%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R 25 0 R ] /Count 2 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> /XObject << /I1 24 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text /ImageC ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20250719212509+00'00') /ModDate (D:20250719212509+00'00') /Title (Report 07-2025) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 12 0 R 14 0 R 16 0 R 18 0 R 20 0 R 22 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 7931 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 80.351 521.469 666.383 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 45.266 746.734 m 566.734 746.734 l 565.984 745.984 l 46.016 745.984 l f 566.734 746.734 m 566.734 80.351 l 565.984 80.351 l 565.984 745.984 l f 45.266 746.734 m 45.266 80.351 l 46.016 80.351 l 46.016 745.984 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(SARS PHISHING SCAM FROM SUN EMAIL)] TJ ET 0.400 0.400 0.400 rg BT 61.016 664.909 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 664.909 Td /F3 9.0 Tf [(January 01,1970)] TJ ET BT 173.588 664.909 Td /F2 9.0 Tf [( by )] TJ ET BT 188.096 664.909 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 637.420 Td /F4 9.0 Tf [(If you receive an email with the subject SARS eFilings from any university email account, do not respond or click on the )] TJ ET BT 61.016 626.431 Td /F4 9.0 Tf [(link. This is not a legitimate email from SARS.)] TJ ET BT 61.016 606.442 Td /F4 9.0 Tf [(The suspicious email is being sent from compromised staff email accounts informing users that "An EMP Statement of )] TJ ET BT 61.016 595.453 Td /F4 9.0 Tf [(Account for the tax payer listed below has been issued by SARS" and you "need to log into the google doc with your )] TJ ET BT 61.016 584.464 Td /F4 9.0 Tf [(correct details to view the document". \(as shown in example below\):)] TJ ET BT 61.016 564.475 Td /F4 9.0 Tf [(It is important that you help us by spreading the word, informing us about suspicious mails and letting your colleagues and )] TJ ET BT 61.016 553.486 Td /F4 9.0 Tf [(friends know about the scams. You are our eyes and ears, and your input, information and questions are extremely )] TJ ET BT 61.016 542.497 Td /F4 9.0 Tf [(valuable.)] TJ ET BT 61.016 522.508 Td /F4 9.0 Tf [(When you click on links and provide your information on phishing emails, criminals will be able to gain access to your )] TJ ET BT 61.016 511.519 Td /F4 9.0 Tf [(personal information. If you clicked on the link of this phishing email, immediately go to the www.sun.ac.za/useradm )] TJ ET BT 61.016 500.530 Td /F4 9.0 Tf [(website and change the passwords on all your university accounts.)] TJ ET BT 61.016 480.541 Td /F4 9.0 Tf [(Remember that once the phishers lose control of one compromised account they might simply move over to another )] TJ ET BT 61.016 469.552 Td /F4 9.0 Tf [(account and they might also close the website they were using once it is blocked by us and would use another one that )] TJ ET BT 61.016 458.563 Td /F4 9.0 Tf [(looks and acts in the same way.Currently, the phishers are servers in Europe to launch their attacks.This is a common )] TJ ET BT 61.016 447.574 Td /F4 9.0 Tf [(tactic with a spear-phishing attack such as this.)] TJ ET BT 61.016 425.785 Td /F4 9.0 Tf [(To help us, please:)] TJ ET 0.153 0.153 0.153 RG 85.866 408.612 m 85.866 409.024 85.696 409.434 85.404 409.726 c 85.113 410.017 84.703 410.187 84.291 410.187 c 83.878 410.187 83.469 410.017 83.177 409.726 c 82.885 409.434 82.716 409.024 82.716 408.612 c 82.716 408.200 82.885 407.790 83.177 407.498 c 83.469 407.207 83.878 407.037 84.291 407.037 c 84.703 407.037 85.113 407.207 85.404 407.498 c 85.696 407.790 85.866 408.200 85.866 408.612 c f BT 91.016 405.796 Td /F4 9.0 Tf [(continue to watch out for mail like or similar to this and do NOT respond to it, click on links or provide your email )] TJ ET BT 91.016 394.807 Td /F4 9.0 Tf [(address username or password)] TJ ET 85.866 386.634 m 85.866 387.046 85.696 387.456 85.404 387.748 c 85.113 388.039 84.703 388.209 84.291 388.209 c 83.878 388.209 83.469 388.039 83.177 387.748 c 82.885 387.456 82.716 387.046 82.716 386.634 c 82.716 386.222 82.885 385.812 83.177 385.520 c 83.469 385.229 83.878 385.059 84.291 385.059 c 84.703 385.059 85.113 385.229 85.404 385.520 c 85.696 385.812 85.866 386.222 85.866 386.634 c f BT 91.016 383.818 Td /F4 9.0 Tf [(report the new phishing mail to the correct e-mail addresses of Information Technology Cyber Security using the )] TJ ET BT 91.016 372.829 Td /F4 9.0 Tf [(method added to the bottom of this post)] TJ ET 85.866 364.656 m 85.866 365.068 85.696 365.478 85.404 365.770 c 85.113 366.061 84.703 366.231 84.291 366.231 c 83.878 366.231 83.469 366.061 83.177 365.770 c 82.885 365.478 82.716 365.068 82.716 364.656 c 82.716 364.244 82.885 363.834 83.177 363.542 c 83.469 363.251 83.878 363.081 84.291 363.081 c 84.703 363.081 85.113 363.251 85.404 363.542 c 85.696 363.834 85.866 364.244 85.866 364.656 c f BT 91.016 361.840 Td /F4 9.0 Tf [(remember, just because a mail comes from a student or a personnel e-mail address and has university )] TJ ET BT 91.016 350.851 Td /F4 9.0 Tf [(branding does not mean in any way that it is legitimate)] TJ ET BT 61.016 330.862 Td /F4 9.0 Tf [(If you have received mail that looks like this please immediately report it to the Information Technology Security Team )] TJ ET BT 61.016 319.873 Td /F4 9.0 Tf [(using the following method: \(especially if it comes from a university address\))] TJ ET BT 78.360 299.900 Td /F4 9.0 Tf [(1.)] TJ ET BT 91.016 299.884 Td /F4 9.0 Tf [(Start up a new mail addressed to )] TJ ET 0.373 0.169 0.255 rg BT 225.080 299.884 Td /F4 9.0 Tf [(sysadm@sun.ac.za)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 225.080 298.733 m 303.740 298.733 l S 0.153 0.153 0.153 rg BT 303.740 299.884 Td /F4 9.0 Tf [( \(CC: )] TJ ET 0.373 0.169 0.255 rg BT 327.239 299.884 Td /F4 9.0 Tf [(help@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 327.239 298.733 m 391.904 298.733 l S 0.153 0.153 0.153 rg BT 391.904 299.884 Td /F4 9.0 Tf [(\))] TJ ET BT 78.360 288.911 Td /F4 9.0 Tf [(2.)] TJ ET BT 91.016 288.895 Td /F4 9.0 Tf [(Use the Title SPAM \(without quotes\) in the Subject.)] TJ ET BT 78.360 277.922 Td /F4 9.0 Tf [(3.)] TJ ET BT 91.016 277.906 Td /F4 9.0 Tf [(With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail )] TJ ET BT 91.016 266.917 Td /F4 9.0 Tf [(Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the )] TJ ET BT 91.016 255.928 Td /F4 9.0 Tf [(attachments section of the New Mail.)] TJ ET BT 78.360 244.955 Td /F4 9.0 Tf [(4.)] TJ ET BT 91.016 244.939 Td /F4 9.0 Tf [(Send the mail.)] TJ ET BT 61.016 224.950 Td /F4 9.0 Tf [(IF YOU HAVE FALLEN FOR THE SCAM:)] TJ ET BT 61.016 204.961 Td /F4 9.0 Tf [(If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and )] TJ ET BT 61.016 193.972 Td /F4 9.0 Tf [(password you should immediately go to )] TJ ET 0.373 0.169 0.255 rg BT 221.081 193.972 Td /F4 9.0 Tf [(http://www.sun.ac.za/useradm)] TJ ET 0.18 w 0 J [ ] 0 d 221.081 192.821 m 341.627 192.821 l S 0.153 0.153 0.153 rg BT 341.627 193.972 Td /F4 9.0 Tf [( and change the passwords on ALL your university )] TJ ET BT 61.016 182.983 Td /F4 9.0 Tf [(accounts \(making sure the new password is completely different, and is a strong password that will not be easily )] TJ ET BT 61.016 171.994 Td /F4 9.0 Tf [(guessed.\) as well as changing the passwords on your social media and private e-mail accounts \(especially if you use the )] TJ ET BT 61.016 161.005 Td /F4 9.0 Tf [(same passwords on these accounts.\))] TJ ET BT 61.016 141.016 Td /F4 9.0 Tf [(For more information on reporting and combating phishing and spam:)] TJ ET 0.373 0.169 0.255 rg BT 339.638 141.016 Td /F4 9.0 Tf [(http://blogs.sun.ac.za/it/en/2017/11/reporting-spam-)] TJ ET 0.18 w 0 J [ ] 0 d 339.638 139.865 m 545.243 139.865 l S BT 61.016 130.027 Td /F4 9.0 Tf [(malware-and-phishing/)] TJ ET 0.18 w 0 J [ ] 0 d 61.016 128.876 m 152.042 128.876 l S 0.153 0.153 0.153 rg BT 402.934 110.038 Td /F4 9.0 Tf [([Information supplied by David Wiles])] TJ ET BT 61.016 90.049 Td /F4 9.0 Tf [()] TJ ET q 225.000 0 0 145.500 61.016 427.766 cm /I1 Do Q endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Annot /Subtype /Link /A 13 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 427.7659 286.0157 573.2659 ] >> endobj 13 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/files/2018/08/burden.jpg) >> endobj 14 0 obj << /Type /Annot /Subtype /Link /A 15 0 R /Border [0 0 0] /H /I /Rect [ 225.0797 299.0512 303.7397 308.2087 ] >> endobj 15 0 obj << /Type /Action /S /URI /URI (mailto:sysadm@sun.ac.za) >> endobj 16 0 obj << /Type /Annot /Subtype /Link /A 17 0 R /Border [0 0 0] /H /I /Rect [ 327.2387 299.0512 391.9037 308.2087 ] >> endobj 17 0 obj << /Type /Action /S /URI /URI (mailto:help@sun.ac.za) >> endobj 18 0 obj << /Type /Annot /Subtype /Link /A 19 0 R /Border [0 0 0] /H /I /Rect [ 221.0807 193.1392 341.6267 202.2967 ] >> endobj 19 0 obj << /Type /Action /S /URI /URI (http://www.sun.ac.za/useradm) >> endobj 20 0 obj << /Type /Annot /Subtype /Link /A 21 0 R /Border [0 0 0] /H /I /Rect [ 339.6377 140.1832 545.2427 149.3407 ] >> endobj 21 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/) >> endobj 22 0 obj << /Type /Annot /Subtype /Link /A 23 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 129.1942 152.0417 138.3517 ] >> endobj 23 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/) >> endobj 24 0 obj << /Type /XObject /Subtype /Image /Width 300 /Height 194 /ColorSpace /DeviceRGB /Filter /DCTDecode /BitsPerComponent 8 /Length 10899>> stream JFIF;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82 C    !'"#%%%),($+!$%$C   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$," }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?K^tAm챷̹dwӿ% O<km:+YG'1RYjpYlPAS(QF(1F(1@b(b (QEQE% O𿄭 27Opr9Kڕ>st+Y,tKyWl p{֕72(ʿfYDj$+_'mYz"0W ]k3vr5մ GQrH Vf<09dGm>e l% @9}Əg=ᴙLs{\x?IJFb+Tbp}Ǡ8MFI2 ۙUQ~i qQv"xlYBHdv nr{ }hKl6bg/'j)옷Xϻ8}jZʶ6O"ó`0n˵Z{,Wlp9݌ӚBvdW=,&XXmj&8 ۛ$|zS vP>b=:`=k7^-[pѤɸg88݃Oo&vq:+x\A*Epf91qĭ'}fl(m vۥtTW:.P,c+1 1Sj;EʖH{h:\4PSzd0Oüw>%Y\<|7NI<~Ess>&2ٶqm'`9hhwz vpP!9sy J()i{, *违UdXgv ǀ>S󬮡;w}8|L|(_Ώ:8AvTzE qks:H<YR,{Ev ] *?vܰiOfdծ?ypLc=ԔEx L,7; m+Bvn ķ[p"Yʁ9Ucg*N 5gpɍѥWpnNcG9,G1RM %"GFI]>l{8 +_  8_6; +iwysZmZk]Zج,dP!G>+grYbYH m(ϰ,&69!+"[aJP.#XD:6ً1Ʈ~4xK;av.@EP7uY * F@]z2u,<6l^Vf2`s7E5%;/dy7.fT=FOzJ;p}n[~*V֊,g{wUw187F^>`@8#EkEkekeq煀pXBӯR 9Lf8r0O^㏡>GCNMr,1h`8MhA*]ۼDҬ -#߅ys@ 0"VdUl"{Luietv#Q)s(|V/| j\[;M,+1fRH*|E76svP0;7U-sCNԾ!zF%僙|P dtLJaɎdf`36 '֦qwm$f:%0-*מo|mXY ";l \cOQ#2POݷvr-4H'yU'kg͟-Hs팚_K&i$mBYKݎ?4{-R\$?QxR/|}Z_4Ic?_0F ̓€,Eytb*0OU(])E(0* 8N:՘mHXS"Iǔ[#$?Z>%l?l #dq?I䙆~m< rG<^,ԷG.[6?tq wZEy乑cB0^Prq:*5[8yur&DȪ@#{hNqm5/#jwpۂJ}ӍeFj6km% I ܃@0Xt˱gvE$wv~wPhv:4]R~،~Ri8=]v<{&iJD `I'$ƭ  )$O;|)ݓ<ߧ}foZEևj:I &aIJ: ⇖╯Me嫲mXsǹ\M}cu!Ӯ v6b[0vA׌1C:U~&hv4+}oB۲ \=)K.ħof9(2xZ($y/ ٭9=H?K'mഴkRS Ys1}i9((—=R(d{uVSЂQwJM͌2T$d#w\5Rg8!3\DK[H5Oi$p*8۴HI<j& :ˀJ.H8P=QE=2,*ț%C_Ns\|Ege%[ sq$q3*0VaT7zXVǎodQP˧n# P=ejJ6Z[ۛo>+D$*oN<)mI [}~cuH.L:vւk&FQP ~Rdj;B10ws ͐6sӭhGH(9Or~7!KIZ if7ܥ+!#?!یcO}%4*ۼv奚71F1ԑǠ9sJXKEΪA xt,#FIdb?kOovI,Or!U9lHԉ[Ǻ\0,6+QZ6wvXu";푃h `1G ㏧ȼ)Bţ-$}E6:4K XREEm/s3靼29 x^ԅ0" @wg~rAV20 OhqTӡP^22<ퟻ>.N܃8>sע1z6n `;Wo la ['.WfO98ZPd. m>Hv?'''MD<#.Ռl &v醎2AclQ@wѮiyd9s$ѮOh1v2sZ(;B1nl s1z<B%ҭULmۿcckfO hѼo bQ]bʟvO}kШ?͋Gg:2I0luk7 ~G̪x#vT9"QEpTұi k¢GW $[x >py<3G={Ƈ9E91F%c$v@ (A6.s~T(6/\ (*JZ(/DQ8yk9Zu-r~Q^:Wq:1EPEPEPEPEPEPEPEPEPEPEPM(qEYWW++cU4G-@ 0qGdڍO3"p d`#aǽKvL>z ed=iPI 7V3ol^Y3[(w .7 s%~K$-Bc#PEwUs.YN6>n9j& 4ou4v؇@_8vGRu˰&G-IF׷t.Bwc)Qk06}N}(FʖU(|#o\tFNߟqנ Z+%P9lC cKBc@01'P:Em\ ԋy~b$|p_(BڙNcO{E6* ͸Ѣ%/Ʃb]03s^"4h϶lʿa -8T.V[Px?ZТUT:c! %oG[I~FMO9?ƨkmfZIe*Ma?x9ztI(Gv&ΆzٍvS+ٍpr0yn}\(;/ }G=vfb;/QY7/zỌ=_"AN2Š2(@fE(((`36zHWvN[۞S? )U-0Q#F[c I$zN}zV%&GOvjB#̅0?5zT  c k&&Z@'nEdZʨ-'8ך62<̃'1޴h UxXJ$pS?);ס<ןi@G,nR  縭(5O)y76{5V1p5Ee+T2%Uӌn$N6XQТ(cT#ߛبkJI#?'[PtHcPLo\4^V9| ʨŸ::I`A9OLh2jRVD_>j' 1޴(kbUHF>%`+(( O]袪_& (((((((((((((((((( endstream endobj 25 0 obj << /Type /Page /Parent 3 0 R /Contents 26 0 R >> endobj 26 0 obj << /Length 627 >> stream 0.153 0.153 0.153 rg 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 719.245 521.469 38.739 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 45.266 719.245 m 566.734 719.245 l 565.984 719.995 l 46.016 719.995 l f 566.734 757.984 m 566.734 719.245 l 565.984 719.995 l 565.984 757.984 l f 45.266 757.984 m 45.266 719.245 l 46.016 719.995 l 46.016 757.984 l f 61.016 734.995 m 550.984 734.995 l 550.984 735.745 l 61.016 735.745 l f 0.400 0.400 0.400 rg BT 61.016 749.193 Td /F2 9.0 Tf [(Posted in:E-mail,Phishing,Security | | With 0 comments)] TJ ET endstream endobj xref 0 27 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000339 00000 n 0000000376 00000 n 0000000514 00000 n 0000000631 00000 n 0000008614 00000 n 0000008726 00000 n 0000008841 00000 n 0000008961 00000 n 0000009069 00000 n 0000009196 00000 n 0000009298 00000 n 0000009426 00000 n 0000009501 00000 n 0000009629 00000 n 0000009702 00000 n 0000009830 00000 n 0000009910 00000 n 0000010038 00000 n 0000010163 00000 n 0000010290 00000 n 0000010415 00000 n 0000021483 00000 n 0000021548 00000 n trailer << /Size 27 /Root 1 0 R /Info 5 0 R >> startxref 22227 %%EOF E-mail « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

E-mail

« Older Entries
Newer Entries »

PHISHING: “Re: betaling aan jou rekening”

Wednesday, July 19th, 2017

About a year ago a new version of the ABSA Bank phishing email hit the university email server. What was new about this version was that the email was in Afrikaans. Although the Afrikaans was not perfect with some spelling and grammar mistakes, it still could have fooled many people, because of the “familiarity” component.

Stellenbosch University still uses a lot of Afrikaans as its primary official communications medium, and many automated systems like the Financial system use Afrikaans to inform users of payments etc. While there is nothing wrong with this, phishing scammers have latched onto this and are now attempting to fool people into divulging their personal details using Afrikaans in their phishing e-mails.

We were warned early this morning about an email that was originating from UCT with dangerous content, and almost immediately the UCT phishing emails started arriving.

Here is what to look out for:

Mail will arrive from a forged or compromised “UCT address” that will look like this:

From: Anna Huang [mailto:forged_address@myuct.ac.za]
Sent: 19 July 2017 10:53 AM
To: Recipients <forged_address@myuct.ac.za>
Subject: Re: betaling aan jou rekening

Goeiemore,

Vind aangehegte betalingsbewys.

Dankie

Disclaimer – University of Cape Town This e-mail is subject to UCT policies and e-mail disclaimer published on our website at http://www.uct.ac.za/about/policies/emaildisclaimer/ or obtainable from +27 21 650 9111. If this e-mail is not related to the business of UCT, it is sent by the sender in an individual capacity. Please report security incidents or abuse via csirt@uct.ac.za

The disclaimer from the University and the Afrikaans could fool some people if they are not careful.

The dangerous part is actually an attached html files (sometimes it might look like a PDF) that will present you with a login page where you will be asked to give your e-mail address and your password to “view this payment”

The login page will look like this, in this version:

The actual server’s address is also hidden by encoding it, so to the untrained eye, nothing will look suspicious. This is a typical phishing scam, but with the “sender” coming from a neighbouring academic institution, and the language being Afrikaans, we need to be even more alert.

[Article by David Wiles]

 

 

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on PHISHING: “Re: betaling aan jou rekening”

Warning about DirectAxis Financial Services spam

Wednesday, July 19th, 2017

There have been reports of personnel and students getting numerous “spam” messages from DirectAxis Financial Services offering financial loans at 5% interest. This email is sent from a number of  “throwaway” e-mail addresses like outlook.com, Hotmail and webmail.co.za.

Some students and personal are struggling to manage their finances and these “offers” can be very tempting.

There are usually attached PDFs with each message where the company advertises loans and abnormally low-interest rates, and although currently there is no embedded malware or links to servers where you would be asked to give your user name and password, the spammers nevertheless ask you for your ID NUMBER, Full Names, Occupation, Monthly income and Contact details, which can be used for identity theft.

Although DirectAxis is a legitimate South African microlender, in the past, their company letterhead has been forged and used by criminals to commit fraud. Secondly, this particular Company has a number of charges against it by the Direct Marketing Association of South Africa for using ”spam databases” to spam millions of South Africans with their adverts. This puts them in violation of the “Protection of Personal Information Act” [http://www.justice.gov.za/legislation/acts/2013-004.pdf]

Don’t be fooled by companies offering you loans at a ridiculously low-interest rate (Here are some handy tips to spot frauds)

  • Any company that says it doesn’t care about your credit history has no intention of lending you money. A legitimate lending institution wants to know whether you pay your bills on time and in full. It needs some assurance that you’ll repay what you borrow.
  • Search the business’ website for an address where it legally does business. Lenders and loan brokers must be registered in the country where they conduct business.
  • One should never pay to get a personal loan. Many scammers ask borrowers to provide a prepaid debit card for insurance, collateral or fees.
  • Make sure a padlock icon appears somewhere on the web pages where you’re asked to type in personal information. Don’t override any warning saying a site’s security certificate has expired and pay attention to the URLs you click on.
  • When you find a lender online, go through the site to determine its physical location. Do they provide a street address? However it may be a fake! If you don’t find any indication of their location, you should avoid the lender.
  • Some websites appear to offer different types of personal loans but aren’t actually lenders, but sell your personal information to other loan companies. Many “microlenders” merely collect your personal and financial information for other companies.
  • Don’t fall for the “Act Now” urgency plea. Many criminals often give you a deadline and say their offer won’t exist tomorrow.

[Article by David Wiles]

Email

Tags:
Posted in E-mail, Security | Comments Off on Warning about DirectAxis Financial Services spam

Defeat ransomware: Backup your data

Wednesday, July 5th, 2017

The destructive Petya ransomworm caused destruction and major interruptions of services around the world last week. Unfortunately, it’s becoming progressively more difficult to avoid these attacks as cybercriminals become more clever and inventive in their methods. While there are ways to prevent that you fall prey to such an attack, there’s one thing you can do which will ensure that you are safe. And it’s not technical or difficult to do.

Once a week, backup all your data. Yes, this is a menial, boring administrative task – and we all hate those, but by ensuring that your data is safe and sound elsewhere, it won’t matter if your PC is infected by ransomware or any other malware. If you do lose your data, you will have another version available. 

Here are a few quick tips to help you:

  1. Choose one day a week which suits you and make an appointment in your diary to do a weekly backup.
  2. Try not to overwrite your previous backup. Rather make consecutive copies in various folders on your external hard drive or on your network space and name each with the particular day’s date. If any of the documents become corrupt for some reason, you can always fall back on a previous version.
  3. Regularly check that the medium on which you made your backup is still in working order and you’re able to access your documents.
  4. Use more than one backup medium, for example, your network space AND an external hard drive.

Where should you backup data?

  1. Each staff member has access to his/her own network space (usually the h-drive) where you can save an allocated amount of data for free. You have 1GB at your disposal to backup your most critical documents. At an extra cost of R10-00 per 1GB this space can also be increased. This network space is also available via the web at storage.sun.ac.za if you find yourself away from the SU network. 
  2. On your departmental network space (usually the g-drive). The departmental drive can be used for files used by more than one person and 15GB is allocated to each department. SharePoint can also be used by groups for sharing documents.
  3. OneDrive allows each staff member 5TB of storage space. This is available via the Office365 suite. https://portal.office.com/
  4. If you choose to have your data close at hand, get yourself an external hard drive. Never save important data on a flash drive – its sole function is for transporting data from one device to another and is not a dependable medium for backup. Just ensure that these devices are stored somewhere else (not also in your office) or in a safe. If confidential, SU documents are kept on an external hard drive, files have to be protected with a password or encrypted. Keep in mind that if you lose the password, not even IT can salvage your data.
  5. Alternatively, you can save data in the cloud. We’ve already mentioned OneDrive, but GoogleDrive or Dropbox are also examples of this. It is extremely important that cloud storage is only for personal use, not for any academic information or sensitive data. Also keep in mind that if you use more than one device, you have to sync data across devices and this will incur costs.

More tips on backups, as well as activating Windows’ automatic backup function on www.backblaze.com.

 

 
Email

Tags: ,
Posted in E-mail, Security, Tips | Comments Off on Defeat ransomware: Backup your data

Phishing email: “Password Expiry” from Information Technology

Friday, June 30th, 2017

This morning’s attempt at fooling users into divulging personal information like usernames, e-mail addresses and passwords and attempts to disguise itself as an email from the “ITS help desk”

Here is what it looks like: (We have removed the dangerous parts)

From: Karen L. Mcdonah [mailto:spoofed or compromised e-mail address]

Sent: Thursday, 29 June 2017 17:41

To: Karen L. Mcdonah <spoofed mail to disguise the sender>

Subject: IT SERVICE DESK

Your password Will Expire In The Next TWO HOURS Current Mail User Should Please Log On To IT-WEBSITE To Validate Your E-mail Address And Password, Or Your E-mail Address Will Be Deactivated. Thank You.

ITS help desk

ADMIN TEAM

©Copyright 2017 Microsoft

All Right Reserve

That is it. The classic signs of a phishing email should be obvious.

  1. Unknown or undisclosed sender.
  2. Disguised to make it look like it comes from a legitimate sender (like Information Technology)
  3. Threatening or intimidating users into doing something quickly without checking.
  4. Poor grammar and spelling.
  5. Encourages users to click on a link in the email (which takes them to a server under the control of the criminals where they are asked to provide usernames, email addresses and old and new passwords)
  6. The phishing server is not encrypted (http:// instead of https://) so passwords and user data are captured in plain readable text.

Here is what the phishing site looks like. It uses a “throw-away” website provider. The criminals will use this site for a couple of hours and then close it once they have obtained their intended victim’s personal data. (which makes it financially very lucrative!)

 

[ARTICLE BY DAVID WILES]

 

 

Email

Tags:
Posted in E-mail, Security | Comments Off on Phishing email: “Password Expiry” from Information Technology

Petya wreaks havoc worldwide

Wednesday, June 28th, 2017

A serious ransomware attack, similar to WannaCry, has reached Asia after spreading from Europe to the US, hitting businesses, banks, airports, power stations, port operators and government systems. This ransomware is being described by the press and security researchers as “Petya Ransomware.”  Read more on Fin24.

Ransomware is a type of computer virus usually downloaded that attacks and takes over a computer, sometimes installing a password or encrypting the entire hard drive, preventing any access. The victim is then extorted for money, usually payable in Bitcoin, in order to unlock their precious data.”

“This is a new generation of ransomware designed to take timely advantage of recent exploits. This current version is targeting the same vulnerabilities that were exploited during the recent Wannacry attack this past May. This latest attack, known as Petya, is something we are referring to as a ransomworm. In this variant, rather than targeting a single organization, it uses a broad-brush approach that targets any device it can find that its attached worm is able to exploit.” (www.blog.fortinet.com)

While many of you might not be too concerned about this attack, since it originally happened in Ukraine, a small country on the other side of the world, the nature of the Internet and the fact that we are all connected in some way or another, means that it will only be a matter of time before we start to experience attacks on South African soil. There are already reports of infected emails from the Ukraine attack being detected in parts of Western Europe and the USA. 

This attack seems to have began with a extensive phishing attack of emails sent out with infected Excel attachments, or a Trojan virus that attempts to disguise itself as a type of Microsoft Excel online document. Once opened the infected attachment will gain control over the victim’s computer and start encrypting the hard drive contents, preventing any access.

To ensure that you don’t fall prey to this attack, you can follow these instructions from Microsoft.

Please be wary of emails that come from unknown sources, (or even from senders who are unaware that their computers are controlled by ransomware and are busy sending out infected emails.) especially if they have .XLS, .PDF and .HTML attachments or ask you to login to verify details or click on links.

  • The best defense against ransomware is to outwit attackers by not being vulnerable to their threats in the first place. This means backing up important data daily, so that even if your computer gets infected, you won’t be forced to pay to see your data again. Do you have a backup of ALL your important data? Operating systems can be easily rebuilt or reinstalled – your personal data cannot.
  • Be aware of emails that carry a malicious attachments or instruct you to click on a URL.
  • Watch out for “malvertising” – this involves compromising an advertiser’s network by embedding malware in ads that get delivered through web sites you know and trust. Ad blockers are one way to block malicious ads, and patching known browser security holes will also thwart some malvertising. Is your computer up-to-date?
  • Finally, don’t be trigger-happy and click on links, no matter how legitimate they might look. Think first before clicking. If you have doubts about an email, phone up the IT HelpDesk and find out or ask your local computer geek for their opinion.

Many of you are on holiday and at home where your protection *might* not be a good as what we enjoy at the university. 

[ARTICLE BY DAVID WILES]

Email

Tags: , ,
Posted in E-mail, Security | Comments Off on Petya wreaks havoc worldwide

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.