Language:
SEARCH
  • Recent Posts

  • Categories

  • Archives

E-mail

Phishing remains prevalent

Wednesday, January 13th, 2016

Attempts to harvest staff’s personal information in order to gain access to bank accounts, remains a thorny issue.

Unfortunately we can’t warn you against every potentially dangerous e-mail, but we can show you what to look for so you don’t fall prey to one of these scams. Look out for these signs:

1. The e-mail is never addressed to you personally – it’s a generic heading. (e.g. Dear client)
2. It asks the receiver to divulge personal information, for example your ID number, password or username.
3. The e-mail asks you to click on a link to “activate” your account. Don’t click on any links in e-mails (unless it’s an official IT e-mail) and also don’t copy and paste it in your web browser.
4. Usually a short time limit is given, for example “within 24 hours”.
5. Make sure the request is official and legal by calling the company and confirming.
6. Do not send sensitive information by e-mail. Legitimate companies won’t ask you to send data by e-mail.

Above all, the best defence is being attentive and cautious. Report suspect email to sysadm@sun.ac.za and also read our articles on security on our blog, as well as the fortnightly newsletter, Bits & Bytes.

E-mails with a hidden agenda

Wednesday, October 14th, 2015

Two e-mails trying to scam staff out of their information, and potentially money, materialised in our mailboxes last week.

The first is a familiar one attempting to get you to reactivate to increase your webmail quota.

The source of the scam is Russia, and  it uses a man-in-the-middle method to send out the mail. This method takes the e-mail credentials from a staff member who has inadvertently given their e-mail details to the scammers. It typically occurs when you respond to a “you have won/inherited X-amount of money in a lucky draw/online survey/death of a unknown relative/government official” e-mail or click on an advert on a compromised website.

The scammers use your e-mail address and, if it is also infected with malware or a virus, your PC, to send an e-mail to all accounts within the same organisation.

The use of a university e-mail as the alleged sender often lulls us into thinking it is legitimate and we respond. We forget that “senders” and most mail details in an e-mail can be forged by these scammers.

The mail below is an example of one such scam. It might be useful to remember that personnel currently have 1Gb of mailbox storage, and students have 50Gb through Office365. The dangerous links have been removed.

The second e-mail targets Pick & Pay clients with an e-mail on Smart Shopper credits. (see example below with active links removed)

Take note of the following:

1. The e-mail is never addressed to you personally – it’s just a generic heading.
2. It asks the receiver to divulge personal information, e.g, Smartshopper number and ID number.
3. The wording is somewhat threatening –  “make sure” and “must”.

With the information sourced by the e-mail, Smartshopper cards can be duplicated. Since your ID number is also joined with your Smartshopper card, not only your credits are at risk, but also the possibility of identity theft.

Never respond to this sort of mail. Information Technology will never send such a mail about your mailbox size and Pick & Pay also won’t communicate with its clients in this way. If in doubt phone the IT Service Desk.

 


From: University, Personnel, Address <faultyaddress@sun.ac.za>

Sent: Wednesday, 14 October 2015 08:24
Subject: 500MB

Dear E-mail User,

Your webmail quota has exceeded the set quota which is 500MB. you are currently running on 1.3GB. To re-activate and increase your webmail quota please verify and update your webmail Account In order to  re-activate and increase your webmail quota click linkhttp://phishing.site.in.russia/   LOGON WITH YOUR LOGIN DETAILS TO COMPLETE UPGRADE.

Failure to do so may result in the cancellation of your webmail account. You may not be able to send or receive new mail until you re-validate your mailbox.

Thanks, and sorry for the inconvenience.

Admin/ Webmaster/ Local host


 

From: Pick N Pay [mailto:faultyaddress@pnp.co.za]

Sent: Tuesday, 20 October 2015 05:42
Subject: Your R700 Pick N Pay (PNP) Shopping Voucher ready for claim

Attention PNP Smart Card Owner,

You have qualified to receive a shopping voucher of R700 to shop for groceries at any “PNP” outlet near you. Make sure you have your SMART SHOPPER CARD with you before you can proceed.

CLICK HERE TO PROCEED

Regards,

PNP

 [INFORMATION SUPPLIED BY DAVID WILES]

Phishing scam: Ibanking confirmation

Monday, September 28th, 2015

Scammers never give up, and this latest iteration tries to disguise itself as a message from Capitec Bank. It is poorly executed with some glaring mistakes, but nevertheless they still catch people in South Africa. (Did you know that according to a report from the South African Banking Risk Information Centre (SABRIC), South African were scammed out of R2.2 billion by phishing scams in 2013 alone.)

Below is a e-mail that is making its rounds again, this time from Capitec.

Note several tell-tale signs that this is a phishing scam:

  • The email has improper spelling or grammar
  • The hyperlinked URL is different from the one shown (this one comes from a hijacked domain based in the USA)
  • The email urges you to take immediate action
  • The email requests for personal information
  • …and for the technically-inclined the most obvious mistake is the IP address.

[IP addresses are a unique string of numbers separated by full stops that identifies each computer using the Internet Protocol to communicate over a network. These addresses are 4 sets of numbers each between 0 and 255 (256 unique values) The university’s IP address ALWAYS begins with 146.232…]

In this case the IP address is fake. There will never be an IP with a value of 362…

—————————————————————————————————

From: Capitec. [mailto:capitec@cnserv.co.za]
Sent: 25 September 2015 12:57 PM
To: Victim, IAMA, Mej <iamavictim@sun.ac.za>
Subject: Ibanking confirmation

 

Dear valued Client

An ip address 82.128.362.135 made some incorrect logon attempts
with your remote pin.

Please respond to this by following the reference below and you
will be guided through the secure restore process.

Restore ebanking access (this link has been cleaned up and is no longer a danger)

You may experience future problems with your
online access by failing to attend to this matter.

Ebanking Service

 

—————————————————————————————————–

[ARTICLE BY DAVID WILES]

 

Regret sending that e-mail?

Tuesday, September 22nd, 2015

Maybe you are extremely irritated with a colleague, or worse, your boss and want to vent your anger. So you send an e-mail.

Practically just as you press the send button, you realise it might not have been such a great idea.  For all the hotheads out there, we might have a solution for you. That is, if you use Gmail.

In June this year Gmail activated a function called Undo Send. If you make a typo or regret sending a message, you can undo the action by enabling Undo send. This setting gives you the option to take back a message you just sent.

To enable Undo Send:

  1. Click the gear in the top right .
  2. Select Settings.
  3. Scroll down to Undo Send and click Enable.
  4. Set the cancellation period (the amount of time you have to decide if you want to unsend an email).
  5. Click Save Changes at the bottom of the page.

If you had Undo Send turned on in Gmail Labs, your Undo Send setting will be on by default.

To give you time to undo, Gmail delays sending the message for a few seconds. Under the Undo Send function you can also set the cancellation period to 1, 3 or 20 seconds.  Once that window of time passes the email is sent normally and cannot be undone as it is already transferred from your mail server to the recipient’s mail server. If you don’t select Undo within the time limit, your message will be sent.

Just take note that Undo send may not work if you experience connection issues.

For all the Outlook users out there, don’t despair. Outlook also has a function to recall messages. Just as with Gmail there are also limitations as to what you can do with the recall function. The success or failure of a recall depends on the recipients’ settings in Microsoft Outlook.

For example, if the message has already been read by the recipient, it will not be recalled. If it has been delivered, both the new and old message will be in the recipient’s mailbox. However, the recipient will be informed that you, the sender, deleted the message from his or her mailbox.

For full instructions on how to use Outlook’s recall function, click here.

 

 

[SOURCE: www.howtogeek.com]

New html phishing scam

Wednesday, August 26th, 2015

There are a number of e-mails arriving in student and personnel accounts that have malware/virus infected attachments, usually *disguised* as .html files.

The e-mails have subject lines like “UCount reward confirmation” and “Confirmation of epayment” and have .html attachments.  After clicking the link on the webpage that appear, you will be sent to a fraudulent site, which looks just like the institution’s web site and you will be asked for various sensitive information. Although the Trojan attachment does not install anything into the system, it utilizes the “social engineering” technique to force users fill in their personal data on a fraudulent web site.

  • Always beware when asked for private information.
  • Do not click on links in e-mail and do not copy-paste them into your browser.
  • Open a new browser window and type in the company’s correct address.
  • Make sure such requests are genuine by, for example, calling a known company’s phone number.
  • Do not send sensitive information by e-mail. Legitimate companies do not ask you to send important data by e-mail.

Be careful out there. The reason why scammers are so successful is because they catch people regularly!

[ARTICLE BY DAVID WILES]

 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.