%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20240927022046+00'00') /ModDate (D:20240927022046+00'00') /Title (Report 09-2024) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 12 0 R 14 0 R 16 0 R 18 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 5461 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 198.302 521.469 548.432 re f 0.773 0.773 0.773 RG 0.75 w 0 J [ ] 0 d 45.641 198.677 520.719 547.682 re S 0.773 0.773 0.773 rg 61.016 214.052 m 550.984 214.052 l 550.984 214.802 l 61.016 214.802 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(PHISHING MAIL USING INTIMIDATION AND THREATS)] TJ ET 0.400 0.400 0.400 rg BT 61.016 664.909 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 664.909 Td /F3 9.0 Tf [(January 06,2018)] TJ ET BT 173.588 664.909 Td /F2 9.0 Tf [( by )] TJ ET BT 188.096 664.909 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 637.420 Td /F4 9.0 Tf [(There is no need to panic or be in anyway concerned for your personal safety about the latest batch of “phishing” emails )] TJ ET BT 61.016 626.431 Td /F4 9.0 Tf [(that are going out with “death threats” or extortion regarding your “alleged” online activity around pornography sites etc.)] TJ ET BT 61.016 606.442 Td /F4 9.0 Tf [(A simple Google search using the following term “I Was Paid To Kill You scam” gave me 43 million results, all of the first )] TJ ET BT 61.016 595.453 Td /F4 9.0 Tf [(100 or so pages reporting this mail as a scam. A further search, narrowing the results down to only South Africa and only )] TJ ET BT 61.016 584.464 Td /F4 9.0 Tf [(from last week, resulted in a little over 100 000 results, all of which were reporting as a hoax.)] TJ ET BT 61.016 564.475 Td /F4 9.0 Tf [(A similar scam first surfaced in the USA in 2006. An email from a would-be assassin was sent to a number of users from a )] TJ ET BT 61.016 553.486 Td /F4 9.0 Tf [(Russian e-mail address. The “assassin” apparently appointed by a close acquaintance of his target, offers the victim the )] TJ ET BT 61.016 542.497 Td /F4 9.0 Tf [(opportunity to buy him or herself a new lease on life by paying between $50,000 and $150,000.)] TJ ET BT 61.016 522.508 Td /F4 9.0 Tf [(If you receive mail like this, you should never panic. If you look at the extortion mail there are clues that reveal that the )] TJ ET BT 61.016 511.519 Td /F4 9.0 Tf [(mail is a hoax:)] TJ ET BT 78.360 491.546 Td /F4 9.0 Tf [(1.)] TJ ET BT 91.016 491.530 Td /F1 9.0 Tf [(The subject line:)] TJ ET BT 162.035 491.530 Td /F4 9.0 Tf [( “I Was Paid To Kill You”, “YOU SHOULD BE ASHAMED OF YOURSELF”, “YOUR PRIVACY )] TJ ET BT 91.016 480.541 Td /F4 9.0 Tf [(HAS BEEN COMPROMISED”)] TJ ET BT 91.016 469.552 Td /F4 9.0 Tf [(These are designed to cause anxiety, stress and panic.)] TJ ET BT 78.360 458.579 Td /F4 9.0 Tf [(2.)] TJ ET BT 91.016 458.563 Td /F1 9.0 Tf [(Time limits:)] TJ ET BT 141.029 458.563 Td /F4 9.0 Tf [( “You have 48 Hours to pay…”)] TJ ET BT 91.016 447.574 Td /F4 9.0 Tf [(How can the scammer know that you have received the mail and when you have read the mail and keep track of )] TJ ET BT 91.016 436.585 Td /F4 9.0 Tf [(time to see if “48-hours” has passed?)] TJ ET BT 78.360 425.612 Td /F4 9.0 Tf [(3.)] TJ ET BT 91.016 425.596 Td /F1 9.0 Tf [(Engagement:)] TJ ET BT 148.022 425.596 Td /F4 9.0 Tf [( “Contact me back via e-mail…”)] TJ ET BT 91.016 414.607 Td /F4 9.0 Tf [(Never make contact with the scammers. This immediately alerts them that a “real person” read their mail and they )] TJ ET BT 91.016 403.618 Td /F4 9.0 Tf [(will be able to concentrate their nefarious efforts on you.)] TJ ET BT 61.016 383.629 Td /F4 9.0 Tf [(If you ever receive emails like these, please report is to the Information Technology Cybersecurity Team using the )] TJ ET BT 61.016 372.640 Td /F4 9.0 Tf [(following method:)] TJ ET BT 61.016 352.651 Td /F4 9.0 Tf [(Send the spam/phishing mail to )] TJ ET 0.373 0.169 0.255 rg BT 189.077 352.651 Td /F4 9.0 Tf [(help@sun.ac.za)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 189.077 351.500 m 253.742 351.500 l S 0.153 0.153 0.153 rg BT 253.742 352.651 Td /F4 9.0 Tf [( and )] TJ ET 0.373 0.169 0.255 rg BT 273.758 352.651 Td /F4 9.0 Tf [(sysadm@sun.ac.za.)] TJ ET 0.18 w 0 J [ ] 0 d 273.758 351.500 m 354.920 351.500 l S 0.153 0.153 0.153 rg BT 61.016 332.662 Td /F4 9.0 Tf [(Attach the phishing or suspicious mail on to the message if possible.)] TJ ET BT 61.016 321.673 Td /F4 9.0 Tf [(1. Start up a new mail addressed to )] TJ ET 0.373 0.169 0.255 rg BT 205.088 321.673 Td /F4 9.0 Tf [(sysadm@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 205.088 320.522 m 283.748 320.522 l S 0.153 0.153 0.153 rg BT 283.748 321.673 Td /F4 9.0 Tf [( \(CC: )] TJ ET 0.373 0.169 0.255 rg BT 307.247 321.673 Td /F4 9.0 Tf [(help@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 307.247 320.522 m 371.912 320.522 l S 0.153 0.153 0.153 rg BT 371.912 321.673 Td /F4 9.0 Tf [(\))] TJ ET BT 61.016 310.684 Td /F4 9.0 Tf [(2. Use the Title “SPAM” \(without quotes\) in the Subject.)] TJ ET BT 61.016 299.695 Td /F4 9.0 Tf [(3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It )] TJ ET BT 61.016 288.706 Td /F4 9.0 Tf [(will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of )] TJ ET BT 61.016 277.717 Td /F4 9.0 Tf [(the New Mail.)] TJ ET BT 61.016 266.728 Td /F4 9.0 Tf [(4. Send the mail.)] TJ ET BT 458.968 246.739 Td /F4 9.0 Tf [([Article by David Wiles])] TJ ET 0.400 0.400 0.400 rg BT 61.016 228.250 Td /F2 9.0 Tf [(Posted in:E-mail,Security | Tagged:Phishing,Report Phishing | With 0 comments)] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Annot /Subtype /Link /A 13 0 R /Border [0 0 0] /H /I /Rect [ 189.0767 351.8182 253.7417 360.9757 ] >> endobj 13 0 obj << /Type /Action /S /URI /URI (mailto:help@sun.ac.za) >> endobj 14 0 obj << /Type /Annot /Subtype /Link /A 15 0 R /Border [0 0 0] /H /I /Rect [ 273.7577 351.8182 354.9197 360.9757 ] >> endobj 15 0 obj << /Type /Action /S /URI /URI (mailto:sysadm@sun.ac.za) >> endobj 16 0 obj << /Type /Annot /Subtype /Link /A 17 0 R /Border [0 0 0] /H /I /Rect [ 205.0877 320.8402 283.7477 329.9977 ] >> endobj 17 0 obj << /Type /Action /S /URI /URI (mailto:sysadm@sun.ac.za) >> endobj 18 0 obj << /Type /Annot /Subtype /Link /A 19 0 R /Border [0 0 0] /H /I /Rect [ 307.2467 320.8402 371.9117 329.9977 ] >> endobj 19 0 obj << /Type /Action /S /URI /URI (mailto:help@sun.ac.za) >> endobj xref 0 20 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000305 00000 n 0000000334 00000 n 0000000472 00000 n 0000000575 00000 n 0000006088 00000 n 0000006200 00000 n 0000006315 00000 n 0000006435 00000 n 0000006543 00000 n 0000006671 00000 n 0000006744 00000 n 0000006872 00000 n 0000006947 00000 n 0000007075 00000 n 0000007150 00000 n 0000007278 00000 n trailer << /Size 20 /Root 1 0 R /Info 5 0 R >> startxref 7351 %%EOF E-mail « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

E-mail

« Older Entries
Newer Entries »

Phishing scam: “Proof of Payment”

Friday, August 27th, 2021

Over 2 billion people worldwide have purchased goods or services online during the pandemic. The danger of all this convenient shopping with Takealot, Checkers or any online store is that people provide their credit card number without diligence.

One of the most prevalent scams NOW is called POP or Proof of Payment Receipt. There are a number of new phishing scams with the subject “Proof of Payment” or “Suspicious Bank transaction” at the moment. 

Here is one such scam that is currently being reported by personnel and students at Tygerberg. 

Click for larger image

Click for larger image

The way that this scam works is that the scammers are trying to get their victims to click on the link and go to a specially engineered site to steal passwords and login credentials. Often bank account details and cell phone numbers are asked for, and this is how the scammers get access to bank accounts and can do SIM swaps, to steal money and personal details.

Notice how the mail details have been forged to make the sender and the recipient the same. This is to disguise the true sender and to bypass the mail filters which would normally accept mail from within an organisation. In this case this sender used a “throw-away” Outlook.com e-mail address and then forged the headers to change the sender. In this case there is a possibility that the government address has been compromised.

If you get one of these e-mails or one similar looking (scammers change tactics very quickly) please report it to IT on the ICT Partner Portal. Fill in your information and add the email as an attachment. Your request will automatically be logged on the system.​​

Secondly blacklist the sender under Junk mail, and perhaps even block the entire domain. You can do this by using the Report Message add-in on Outlook (available on your toolbar on the far right) More about the add-in on our blog or you can find the instructions on this .PDF

 

[ARTICLE BY DAVID WILES]

Email

Posted in E-mail, News, phishing, Security | Comments Off on Phishing scam: “Proof of Payment”

Careful of Reply All

Tuesday, March 2nd, 2021

Last month some university staff’s mailboxes were flooded with an email advertising services in what we call an email storm. Apart from being disruptive, these emails weren’t harmful, but we would like to remind you of a five important things to keep in mind before you send email to large groups:

1. ALWAYS use the BCC field, NOT the CC field.
If you use the BCC field instead of the CC field the Reply All option is disabled. Therefore recipients won’t be able to Reply All and cause a flood of inconvenient emails.

2. DO NOT Reply All when you receive an email sent to multiple people.
If you receive an email that has been sent to a large number of people, please by default don’t Reply All. You will only be causing an unnecessary surge of emails and annoy your colleagues. If you need to comment only email the sender or the relevant people.

3. Advertising services or products on the SU network is not allowed.
No staff or student member is allowed to advertise any services on the SU network. This is stipulated in the Electronic Communications Policy which staff and students agree to when reactivating their network access every year.

4. If you need to send official mass communication, consult the Digital Communications Office.
The Digital Communications Office, a division of Corporate Communications, are responsible for campus-wide electronic communication. They use specific platforms to distribute information and will be able to advise you on the most efficient way of sending out your email.

5. Use SYMPA
If you regularly need to send out emails, you can use the SYMPA mailing solution. More information on SYMPA.

 

Email

Posted in E-mail, Notices | Comments Off on Careful of Reply All

Change your password online

Thursday, February 25th, 2021

In the past, the IT Service Desk was your first stop when you forgot your password (we know, it happens to us too!) or had to change your password. Unfortunately, due to various security risks, as well as the very strict new data protection acts, the Service Desk is no longer allowed to change or reset your password for you. (You can read more about the university’s own Data Privacy Regulation here)

We would like to encourage staff and students to use the Password Selfhelp website in future. We realise that this might be inconvenient, but for your and our own protection, we will have to follow this procedure. 

 The Password Selfhelp website (www.sun.ac.za/password) offers two options: 

  1. Change Password for users who know what their password is and want to change it. 
  2. Reset Password for users who forgot their password. 

To use the online Password Selfhelp, your cellphone number or an alternative email address has to be on the HR records, otherwise, you will not be able to change your password. You can update this information by logging onto SUN-e-HR though the staff portal,  http://my.sun.ac.za or contacting your department’s HR contact person. 

Select the My Profile link – Personal Information

Log on to SUN-e-HR.

Select Basic Details – Update, Other, Personal Email Address 

or

Select  Phone Numbers – Update

During the password change process a PIN code, consisting of 8 numbers, will be SMSed or emailed to the user (depending on which option he/she selected) Please use this PIN to change your password on the self help website. As soon as the password has been changed, the user will be notified by means of SMS or email.

If you have not requested a password change, please notify the IT Service Desk immediately at 808 4367.

IMPORTANT!

If you are working from home you will also need to follow these instructions after you’ve changed your password to ensure that it sync properly across devices and accounts.
Email

Posted in E-mail, Internet, Security | Comments Off on Change your password online

“PLEASE SUPPORT STIAS…” email causes a mail storm

Friday, February 19th, 2021

There is no reason to be worried or concerned about a mail that is being circulated with the subject line starting with “PLEASE SUPPORT STIAS…”

Although it is definitely spam (defined as unsolicited commercial e-mail) it does not appear have any dangerous content and was sent out by a university user to over 300 addresses one of which was the general IT Service Desk email address. Because it was sent to the address which automatically logs service requests the account automatically emailed all the recipients with “Cancellation” e-mails, who then replied, etc. This was no fault on the side of the IT Service desk as it is an automatic process of the Jira logging software that IT uses to track its calls.

This is known as a mail storm in IT jargon when somebody replies to a single e-mail sent to a mailing list and inadvertently replies with a personal message to the entire mailing list leading to a snowball effect or a mail storm. It is like a dog chasing its own tail!

If you receive a mail with the subject line ICT-338035 FW: PLEASE SUPPORT STIAS – PLAN YOUR NEXT MEETING, WORKSHOP AND OR CONFERENCE WITH US”  or “PLEASE SUPPORT STIAS – PLAN YOUR NEXT MEETING, WORKSHOP AND OR CONFERENCE WITH US” just delete it. 

If you want to take it further and set up a mail filter to delete all mails with that particular Subject, then you can do so. However do not blacklist the sender or report it to the help@sun.ac.za address or it will just perpetuate the spam, and you could block legitimate e-mails from IT or the original sender.

Stay safe out there and thank you to everyone who flagged this email. It is encouraging when we have such observant and enthusiastic users.

[ARTICLE BY DAVID WILES]

 

Email

Posted in E-mail, News, Security | Comments Off on “PLEASE SUPPORT STIAS…” email causes a mail storm

Reactivate your username before 1 April

Monday, February 8th, 2021

Network access (usernames) for staff will expire at the end of March unless you reactivate your username.

We suggest that you reactivate yours as soon as possible to ensure uninterrupted access to IT services (internet, email, SUN-e-HR etc.). Keep in mind that the cost centre manager still has to approve your request before your username is reactivated; allow sufficient time for this to be done to avoid disruption of your service.

You will receive an email from helpinfo@sun.ac.za indicating that your username (“engagement”) will expire soon. Three notifications will be sent before the end of March. Alternatively, you can go directly to the reactivation page.

Once logged into the reactivation page, you can select the services you want to reactivate.  You are encouraged to read the ECP (Electronic Communication Policy) before reactivating.

Choose the services (network / email usernames and internet usernames) you want to register for (see images below).

 

Reactivation of internet usernames is no longer necessary and can be ignored.

Make sure you select the correct cost points and if you’re unsure ask your cost centre manager. Click Accept and Reactivate.

 You will receive a notification stating that your request has been submitted, as well as a confirmation email. 

The webpage will indicate that it will be activated as soon as it has been approved by the cost centre manager. When the cost centre manager approves the reactivation request access will be extended to the end of March next year.

If you have completed these steps successfully and still receive emails from helpinfo@sun.ac.za urging you to reactivate, please go back to the reactivation page and make sure the appropriate boxes are checked: Your Network / Email usernames Your Internet usernames

 If you are still not able to reactivate, please raise a request at servicedesk.sun.ac.za

Email

Posted in Connectivity, E-mail, General, Internet, News, Notices | Comments Off on Reactivate your username before 1 April

« Older Entries
Newer Entries »
 

© 2013-2024 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.