Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

E-mail

« Older Entries
Newer Entries »

Learn What It Takes to Refuse the Phishing Bait!

Wednesday, February 1st, 2017

Cybercriminals know the best strategies for gaining access to your institution’s sensitive data. In most cases, it doesn’t involve them rappelling from a ceiling’s skylight and deftly avoiding a laser detection system to hack into your servers; instead, they simply manipulate one staff member or student.

According to IBM’s 2014 Cyber Security Intelligence Index, human error is a factor in 95 percent of security incidents. Following are a few ways to identify various types of social engineering attacks and their telltale signs.

  • Phishing isn’t relegated to just e-mail! Cyber criminals will also launch phishing attacks through phone calls, text messages, or other online messaging applications. Don’t know the sender or caller? Seem too good to be true? It’s probably a phishing attack.
  • Know the signs. Does the e-mail contain a vague salutation, spelling or grammatical errors, an urgent request, and/or an offer that seems impossibly good? Click that delete button.
  • Verify the sender. Check the sender’s e-mail address to make sure it’s legitimate. If it appears that our help desk is asking you to click on a link to increase your mailbox quota, but the sender is “UniversityHelpDesk@yahoo.com,” it’s a phishing message.
  • Don’t be duped by aesthetics. Phishing e-mails often contain convincing logos, links to actual company websites, legitimate phone numbers, and e-mail signatures of actual employees. However, if the message is urging you to take action — especially action such as sending sensitive information, clicking on a link, or downloading an attachment — exercise caution and look for other telltale signs of phishing attacks. Don’t hesitate to contact the company directly; they can verify legitimacy and may not even be aware that their name is being used for fraud.
  • Never, ever share your password. Did we say never? Yup, we mean never.Your password is the key to your identity, your data, and your classmates’ and colleagues’ data. It is for your eyes only. The IT department will never ask you for your password.
  • Avoid opening links and attachments from unknown senders. Get into the habit of typing known URLs into your browser. Don’t open attachments unless you’re expecting a file from someone. Give them a call if you’re suspicious.
  • When you’re not sure, call to verify. Let’s say you receive an e-mail claiming to be from someone you know — a friend, colleague, or even the rector of the university. Cyber criminals often spoof addresses to convince you, then request that you perform an action such as transfer funds or provide sensitive information. If something seems off about the e-mail, call them at a known number listed in the university’s directory to confirm the request.
  • Don’t talk to strangers! Receive a call from someone you don’t know? Are they asking you to provide information or making odd requests? Hang up the phone and report it to the helpdesk.
  • Don’t be tempted by abandoned flash drives. Cyber criminals may leave flash drives lying around for victims to pick up and insert, thereby unknowingly installing malware on their computers. You might be tempted to insert a flash drive only to find out the rightful owner, but be wary — it could be a trap.
  • See someone suspicious? Say something. If you notice someone suspicious walking around or “tailgating” someone else, especially in an off-limits area, call campus safety.

[ARTICLE FROM Educause]

Email

Tags: , ,
Posted in E-mail, General, Security | Comments Off on Learn What It Takes to Refuse the Phishing Bait!

Scam warning: UPS Parcel Receipt with infected attachment

Wednesday, November 30th, 2016

The holiday season is upon us and there is a lot of activity around this time of the year with parcels being delivered both at home and at the university. This is being exploited by the scammers.

There is currently a UPS scam making its rounds in university mailboxes, where victims are lured into clicking a download link.

If you have received a package via the parcel company like UPS or DHL, you might be tempted open up an e-mail that seems to come from them, saying they have a package for you. There might be an attachment that you are asked to open to confirm your address or to fill in your personal details for “verification”.

The whole thing is a scam. Clicking on the attachment will download a Trojan virus onto your computer which will just sit there doing its nefarious work — reading your files, including confidential information, then transmitting the details to a server somewhere that is controlled by the criminals.

It seems there are two main variations of this “parcel delivery” scam – both looking like a genuine notification.

  • The first one tells you the parcel service tried, but was unable to deliver a package to you because of an incorrect address. The subject heading usually has a phony tracking number. The attachment is supposedly a copy of a waybill or invoice for you to print and use to collect the parcel from a UPS office.
  • The second is a customs notification and may even seem to come from “US Customs Service” rather than UPS. It says you have an international package (usually from Europe) and that you need to complete the attached customs form so it can be delivered.

In both these cases, the attachment is a compressed ZIP file (that is, one with a name that ends in “.zip”), even though the icon may look like a Word document. As soon as you double click on it, it will install a program onto your computer will then download and install several files on your system. These may disable your firewall, look for and steal credit card and bank account details, make screen snapshots and allow hackers full access to your machine.

This attack underlines the danger of opening an attached file in an email, even if it appears to come from a person or organization you know or frequently deal with.

Here is an example of one such mail.

 

 

From: Usps Parcel [mailto:shipment@uspc.com]

Sent: 28 November 2016 07:29 AM

To: Recipients <shipment@uspc.com>

Subject: Parcel Receipt

 

USPS Shipment Notification

A parcel was sent to our office for you and we have tried to deliver it several times to your address on file.

Attached is the receipt via Dropbox, used in sending you the parcel. We advise you DOWNLOAD the document and reconfirm the address on receipt if its your valid address.

For further assistance, please call USPS Customer Service.

For International Customer Service, please use official USPS site.

 

Copyright © 2016 USPS. All Rights Reserved.

This message has been scanned for viruses and dangerous content by Fair Distribution MailScanner, and is believed to be clean. 

 

So do not succumb to the temptation of opening up attachments in emails, especially if it comes from couriers and parcel delivery companies like UPS or DHL. It is the end of the year. Our energy and concentration is ebbing and we are all more vulnerable, making us all potential targets of the cyber-criminal.

[ARTICLE BY DAVID WILES]

Email

Tags: , ,
Posted in E-mail, Security | Comments Off on Scam warning: UPS Parcel Receipt with infected attachment

Beat the cyberbully

Friday, November 11th, 2016

bully-655659_960_720Cyberbullying is deliberately and repeatedly harming or harassing someone using electronic technology  – this includes devices and equipment such as cell phones, computers, and tablets, as well as communication tools including social media sites, text messages, chat, and websites. 

With the increased use of communication technology, cyberbullying has become increasingly common, especially among teenagers. While the term cyberbullying is used predominantly for children or teenagers, cyberstalking or cyberharassment is when the same behaviour occurs in adults. 

What is cyberbullying or -stalking?

The main goal of this harassment is to threaten a person’s reputation, employment, earnings, safety or try to turn people against them. Cyberbullies aim to intimidate, hurt, control, manipulate, humiliate or falsely discredit someone. Their actions are deliberate, hostile, usually repeated and intended to harm.

Cyberstalkers use public forums, social media or online information sites to launch their attacks on. Online platforms provide anonymity and bullies can remain ignorant of the consequences their attacks have on the victims. According to the National Council on Crime Prevention’s survey, 81% of teenagers thought others cyberbully because it’s funny. 

Cyberbullying can come in various forms. It can be someone repeatedly sending e-mails or text messages even when the person clearly stated they don’t want them. It can include repeated threats, sexual remarks, hate speech, false accusations or ridiculing someone.

Some bullies/stalkers will even go so far as to hacking into a site and changing information or posting false statements to humiliate or discredit a person. They may also publicise a victim’s personal data or create a fake account to use to defame, discredit or humiliate them.

The 8 most common cyberbullying tactics used by teens according to www.wikipedia.org are the following:

  1. Exclusion: Teenagers intentionally exclude others from an online group.
  2. Cyberstalking: Teens will harass others by constantly sending emails, messages, or tagging others in posts they don’t want to be tagged in.
  3. Gossip: Post or send cruel messages that damage another’s reputation, relationships, or confidence.
  4. Outing/Trickery: Trick another teen into revealing secrets or embarrassing information which the cyberbully will then share online.
  5. Harassment: Post or send offensive, insulting, and mean messages repeatedly.
  6. Impersonation: Create fake accounts to exploit another teen’s trust. They may also hack into an account and post or send messages that are damaging to the person’s reputation or relationships.
  7. Cyber Threats: Threaten or imply violent behaviour toward others to make them feel uncomfortable.
  8. Flaming: Fights online that involve hateful or offensive messages that may be posted on various websites, forums, or blogs.

More definitions of cyberbullying can be found on The Centre for Justice and Crime Prevention’s website.

Who are the bullies?

The root of cyberbullying is the same as face-to-face bullying. The only difference is the convenience and anonymity of technology which makes it even easier.

Usually, a bully will know their victim and attack them because of their own prejudice, whether it’s race, religion or sexual orientation. Or merely because they’re “not cool” or they didn’t like something they said on social media. 

It’s important to keep in mind that, in general, a bully’s behaviour stems from their own problems or issues. According to Stopbullying.gov, there are two main groups who harass others. Popular kids or teens bully because they think it will make them more popular or hurting others give them a false perception of power. At the other end of the spectrum are those who bully because they are victims of bullying themselves and it’s their way to lash out. 

How to beat cyberbullying or cyberstalking

In most countries, cyberstalking has the same consequences as physical stalking. South Africa does not have specific legislation dealing with cyberbullying. The victims of cyberbullying, therefore, have to rely on criminal law and/or civil law. More information on these laws can be found on The Centre for Justice and Crime Prevention’s website.

For this reason, it’s important to deal with cyberbullying as soon as it rears its head. The video below provides some valuable hints in this regard.

 

[SOURCES: http://www.bullying.co.uk/cyberbullying/, http://www.deletecyberbullying.org/why-do-people-cyberbully/, http://www.cyberbullying.org.za/south-african-law.html]

 

Email

Tags:
Posted in Communication, E-mail, General, Security | Comments Off on Beat the cyberbully

Spam = blocked accounts

Thursday, October 6th, 2016

A fast-spreading spam e-mail caused problems on campus last week. Some students and staff clicked on a malicious link in a phishing e-mail and subsequently gave a hacker access to their Outlook cloud e-mail accounts. The criminal proceeded to use their e-mail addresses and mailbox to spam all their contacts. Since it was sent from a @sun address, receivers of the spam didn’t suspect anything. (An example of the e-mail, with dangerous links removed, is shown below)

Unfortunately, due to the mass e-mails sent from these mailboxes, Microsoft automatically blocked the users’ accounts and they were unable to access e-mail. 

Please remember to look for the general characteristics of a phishing e-mail before you click on links in e-mail. Just because it’s sent from a @sun address , it does not mean it’s safe.

If you suddenly don’t have access to your e-mail, contact the IT helpdesk (x4367). If you’ve clicked on a suspicious link, change your password immediately.

 

From: Known address <knownaddress1@sun.ac.za>
Sent: 05 October 2016 12:26 PM
To: SU address <knownaddress@sun.ac.za>
Subject: PI Doc copy

 

Please confirm PI doc copy below using Google documents
for your account to be credited.

Continue to Gdocs

Kind regards

Email

Tags: , ,
Posted in E-mail, Security | Comments Off on Spam = blocked accounts

E-mail on the cloud

Thursday, September 29th, 2016

cloudAt the end of July we announced that university e-mail will soon be hosted in the cloud. Most of our Tygerberg staff were successfully migrated and are already active on Outlook via Office365. Next up is Stellenbosch.

Benefits of cloud e-mail include:
• Larger mailboxes and storage space.
• E-mail and storage space are accessible from anywhere in the world where there is internet access.
• E-mail and storage space are backed up in the cloud.

The only consideration is dependability on internet quality, as the service is hosted in the cloud. 

Mailboxes will be moved per department and each department will be notified via e-mail ahead of time when their e-mail will be moved. Little, if any disruption or downtime are anticipated during the migration period. 

After your mailbox has been moved, Outlook will prompt you to enter a password. Please enter your full e-mail address (e.g. username@sun.ac.za), password and select the Remember credentials option. There is a possibility that e-mail settings on your mobile device might have to be changed. We have also compiled a selection of FAQs if you have any problems. More technical instructions, if needed, are available on the IT self-help site.

User support might be necessary for devices with outdated software and our support team is ready to deal with these cases. However, please note that standard SU devices with Windows and asset numbers have to be attended to first and will be given priority. Non-standard devices, for example, Apple and Linux operating systems or private devices without asset numbers can only be attended to once we’re done with them.

If you have any questions or feedback, please contact the IT Service Desk at 021 808 4367 or help@sun.ac.za

Email

Posted in Communication, E-mail | Comments Off on E-mail on the cloud

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.