meId!ި}qñ"]!v{(ԁl΋^%hd-cI'3I_isx^BvGH'ES'9[:$/%Y@=AuƇcSE~q >mmyK|lbϑMOaR]u V>Bf۞S MtKWVc| 72=I=ȭ Z.v4 Hyo[۬,lGdzkOV5tlg&0[@=[8;NnRbTU_BZfq \k3CĎI$G\[b,0wdM Ae @'[GOrs0΢hemD}1-u)tzK ]Xgy1i$  9h[G(al(9B,[J}:}ݛZ,""#w-%,Qugv+2AyR(k2"v! 5}h~# Qyg#0IB$cځ #΅*S8 C ;4u#Cz+nUq2G<ߐdRiTKE6{9de$n1q$sP7~*xй6" rp~þh] ¸7SEĉ\)Ӝ썛i>g[^|C<36bUg_ 1}895ϡZIƱB$‚23H]?k ]n<~Kn)+8ޣZ `-Mlv)Rrz`g[ϦZ+iqJ1=5i4В4&sO6bd2!pEc{wLі5HdloN8=Et-alivfhԪNL&텓923x$ư#q]+=Tg8$d=mr@((83&=)-')9?u?Ubw1)o5x]i"SBBfAsB~txWQ{ٴiHR;W0i y]8<-9"]L3{% Y A~~"}{IB Ԍf[B(j.qݣ8Qj4#=;bO}t,ld."RAWm)5bz+Qf$[$4X>߽Ӯ*g%aڬ%,T:QMϥ6oA8wgX('hC Omw3jT#KDn7pxzǨۙG@0rPh]n/,a8}n9 x~N :msf8*xq]Y @c$籧>CMؒIYb <~v6F\ItZ67Kqr0NI5bK w0S<+E꽲FqUMI VDٝdl Kqiq"M1@|gx5(g-OGOxgJHncRbA4Ӡ1w H#Ҧ@Z}k-nx{(H̏ PNHޒ?زdPXxƱcsubǬ_&S 8ɐߚ.M+Y|xY.u9]%zXŽڻF"MnhOZtϯ?y48Dy$>Dn非oT-$2'Ƒȟyъʬ,r)<笟ѠXcb'i~?5=?sMġz.a?d O'ٟ|krK R`3crr183ު0~l-ԓBfbwdrzj?Fom`cqjzT(qc{jeB !U#<Pi1Wn}j{m-,۬1F2B"`y'fi'.N0W-qVSR)"-$+ !_z/ף=?YVO5ջ9oYp'sPy"iռv YH* cn7?4}" ]$\6^35ϖ<@~n*}O>'O[17i{/<9,S'O@tXnLvz'zESRhGi6V zuPCncZٕ}iPE"6"!<w޵h bz'ƐHO(ؤ|?5n9?'j)p&dPrǑcКТ0jӢҊ(((((((((((())i(~'zQ?F?7cOf:'p@Z{%5mFdJTtLq}n%7%N+9T#V4Hª`: $f9'o_´33Y@@P0yt51 DDKp vtFoݐv"mb:* ."S=u^s:#":(岙3$ي8z|ڑMMKRh@qK%f~b{Eo_VWn81ʡ)a_/)tܿ AJ9ç^54ͧ9 1GWT?bc# .Iv`|v^[QW"dQZѰSEGZ'KG|=h!?GmD?tyEv <lj4Ah6 -QEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQERRPO_ תoEtdyk6Z=>=5dP<rq.{ Հof,Q^8>*34$:VXOV_΍y:GI.Yp{`T|'L d@i !t8N %?wݐy:zTs$zd?_΀0)ҤX,85//J "h4]kT/K/@G6x'+5V̿&bZ$@Xއ%FzUa!#t)b}:;dd7O0q^|O_ תoEtdyp7/GYMXZTSֹ…_ʓOG_Αbk?*<mΧ͈.CCiq,E"d}FGEq3xz6KUi0DdQ1W )t& p,C5e"\(R txG Y.' qӮAs }*XJ7n_1asE&fh]&g!sA'oaOm`yD?:6S=#xG]=veW7ބc#_Q\ Dl1)NbO: ={ӛw13 B^@r|% #d^D#;fgvz緭g/ttَ>s"MAx.J.V^iA Cc=wTKiCec(FI~կ=%EMݍhp[Eǟ>TCrON5-ߎt+kVb`zgsz9o63&7 (5ulH_gf Ã玸&P^LZl>6dKQ͸ #F;dق7Ɉl7d&]D;!#WiV#1t==jxH{YV V#qd#GOquoh[HDl'ln 2yKm{HfLy6om'rje >L.ΪĺE]*39F@鑚?]¢Řw1wI ,T>* ~{+-ƁLUvyɨ䣯gegYjsm8s.?@x,y`O7@zWd1󘜗NU)/]H0I| l bXYYCGg.ufxJUy$WmHǘFG8>:Wgh:+O 8d߸EuiX/$9!D8]gkL5~kDk88'wdI28텺2F@82o7-ujbۭdLEv:÷L0a1늽;oiƯOg#G-[H G\t8Sܫ%UpsP rzo4#hZ(Q2s!ϹFV7*\ / /6܍ch-`ǽ8}1ԼJ0=( J0=( J0=( 0=PFPFP(0=(Q@Q@Q@(}Tbjp(h'zQ?F?7c-w?iX\W~ ԴMF=8]D>e%6©ۘr*Nr8üx{MX\_<[-7)VLVw rNcH#{ 2P]~Y3{$m=M;Ep'I:S h35+ᷚȈax,Rc'.1xwW(l+3N~` 8<|;֬+-Sʎ 6?t7`唖8 D_׺]Oi@̑˺fUkMȧhmC{S8rb|CWG~ 5'f f?8Z&kd^i$){ ;AU/c$Z,,Vg/?: jM[*_ijmpۧ1 Hb6 m#O_2aY!C n _ ZGLBUDy >SaE] kțz>Y2O9%/-iRiHމveZ`T=zս+ƚߊ.m!E.HQ[S '4&j]ڬ˅yh2p0I;3VidwG)SP@NNA^ON&mo%ԳF"a q;N{61-[; kRO*Eos.A(Bw )uK6['LXG =OZV5.-RS Yc<8bhJhnX}^6 1@ 7EKiL!B2n_1Ç߿8Wf޲a;VprY6FwcvyXk{)hZUݓbc3#sO>fiOp̮[HTp>jX )tF/3FdS/OlaI[?jpNX\q@)־(R"#;wcDĻIt~}D5{(9bprq9#o8y[OiZJ&$I$ ;;dLgߞR`zR8)Ҳ$pqZ(&Ӻ< uid 0GNk^ឍu'ںrj"7R\|yqT^[s偷X eaNfO;=70|OIsI )0r{r@S\տog![[YK@Cls by.4˻r>.>=GjxPTO,lnQmFaW ma#ae95rZۼ2H03~|F{h=Z/ W4l|8ꢒ]MeTzݐymT;uGpr j֋^j:7FA +*x;?Qք ğzL$,}*XlumMGQ 6.DzMEs9VС&wcݬWp}@GV]ƹ`{}9⿆->kA5 -䏐1j8 ]Œz}X]IUv,xQJI-\CqI~`WCz(#]1 7bh_J4@+θ|(9lnE 

Prwn2Kբu y/I_Ba***Ee 0n pOUi\gdh 0Bk[MBge?ϟºXygDYmks:ӦTՍ:<҈ȲGZZ:\x5G:vw8tOh o;y Ʒ3a%t vJ j݉hط2a2!eܣU>M"M|ʥX6۟JŨ\!$[֐!y-RUe«9,?*l^5(i⚺gdf/%f[ ̓x鞴DXѤ/I ilXn|Kg8LmHnlෝ&UF%߀sN*;?#[$ls+wa2V*| Ow 3-ŬB!BF@5VZ[w#)Pݱ[1Bm&5 A|3kV1~@f=VQkwo  5/N+H$.&MUaWQPsmV=*,p7\ͤm)gmmޣ]M2~`XrMzqԟ5a q§GR.g#c-Du;kYmfV0ߧ+>;x5#p̳Y^e\qfk0C Ear@?_AC& Ci%)<Vz'f;!r~_ oeVBH1Qp ,5J_BPdi!j֢ o#-d`{+R}zj3$e[0Bqڗ4{*>m6p'̦INs:PҦ[I4}]bV&OF[;oMuq+&2^{j烵Kkzh1\*6*$>IŻXΤ+F"IMOmncxXv[IԕG#&6y-q9QemOP55)QEQEQEQEQEQEQEQEQEQE6Oj_\@u?F?70A^n@4@+/ÜxMXY71V{%N&K&@$gsU'mEUg`$00a9QnkNm VB_,:*+ 0:Q8mYzu^vzo KK8L"~kyJSvpH۱:+e H-n!XPYC`|U72AE.qqVGz3qke "FIcCsI&jf$LἐK,dt 8Hw%d\"d hQ%0Z67ry>}j 6Pﮮw^f%FGZeܖ!6oe-tv`p1va }2!&KvGqL=ƆZJk2Eԙl!`G"t{lEܧ͓+0 Ƌ-i/$?>V|Vdڞֶ'c7ex MEt..rIl2;Yb m'Å?eu=ѽ+"*cCy;_\xi-巐ȋ! 9%syԴ9$?'8F*6} Z9.&7QEKrk!l(W g7-okeNYo#M\k#׷! -nݟItV/^3oH# tأҀt((((;EPEPEPEPEPEPEPd>i~_`WCz(#]1834Ӭ_dځ_OkÏߘ~=z?<7 7bh4X.FH;Œ~"}9 #:ʴ#kd`mۣ ǾMXi)f`O[7wbe /OivO,q YP?SGXEۥ$hRյGfUt,TP\_."h#w$*s6߽v>X+qHm'ZY[nc"d@1՞e;)9)1 PVzEAITLP;Wp}jNg8y>DݔP)WY庍KU\?*Pׄgl CU]rE-Hqր)kz}Hӡ*QEʺƹleB0cJȿk;Z'gi mPanns]]jĊ@ T&_fFG$zRKGpJ4xs>-TQ\$強Gi>-E2 㸈I #@QEE5p2+Ȋd;T1qZ((%1%yWQk ȁE?4D,`1;J\d1LEQEQEQEQEQEQEQEQEQE6Oj_YG $ώ1?yՀ~'zS~(6-/MD˵Ez&6U]GJtxd4qgFgTe4}u:/hCVy at[[68v/ː皹jz_%#쯕YGP9pyu`)wmĉ@s[*LW}85wHVmi7wq؃˻0ĝˏxYjQZ-ܒ:C憑]L*r~sQdRj%pp !eQ# '(Ѽ/yw!?gāu}ޤ/R>m ײO#,;F^HP#+8 _ĚVosjQƖBL#pRrN{VTMocqmiGl6s!,I%vp0޽2Iw3OH!\Uh)Žp3sƕφ5|=X.i$y9oNH=+<*G ̤+HzbONM/_s^I*+A Ñ2n?Ezi`,.kR0A; Bfel1MKN$[6Hy8ІGa]j@(ռ%iu4B!m(J|tX#>)a.h`If?$`0*۰ Ăq*(Ӽ+iڤd!UNv#PEPEPEPEPEPEPEPEPEPmG<IǷ ?!KǜA5)0<תoE`WCz+;2ݞ/VN[/5Ţ`o9y Bh?ZM* 隍ٻGq+bwqr9}p֗;`I.!IKhr*xY|65{H5G8ݗU9WWt` .pLϑ+xCKT -Ĝ_n'1[⍊;Flʊٷ~FzuLg=ǭhxKUM.K)㐨,Hܱ]:w*W"W̚GfwR#I<`6GZ<;-N` I 쑓 S=^MQ s2i*;"c@oSV|Ait}j[HldñHɵ0HۜwhZxjH`0͸ nw4U1Kim%\$.#Ydtؖb\F2dU2>eHc',FԂc?ǥZF:[)ĬD`qяz_PEdӶO@=[GH:H_pm2W<6zWs4M*'c{_COo1mWQOEiXZG$K7X2/<'sW5.t^DEUTȱǀ~AȪm/GKQq); yc`c^Cy! uByf9Z*$Œ=), ̺b\s'zUG|>M,C#)sA֡oY-fwr~@[v#!%@}<[E8= OR:}WOw24"%t9m\̼\/ﴽrJ&1jC7r9ֽtK6+ B=0=)3Bek$NdhIROJQRVfkN4x&oj<.$*߻idTD2 iA^5 #_;N1ٲ4milQR!21zQclವ%"PK3Ӯ -k_XhꩴccÚ@ֲ<{"!.n㊡c}yo זujZGF)#<⾧ &gʃ*&{ m(aV2SzR`j55'nQIR#Z4ߎ hޭ ?]Í y[H.rT \Υv[IQ*tj帍18{yėMѧMoq} [on-"mH;UsgwqnN1\&Vϔ7\׆k-ׇ;)#>$;ommc5A8E``ǃӥX|A{a{ ki@LM!988j֛c,BH+)㶊Y$lK3>lx=kO%+h#_TTP=}鋤 dlU;qds#g(,AY-.g$+`:Ⅵŕ2ܱ ~e_,2A]"ZRi ß,\q^ fZ,BoU %+,r,ܫ)j8!%$HxU@@)M(QaaF{F}(Sw+QM4=J)޾%aNȠ҇>h=٠( ڏyΓPBQ9>jOR`y Uފ>(zWTv8e=ÜxMXRMi-k6g'CsssQsE7bsǁou=cWKRR0bC\ng\>tj Q /2nS\zܵ^=¯bYT_R3޸~nsoz۹ȡw9& |~_ij1sl3UBp W=E"]F떞"}:4idD8WAmi6Xi(U۫ u?Z"/Ѐ5d1U{/Q_zOnV+<7o{`TlZ]2X $+;spy>-6q<H2W1x_[[v8`(eL$y8x9縮8k:MYc/L 1#S̸F9UԭcDJB\ z85\xTItߴxyf0 V\nv}o\m%m%i!byH)U.y q;ԑjV^MyZ=zq[IcR:+ɕ’p;SWOL{ 'K`Tg (8@:k{ζh1`#㴐Q#2r- #rJ0 @Uwrrz֏<7sk dbs'@-Ҁ5}Bfo gu> m'zU2֕zɯC& s6?A},˓ҡoyec&:\:Xx:3[^^<>p}ksuigw05"mnzZ3xWKA#ZGmXA".T{.9 ceZ꺜֥ikkrwR~T Z_\llei` JPv7 `-eZ^QEco?eqph(gr~`X\rˣ3"b_S),1?r`>V}/8\+I,@؊It9Q[.o]+mm1n3>{8"9b bxVљSAtomn7] Hg@Y33'v:G~/eCeZeR{xc^ҧwx;\Z p@L.#߸R9SG#5&tR`h0f7g`uEPt ΗܬEnٻI<C}4q]C9EbWȥiZu({Oz:[o?s[y .B5WRvX#f9ę`1|WZxPܶ[6ݠpx96/+ @9nNd`۱qևnQJ*Q[W-$ӥ!ʆ6 W'pTWfiZs=䚐wck,zU^A-Í+&[y$҈a_-7]Bs-.^֊mJ:nn؏GKɗx~>B|cua-H೔ncb'ʯh5f8_gʌ=GO-԰,'ȑq\o-*QQMwZJ$ӥxGk) ޲ԵVKHٔgZk"%];N:R,VE9=6x.^ՂIM!*TҲ{WN-Χ4O92L#p|9jj65֞tD_J',M2 x\RN95=qڼ7VY'8 ?J\5'7jZ!Q0|+*43`gl9Լg-mfx%7z$Un4Em "FTf+kh.ޅ ֫\Lu9-bPo]ndUdATt#Ga{}vDxR@ʑx;EL$ՙxyeI`*hY<01" Tv?_Y'iGNkx#_;MDy[u} q$VMF`.ܪmmy&Ѣ[$&89 \XBwI2X\䟭%fMGAӼUuKMSujpbPBQ9>jOR`y Uފ>'zWTv8e=/VȽ׬_KZh-LgRQY=EsEys-ŧN$TpX;*]$1JZ𶍩X[^_6$L%&yP:SH_~]ܐ (Xψ˲UqTUX%{rC9l̠vQ=(Ѩ9>#jVyg 3ʻ2 P\cu֎mE ==(^(((((((((((/0I 5rj (偯'O+X qHNq]щc( W-q,kx-d8OJGXڅoe.k\Un.#HfLF+_SAwS*v9yN>mz$"_no.Gdrv}=*cNsz8sk&DԢY-UF21W 0w3+NR;T̉uvi0Um=qn@zɯ^M?U*I_/2oh>_72JMcĮNN=@J[\XE]OS㹴e<;6ns&4f` ѱZ_m Jqæub9&S՛ķ~JǻYI~N)\Ɲi{EU%m%hYs&3 ^$ĺ٢MA+m1n8Ew"E\f Vect\j&41ƥw9q[\U斴EIK#HpSqU~[n$ X!67rri$oCwyg$r 1HJ|9/{RnTqsUķNQ[QM:.OXn˺MgwiwuI4ŖEVi(1uqmH.ْcԓެ+4>iI%Ki\>:ʤ}y50#Q!Tw_j!qp-Ԭ䜱Qʥs ((((((((((((ė oym,o@i6^x̴[6V^}+Ѧ9ФOcTúcg65.)kN' ku@ + JnK1@}}AY-UnZHNC'#ڻ?Gt@Ӣ`k#J ;,MIEŽIs\vv\=J kh[Euo [_&%ui1f'ږ=O%@E5XVl-IMquyuX7G0Aq dti4+|u**T!ן5ٟiO0Żm#wLc*woGy[k0+$cZYGrZ\o0Un+oLXw#f,X?ȁ⪴{wRDɬB aPہ~~6@F2$x wk1+k=):|KhUH˝=N/]ҵH[ֺE)" 2A+Fhy|-&"nY )UGg/$5jZ՝̯ kA P iZy4\>%vI1’+W8PCqϥi;ӭn[$R#Y^Nxd`}/Z.:QE(((((((((((((((((((((((lp(/֮ SO:#G Uފ g}@旫^¨Wd "h@X0$o*XH䷉dҩM+q^ϼ`\ڶ\]^\uskn,a˂+w'ֻsX1V6Vį ҝg>oQv񮻩kq%vxbtX m 5%X sΡ5ݻj@#zuߵ:˥Ttmog}fp7ĵ.omS~do7b峆pĎ|HԒ(]$yY̋obݞsъM6Ѥ9vXT>To~V~څ}8[$p1mn!_ 3.[ d2xĚ+ݪ<|rN2+c:}- "JF 0+9ԤC4.h%4PQ@ 3IE.h%4PњJ(sFi(4f\њJ(sFi(4f\њJ(sFi(4f\IE.h%4PQ@ 3IEEt\.ܜLH\*4.2zf!`(.L(@9Uފ>'|AzWLvG&c~8:mQQ"EQ ?٫?GEz2 >5gm{??= MQϻO|GAG'#14QGd}{?G'#AN; ug݇'#14{?(Rd}y??= MSPϻO|GAK #ch=14{?(Ck>?= M??&(PϻO|GA~ch14QGd}{??= MQvG #che=??&O|GAE{(vAg݇'#14{?(Ck>?=OG E{Ya #ch??&(PϻO|GAG'#A=; Hߘ?= MQv??&O|GAE{(vAg݇'#AHߘ(Ck>?= MGE{Ya "M??&(PϻO|GA#~ch14QGd}{??= MQv??&O|GA#~che=14{?(Ck>?= M??&(PϻO|GAG'#A=; G #che=14{?(Ck>?= M''# MQvr>,>}G-QQEtƔ-8Rw endstream endobj 15 0 obj << /Type /Page /Parent 3 0 R /Annots [ 17 0 R 20 0 R 22 0 R ] /Contents 16 0 R >> endobj 16 0 obj << /Length 2741 >> stream 0.153 0.153 0.153 rg 0.773 0.773 0.773 RG 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 263.638 521.469 494.346 re f 0.773 0.773 0.773 rg 45.266 263.638 m 566.734 263.638 l 565.984 264.388 l 46.016 264.388 l f 566.734 757.984 m 566.734 263.638 l 565.984 264.388 l 565.984 757.984 l f 45.266 757.984 m 45.266 263.638 l 46.016 264.388 l 46.016 757.984 l f 61.016 279.388 m 550.984 279.388 l 550.984 280.138 l 61.016 280.138 l f q 375.000 0 0 260.250 61.016 488.734 cm /I2 Do Q 0.153 0.153 0.153 rg BT 61.016 470.943 Td /F4 9.0 Tf [(If you receive an email like this, please report it to IT Cyber Security as soon as possible.)] TJ ET BT 61.016 450.954 Td /F4 9.0 Tf [(Once you have reported the spam or phishing mail, you can delete it immediately. You can report this in two ways:)] TJ ET BT 78.360 430.981 Td /F4 9.0 Tf [(1.)] TJ ET BT 91.016 430.965 Td /F4 9.0 Tf [(By reporting it on the ICT Partner Portal. Go to )] TJ ET 0.373 0.169 0.255 rg BT 91.016 419.976 Td /F4 9.0 Tf [(https://servicedesk.sun.ac.za/jira/servicedesk/customer/portal/6/create/115)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 91.016 418.825 m 388.133 418.825 l S 0.153 0.153 0.153 rg BT 388.133 419.976 Td /F4 9.0 Tf [(. Fill in your information and add the )] TJ ET BT 91.016 408.987 Td /F4 9.0 Tf [(email as an attachment. Your request will automatically be logged on the system.)] TJ ET BT 78.360 398.014 Td /F4 9.0 Tf [(2.)] TJ ET BT 91.016 397.998 Td /F4 9.0 Tf [(By sending an email. )] TJ ET BT 108.360 387.025 Td /F4 9.0 Tf [(1.)] TJ ET BT 121.016 387.009 Td /F4 9.0 Tf [(Start up a new mail addressed to )] TJ ET 0.373 0.169 0.255 rg BT 255.080 387.009 Td /F4 9.0 Tf [(csirt@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 255.080 385.858 m 319.232 385.858 l S 0.153 0.153 0.153 rg BT 319.232 387.009 Td /F4 9.0 Tf [(.)] TJ ET BT 108.360 376.036 Td /F4 9.0 Tf [(2.)] TJ ET BT 121.016 376.020 Td /F4 9.0 Tf [(Use the Title SPAM \(without quotes\) in the Subject.)] TJ ET BT 108.360 365.047 Td /F4 9.0 Tf [(3.)] TJ ET BT 121.016 365.031 Td /F4 9.0 Tf [(With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New )] TJ ET BT 121.016 354.042 Td /F4 9.0 Tf [(Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will )] TJ ET BT 121.016 343.053 Td /F4 9.0 Tf [(appear in the attachments section of the New Mail.)] TJ ET BT 108.360 332.080 Td /F4 9.0 Tf [(4.)] TJ ET BT 121.016 332.064 Td /F4 9.0 Tf [(Send the mail.)] TJ ET BT 432.949 312.075 Td /F4 9.0 Tf [([ARTICLE BY DAVID WILES])] TJ ET 0.400 0.400 0.400 rg BT 61.016 293.586 Td /F2 9.0 Tf [(Posted in:E-mail,Phishing,Security | | With 0 comments)] TJ ET endstream endobj 17 0 obj << /Type /Annot /Subtype /Link /A 18 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 488.7343 436.0157 748.9843 ] >> endobj 18 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/files/2019/01/sars2.jpg) >> endobj 19 0 obj << /Type /XObject /Subtype /Image /Width 500 /Height 347 /ColorSpace /DeviceRGB /Filter /DCTDecode /BitsPerComponent 8 /Length 16520>> stream JFIF;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82 C    !'"#%%%),($+!$%$C   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$[" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?Y"tioƃ 2N=<}Kh ~@Uzu?wǷ0ibyI&E'rO¼Lգ)Hu20 k{eEvVўeN7ec||I*XiveGS7] ͱV&"3 }%$YfKvc{@zYw ǫi ;Y Ǫ[NODa uʐzֵ_܈ 4e *G8MNWF{ $H eRi5CZ~U[4rcV#1Ɗ(`s]wGFiT_QGbDjD;p"*?'(z'(z'(e<ȣʏ|<} <} .w*?'("5?УO(e<ȣʏ|<B1?B]ʏ|<ȣOУOТ9p~B*?/(z'(z'(e<ȣʏ|<B5?Т9p"*?'(} <} .w*?'("1?УO(e<ȣʏ|<B1?B]ʏ <ȣO(} .w*?'("1?B1?B]ʏ|<ȣOУO(e<ȣʏ|<B1?B]ʏ|<ȣO(} .w*?'(~B1?УOТ9p~B*?'(S} <B]ʏ <ȣO(} .w*?'("5?УOТ9p"*?'(} <B]\G$c_3ij1aDѻf;ևOQ']EnLO'vӸz* N߳gimU6?У͏z')hw9ğ)sԺv>,|לJ<РIK/1gGx2,gsEX ȸ6F<#N>#nPTu ^hVVKnt)32P?* ^ιo^ڹپ,cS92k>SiK;FPPH6Z\KnKIS1`J)O<㹽nNqyR PKwV09Utomoo.glQw#2Ox:V ?r7rB)n}~(K1Z5ulr8`zHdz>scsζslmH5oռQkIϟ, =ϢT.&3sxiYIFUʇS֚Y4;^I*JwFA9qڤ8.(I784{Sa6:$̻l?7ϗz7O6K}Rs18.O]Tc8/~W=ϗz7NkbU 8 sGщ+k37ϗz?G/oΝGBbrc|~tyFghP)1|ѿ:<~u"ٻ.icZ9=ϗz7N?*W=ϗz7O[Vs C 1>a{_>_ߝ|:wGץRs1|:<~tRRWv[3=ϗz7N8gV֋FӾ?GRc|~tyF|Q*.>f'/oΏ>_ߝ/?*n*V85$JO#I#Y'4]Nt]7QIMTTWz8{G?T>{ۋ7G01'<9K_CoYv n-F N2GLT> ̧yP%|1b'Cie. Hq cV'״!^dKR=zȯV#-([OOc8K u=o#,KZ\N\UִL[4clrUؿ|Bi­G z'Qp>:mcG0@_2y$㧯X򺻒}3_n­G z'R­G z'Qpċh֯d%HXz aX[iw-YJryy}?V=([OO;+ gxð3FH z?\p1ߚ־ cDKX(2)%#=Oo?S ?—o?S? ?Ž`$&&DT`Fz~_ѼK_A-!W?|Bi­? z'Q>Gqm?¾#[J 玽>zտxOWijZ` XCaPG;s_V­? z'Q )Bvws>֟; e!N9@M}Jxv c$$b 9} )G*Ч>`+.-'dBۼzm 3xI{1ݹ,Hǚp;9?V=([OO>-=5RT\AmoR0L '9dQ- [` }{ )K )S]#.G#xfYھf2s9fjQ%RKr+UOD4 OOV>Q<;mq$>g=i˖pRϱq8=c) _UOD4 w:beRi5=ϋ4qT:n\| H^[^n&131!F?W=(aoO)Hܧ>mj;e#u12 p8sUwڗ-8#ay ?*|/9=)V#=*U-/$07_1Moh2ܼb'.I*'* ?A_^­? z'Q )Wsi~ka6;#8kRvxPسHY3w8_^­? z'Q )@Zݵqī8 QHnzUI[[]PFʙIW } )G*Ч  &A0Ly>oVW,Af0FUOD4 OUOD4 9} )G*Чc¾[OOoS? ?Ž`G_p­? z'Q )G0X{V=([OO,|=QW?|Bi­? z'Q>V=([OO,|=G_p­? z'Q )G0X{V=([OO,|=Q_p­? z'Q )G0XzoS? ?˜ <'±:GtOEnx f]#5  +юS ?]k^|$v:W O7 cMsȢvY976k: B}Rd(VvUاқc=gJ]$8[iO|C]>#"{绶+ϗ5dznǶ)0!޿{f^mAqlBɻSN]q;]x4o44Hn g5-m `1PT=sPh#=vgW.udjwšZ݋IBEumtL7E*`[J.YV/PX籪r{^,"e urH$^qRK໻nguYG]7|5 ،BVX]k.Z%(U;V]jwe-!e.1 |?tkٴq)I=21qKUgvݷBgΆ7u :V F cĒI>ӯײ\3oyQEzQ@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@0醐ϋ?b?6_mEzQaOG$vzW E\U>&|7(P((((((((([D[̬ FG*`v:[j[3IY%Г {a:!lZq,7c5euGb[FUHrҼS5VUTxJ|6 f6c{Xmn c #.qxmR+l#q$cq?)4k0hLm8#=0k)sQŻZm$o+7>(ގ I;<[#c+xf䶴`VFˎFT^yS_,bimZ+Y TDr`.[*@=(CkK,V*Q+ icA?X]^ŕo-JS}o4D ́\5m@J [!a!Rł ƀ;OzvI\\G$m(*Z1J&EqцGҼZ M.Ṃ%[];Q29Q^mG hU?DQE ( ( ( ( ( ( ( ( ( a &&|O ş1_ğQ^vGSQ ?]kN|$vzWO5vίke,RV+5-Pb3ql6pT4q&_q1l2n槸ak.[ak؅lq=+gyg^of%h ˷AvmA[t@L[ ܃k^uL\<-mQتq8# ⏂+lEa5Ͳ8WV#8KfeRM5IEUQ@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@0醐ϋ?b?6_mEzQaOG$v:W E\U>&|7(P(((((((((((=*&JzTgg̞4ݧueԯbu.x:nhkʓ\+)e{tſ|MQx;urvgws^]CZ%4F1b[3`$h&)RG\~N j-:ZBkN"ʐ8 `/Zڴc_ʤNJfi5|IV%Qn8'5<;\˩.>ΎU|3*(IZ'bB鑫*Dw1P$ۀk?7lx\\e>zWV\3o,sҥeP>=٦J *-dVygW'QO J;#)(.]ܧJȻ?w?r+Ϛ^EQEQEQEQEQEQEQEQEQEQEQEA)h3_47_aj?0&7LIymWîbKR(QUU$Ċ&2YjqGd!T1*>NH^]%}>o݄5:R7JNIY$-.bUzg\ֱi[NgpCʒj7{R*?3ȧפ_X OHH[Bl~9S~E ( ( ( ( ( ( ( ( ( ( ( a !3_mE,$ڊ>ŸOI" ]'s-w)Ҹ|Lo-QYENhS Z`c'?; T+0o\e\TX.MEF #9֋L֕} uQ@Q@Q@Q@Q@Q@QCWWx ͞|E/岒si:bz&2vKE,v.wnlm Ir@$x3y9znK_nK_ `K{cOrrrw~_և_#p72ݧ HeC3%X OWA* 'Kd,A fwbEQFh((((((((((}0&|O ş1_ğQ^vGSQ ?]kN|$vzWO5 |7I:oIїF;un>$X G9櫏 [䱽sS1ǧn*Iс8"wIAbʪ g{99O7INVSaxilolo1?d_΀QSty6JMҝ'̏moFI{)|6H (((((((((()L4ϋ?b?6_mEzQaOG$v:W E\U>&|7(P(((((((((J$<,QBDd)21C*t{y.bedM"7gX[g3x[g57g!:dkF۝w?aưďu2( _]gjxlHҲ(灆Lqaʍa?lw1Z*]%z~T]**gC~ժ(TU:|#?7P~նkRDZqv^\ӎ\i/}Qc;YrUE.IR>abgo囍DrA穪#_ ?߸4}˙,{<[,@94dv/OQ/jy?Mo@aEbTYcڵtŝmT\e$pX3ㄓ{(`(((((((((}0bg>,$ڊveb8?1⸄77n73mO9PJz񞵙 Az^+4/Wh϶X5D7u)Q`H=@j^8ՑYHa9`r 1ceп_ݡͥGV/}k|bQckq"R2Nǜv޺fv>w/Wh϶X/F+οw]~{ C;Xk?QҼv>'. }/?~Ѱ=)^u BKƗ~>Xk?Q`zWп][kt7f\؃u+ՃGF0-) ((((((((((}0bg>,$ڊ4ba\~h(ׂt`Bоz^S'6y*O[њ/R')o [?¾evr>7U}f׹–(-GQ;? _.]®@ۜkؿKxoz7=o ʯ`GSl%̹~%ԴO#c6Ns8ǨJqik*< Ϙ[su}Y-GR–+f%GCȱO,k 樉G~nCڰ#mW–)Kxoz,Mjp:{׹–(-GV. r-GR–(Yp܃U}^V?R-][hvY"\('>׍fqNz;C0URմ/EgօQ@Q@Q@Q@Q@Q@Q@Q@Q@0醓>ygW'QO J;#)(.]ܧJȻ?w?r+Ϛ^EQEQEQEQEQEQEQEQEQEL 0)hd`QKE@&E-Y`RE QKE@&E-YmQdbQL((((((((((iHLş1_ğQG?b?6(쏰Ȼ?w?r+I" ]*>kyzEVg(QEQEQEQEQEQEQEQEQESY<)?R0pb0pbdz|kyzEVg(QEQEQEQEQ(((((2DkVUa&?*=}f Mu̗ ͐bMapc4"g5Q8P}oI^@^zuR:S~N "mmͮ4BQB:޺4ޗh(((((((((((}0bg>,$ڊygW'QO J;#)(.]ܧJȻ?w?r+Ϛ^EQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEOBg>,$ڊJO'g}:;UAOLa:7୕{Z\۟I}:<|Q aO#s?>?G>/AGe(aOϏϴQQ<9Ϗ͟i2{0}'uge(L?I}:<| >/AGG~|_Ώ>?_6}_Q<9Ϗ͟iiy#s?>?G>/AGeGG~|_Ώ>?_6}_Q<9Ϗ͟i2{0}'ugeGe(aOϏϴQ =b?>ty}:2}_a؏Ϥ|_ξlLiy#s?>?G>/AGe(aOϏϴQ =b?>ty}:22{0}'uge(L(aOϏϴQQ<9Ϗ͟i2{0}'ugeI =b?>ty}:2}_a؏Ϥ|_ξlLiy#s?>?G>/AGe(aOϏϴQQ<9Ϗ͟i2{0}'ugeGe(aOϏϴҏQ<9с󯛾/AGe('59{gwoϬfǹ̜x69W/c endstream endobj 20 0 obj << /Type /Annot /Subtype /Link /A 21 0 R /Border [0 0 0] /H /I /Rect [ 91.0157 419.1436 388.1327 428.3011 ] >> endobj 21 0 obj << /Type /Action /S /URI /URI (https://servicedesk.sun.ac.za/jira/servicedesk/customer/portal/6/create/115) >> endobj 22 0 obj << /Type /Annot /Subtype /Link /A 23 0 R /Border [0 0 0] /H /I /Rect [ 255.0797 386.1766 319.2317 395.3341 ] >> endobj 23 0 obj << /Type /Action /S /URI /URI (mailto:csirt@sun.ac.za) >> endobj xref 0 24 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000350 00000 n 0000000387 00000 n 0000000525 00000 n 0000000607 00000 n 0000002941 00000 n 0000003053 00000 n 0000003168 00000 n 0000003288 00000 n 0000003396 00000 n 0000003523 00000 n 0000003624 00000 n 0000041002 00000 n 0000041100 00000 n 0000043894 00000 n 0000044021 00000 n 0000044122 00000 n 0000060811 00000 n 0000060938 00000 n 0000061065 00000 n 0000061193 00000 n trailer << /Size 24 /Root 1 0 R /Info 5 0 R >> startxref 61267 %%EOF E-mail « Informasietegnologie

Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

E-mail

« Older Entries
Newer Entries »

Nigerian 419 Advance Fee scam

Wednesday, November 29th, 2017

A scam in the form of a well-known “Nigerian 419 Advance Fee” mail is appearing in some of our colleagues and students mailboxes this morning.

The mail is rather simple:

Subject is: “Kindly view attach and forward your reply to <a gmail address>”

The mail’s content simply states the same and the attachment is an image of a letter and states that the sender has a large amount of money that they would like to send you.

This is a typical “Nigerian 411 Advance Fee” scam.

Here is how it works:

You receive an unsolicited message that masquerades as some manner of business proposition, request for assistance, notice of a potential inheritance, or opportunity to help a charity but all of the scam messages share a common theme.

The messages all claim that your help is needed to access a very large sum of money and promise that you will receive a significant portion of this money in exchange for your help.

The scammers use a variety of stories to explain why they need your help to access the funds.

  • They may claim that political climate or legal issues preclude them from accessing funds in a foreign bank account and request your help to gain such access.
  • They may claim that your last name is the same as that of the deceased person who owned an account and suggests that you act as the next of kin of this person in order to gain access to the account’s funds.
  • They may claim that a rich businessman, who has a terminal illness, needs your help to distribute his wealth to charity.
  • They may claim that a soldier stationed overseas has discovered a cache of hidden cash left by a fleeing dictator and needs your help to get the money out of the country.

All these scams promise to let you keep a significant percentage of the funds in exchange for your assistance. This is the bait that is used to pull potential victims deeper into the scam. Once a recipient has taken the bait, and initiated a dialogue with the scammers, he or she will soon receive requests for “fees” that the scammer claims are necessary for processing costs, tax and legal fees, bribes to local officials, or other – totally imaginary – fees.

In reality, the supposed funds do not exist and the main purpose of these scam messages is to trick recipients into parting with their money in the form of these advance fees. Fraudulent requests for fees will usually continue until the victim realises he or she is being conned and stops sending money. In some cases, the scammers may gather enough information to access the victim’s bank account directly or steal the victim’s identity.

Typically, advance fee scammers will send many thousands of identical scam messages to recipients all around the world. (as is today’s example) It only takes a few recipients to fall for the claims in the messages to make the operation pay off for the criminals.

What to do if you receive such an Advance Fee email:

It is important that you do not respond to it in any way. The scammers are likely to act upon any response from those they see as potential victims. The best thing to do with these scam messages is to simply delete them.

Send the spam/phishing mail to the following addresses

help@sun.ac.za and sysadm@sun.ac.za.

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

If you have fallen for the scam:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

IT have set up a website page with useful information on how to report and combat phishing and spam. The address is:

https://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

As you can see the address has a sun.ac.za at the end of the domain name, so it is legitimate. I suggest bookmarking this.

[ARTICLE BY DAVID WILES]

 

 

Email

Tags: ,
Posted in E-mail, phishing, Security | Comments Off on Nigerian 419 Advance Fee scam

Phishing: Subject “Your Email Address Has Been Compromised”

Wednesday, November 15th, 2017

We’ve had a couple of reports from personnel and students about getting messages with a subject of “Your Email Address Has Been Compromised” (notice the capitalisation of every word, which is one of the signs of phishing)

The scammers have spoofed the recipient (your e-mail address to read info@verify.com) and the sender seems to come from a compromised university account in the USA (address end with an .edu)

The subject says: “Your Email Address Has Been Compromised” and a link Verify HERE is included which takes you to a website ending with a “weebly.com”. It looks already as if the website is offline or has already been blocked by Information Technology, but you should never click on links in mail if the sender is unknown.

Keep in mind, Information Technology will never send you such a mail, telling you that your e-mail address has been compromised. All IT’s communications are bilingual and will always address you personally.

If you get mail like this and you are not sure if it is legitimate or not, you should never click links or respond but rather contact IT telephonically at 808 4367 to verify. 

Information Technology will send you an automated mail IF you have changed your password on the network that is branded, is bilingual, and informs you of a password change, but it is always better to check and make sure especially if you HAVEN’T changed your password or don’t recall if you have changed your password.

Here is an example of the current phishing scam.

 

 

If you have received mail that looks like this please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to the following addresses

help@sun.ac.za

…and sysadm@sun.ac.za as well.

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on Phishing: Subject “Your Email Address Has Been Compromised”

Phishing: Subject “Unusual Login Attempt”

Monday, October 30th, 2017

A new phishing attempt on staff and students of Stellenbosch University by means of a fake website was launched earlier this week. The website has been blocked by IT in the meantime so you will not be able to access it. 

The mail will be simple with a subject line of “Unusual Login Attempt”. 

The recipient field has been spoofed to hide the sender and recipient and the content of the mail is simply a link that says:

“For Details Verify” (with the Verify links to a website called “stellenboschuniversity.weebly.com”) (See example below)

If you suspect an email is a phishing attempt, please immediately report it to the Information Technology Security Team. With your help, we can block the malicious website as soon as possible and quarantine the compromised sun account from which the email is sent. If you are not sure how to recognise a phishing email, here are a few tips. Also have a look at examples of previous phishing attempts.

Instructions to report a phishing, spam or malware incident.

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

[ARTICLE BY DAVID WILES]

 

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on Phishing: Subject “Unusual Login Attempt”

PHISHING: Absa Surecheck Profile App

Monday, October 16th, 2017

Over the weekend and as already reported by a number of Tygerberg colleagues & students, a variant of last week’s ABSA phishing scam has started flooding our email.

The tactics have changed slightly and the criminals are now using a South African domain name to launch their attack. Below is the example of the phishing email, with the forged “ABSA Bank” login page to attempt to convince you to give your bank details willingly to the scammers.

The subject of the email is “Absa Surecheck Profile App – Upgrade | FICA information” which is designed to say absolutely nothing. It is what is known in information technology circles as “techno-babble”

While the methods used to steal a your banking details may differ, the process followed by fraudsters to steal money from their victims in South Africa are nearly always the same:

  1. Get the person’s Internet banking details, typically through a phishing attack. (as shown below)
  2. Get a banking account/s to which money can be transferred to and withdrawn.
  3. Clone the SIM card used by the victim.
  4. Create beneficiaries (using the list of banking accounts) and transfer money to these beneficiaries.
  5. Withdraw the money from these accounts.

Here are the obvious warning signs:

  1. The sender is not an ABSA email account (in this case a “throwaway” German email account used to send millions of phishing e-mails)
  2. Vague and deceptive subject lines (Techno-babble)
  3. An attached file (.htm) that contains a web page that opens up in your browser and links in the background to the server in South Africa.
  4. Impersonal salutation. “Dear Valued Customer”. Banks will never address you like this. They have your money – so it stands to reason that they will know your name as well.
  5. “Online verification” has **** to convince you that the email is genuine, but university addresses end with ac.za, not co.za.

 

The web page that you are directed to is actually the .htm file based on your computer (as an attachment, but links directly to the phishing server in the background.)

In this case is iteron.co.za which is listed as “undergoing maintenance” but is fully functional in the background.

 

 

If you have received an email that looks like this please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing email to the following addresses

help@sun.ac.za

…and sysadm@sun.ac.za as well.

 Attach the phishing or suspicious email on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe): http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new email addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing email from your Inbox into the New Mail Window. It will attach the email as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the email.

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

[ARTICLE BY DAVID WILES]

Email

Tags: , ,
Posted in E-mail, phishing, Security | Comments Off on PHISHING: Absa Surecheck Profile App

PHISHING: “Confirm your email account”

Wednesday, October 11th, 2017

The latest phishing attempt uses a rather obtuse message about “confirming your email account” to prevent a shutdown of your account. It also used your email address in the salutation, which might fool some people, thinking it is genuine.

Information Technology would never send out an email like this, lacking personal salutations, direct contact via telephone, and threatening to close your account down. 

Here is the phishing e-mail example below with the dangerous parts removed. Do not click on the link or provide any personal information. Luckily the phishing email and the server comes from the Far East, so it should be rather obvious that it is a scam:

This is what the phishing website looks like. 

If you have received mail that looks like this please immediately report it to the Information Technology Security Team by sending an email to help@sun.ac.za.

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

[ARTICLE BY DAVID WILES]

 

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on PHISHING: “Confirm your email account”

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.