%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20240927041808+00'00') /ModDate (D:20240927041808+00'00') /Title (Report 09-2024) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 12 0 R 14 0 R 16 0 R 18 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 5461 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 198.302 521.469 548.432 re f 0.773 0.773 0.773 RG 0.75 w 0 J [ ] 0 d 45.641 198.677 520.719 547.682 re S 0.773 0.773 0.773 rg 61.016 214.052 m 550.984 214.052 l 550.984 214.802 l 61.016 214.802 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(PHISHING MAIL USING INTIMIDATION AND THREATS)] TJ ET 0.400 0.400 0.400 rg BT 61.016 664.909 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 664.909 Td /F3 9.0 Tf [(January 06,2018)] TJ ET BT 173.588 664.909 Td /F2 9.0 Tf [( by )] TJ ET BT 188.096 664.909 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 637.420 Td /F4 9.0 Tf [(There is no need to panic or be in anyway concerned for your personal safety about the latest batch of phishing emails )] TJ ET BT 61.016 626.431 Td /F4 9.0 Tf [(that are going out with death threats or extortion regarding your alleged online activity around pornography sites etc.)] TJ ET BT 61.016 606.442 Td /F4 9.0 Tf [(A simple Google search using the following term I Was Paid To Kill You scam gave me 43 million results, all of the first )] TJ ET BT 61.016 595.453 Td /F4 9.0 Tf [(100 or so pages reporting this mail as a scam. A further search, narrowing the results down to only South Africa and only )] TJ ET BT 61.016 584.464 Td /F4 9.0 Tf [(from last week, resulted in a little over 100000 results, all of which were reporting as a hoax.)] TJ ET BT 61.016 564.475 Td /F4 9.0 Tf [(A similar scam first surfaced in the USA in 2006. An email from a would-be assassin was sent to a number of users from a )] TJ ET BT 61.016 553.486 Td /F4 9.0 Tf [(Russian e-mail address. The assassin apparently appointed by a close acquaintance of his target, offers the victim the )] TJ ET BT 61.016 542.497 Td /F4 9.0 Tf [(opportunity to buy him or herself a new lease on life by paying between $50,000 and $150,000.)] TJ ET BT 61.016 522.508 Td /F4 9.0 Tf [(If you receive mail like this, you should never panic. If you look at the extortion mail there are clues that reveal that the )] TJ ET BT 61.016 511.519 Td /F4 9.0 Tf [(mail is a hoax:)] TJ ET BT 78.360 491.546 Td /F4 9.0 Tf [(1.)] TJ ET BT 91.016 491.530 Td /F1 9.0 Tf [(The subject line:)] TJ ET BT 162.035 491.530 Td /F4 9.0 Tf [( I Was Paid To Kill You, YOU SHOULD BE ASHAMED OF YOURSELF, YOUR PRIVACY )] TJ ET BT 91.016 480.541 Td /F4 9.0 Tf [(HAS BEEN COMPROMISED)] TJ ET BT 91.016 469.552 Td /F4 9.0 Tf [(These are designed to cause anxiety, stress and panic.)] TJ ET BT 78.360 458.579 Td /F4 9.0 Tf [(2.)] TJ ET BT 91.016 458.563 Td /F1 9.0 Tf [(Time limits:)] TJ ET BT 141.029 458.563 Td /F4 9.0 Tf [( You have 48 Hours to pay)] TJ ET BT 91.016 447.574 Td /F4 9.0 Tf [(How can the scammer know that you have received the mail and when you have read the mail and keep track of )] TJ ET BT 91.016 436.585 Td /F4 9.0 Tf [(time to see if 48-hours has passed?)] TJ ET BT 78.360 425.612 Td /F4 9.0 Tf [(3.)] TJ ET BT 91.016 425.596 Td /F1 9.0 Tf [(Engagement:)] TJ ET BT 148.022 425.596 Td /F4 9.0 Tf [( Contact me back via e-mail)] TJ ET BT 91.016 414.607 Td /F4 9.0 Tf [(Never make contact with the scammers. This immediately alerts them that a real person read their mail and they )] TJ ET BT 91.016 403.618 Td /F4 9.0 Tf [(will be able to concentrate their nefarious efforts on you.)] TJ ET BT 61.016 383.629 Td /F4 9.0 Tf [(If you ever receive emails like these, please report is to the Information Technology Cybersecurity Team using the )] TJ ET BT 61.016 372.640 Td /F4 9.0 Tf [(following method:)] TJ ET BT 61.016 352.651 Td /F4 9.0 Tf [(Send the spam/phishing mail to)] TJ ET 0.373 0.169 0.255 rg BT 189.077 352.651 Td /F4 9.0 Tf [(help@sun.ac.za)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 189.077 351.500 m 253.742 351.500 l S 0.153 0.153 0.153 rg BT 253.742 352.651 Td /F4 9.0 Tf [( and)] TJ ET 0.373 0.169 0.255 rg BT 273.758 352.651 Td /F4 9.0 Tf [(sysadm@sun.ac.za.)] TJ ET 0.18 w 0 J [ ] 0 d 273.758 351.500 m 354.920 351.500 l S 0.153 0.153 0.153 rg BT 61.016 332.662 Td /F4 9.0 Tf [(Attach the phishing or suspicious mail on to the message if possible.)] TJ ET BT 61.016 321.673 Td /F4 9.0 Tf [(1. Start up a new mail addressed to )] TJ ET 0.373 0.169 0.255 rg BT 205.088 321.673 Td /F4 9.0 Tf [(sysadm@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 205.088 320.522 m 283.748 320.522 l S 0.153 0.153 0.153 rg BT 283.748 321.673 Td /F4 9.0 Tf [( \(CC: )] TJ ET 0.373 0.169 0.255 rg BT 307.247 321.673 Td /F4 9.0 Tf [(help@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 307.247 320.522 m 371.912 320.522 l S 0.153 0.153 0.153 rg BT 371.912 321.673 Td /F4 9.0 Tf [(\))] TJ ET BT 61.016 310.684 Td /F4 9.0 Tf [(2. Use the Title SPAM \(without quotes\) in the Subject.)] TJ ET BT 61.016 299.695 Td /F4 9.0 Tf [(3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It )] TJ ET BT 61.016 288.706 Td /F4 9.0 Tf [(will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of )] TJ ET BT 61.016 277.717 Td /F4 9.0 Tf [(the New Mail.)] TJ ET BT 61.016 266.728 Td /F4 9.0 Tf [(4. Send the mail.)] TJ ET BT 458.968 246.739 Td /F4 9.0 Tf [([Article by David Wiles])] TJ ET 0.400 0.400 0.400 rg BT 61.016 228.250 Td /F2 9.0 Tf [(Posted in:E-mail,Security | Tagged:Phishing,Report Phishing | With 0 comments)] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Annot /Subtype /Link /A 13 0 R /Border [0 0 0] /H /I /Rect [ 189.0767 351.8182 253.7417 360.9757 ] >> endobj 13 0 obj << /Type /Action /S /URI /URI (mailto:help@sun.ac.za) >> endobj 14 0 obj << /Type /Annot /Subtype /Link /A 15 0 R /Border [0 0 0] /H /I /Rect [ 273.7577 351.8182 354.9197 360.9757 ] >> endobj 15 0 obj << /Type /Action /S /URI /URI (mailto:sysadm@sun.ac.za) >> endobj 16 0 obj << /Type /Annot /Subtype /Link /A 17 0 R /Border [0 0 0] /H /I /Rect [ 205.0877 320.8402 283.7477 329.9977 ] >> endobj 17 0 obj << /Type /Action /S /URI /URI (mailto:sysadm@sun.ac.za) >> endobj 18 0 obj << /Type /Annot /Subtype /Link /A 19 0 R /Border [0 0 0] /H /I /Rect [ 307.2467 320.8402 371.9117 329.9977 ] >> endobj 19 0 obj << /Type /Action /S /URI /URI (mailto:help@sun.ac.za) >> endobj xref 0 20 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000305 00000 n 0000000334 00000 n 0000000472 00000 n 0000000575 00000 n 0000006088 00000 n 0000006200 00000 n 0000006315 00000 n 0000006435 00000 n 0000006543 00000 n 0000006671 00000 n 0000006744 00000 n 0000006872 00000 n 0000006947 00000 n 0000007075 00000 n 0000007150 00000 n 0000007278 00000 n trailer << /Size 20 /Root 1 0 R /Info 5 0 R >> startxref 7351 %%EOF E-mail « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

E-mail

« Older Entries
Newer Entries »

Warning: Sextortion scam

Monday, February 1st, 2021
There is a “sextortion” email making the rounds at the moment and with many personnel and students still working andstudying from home, many are concerned about the risks.
 
“The device has been successfully hacked” is a new ‘sextortion’ email scam for 2021. This email scam, like most sextortion scams, relies on “social engineering”, a process through which the scammers induce shame, panic or guilt. The scammers (the authors of the email) claim that they obtained material compromising the user (because of a computer hack, email account hack, router hack, etc) and threaten to publish it if the ransom is not paid. None these claims are true in any way; they are just deception.
 
The “The device has been successfully hacked” email message says that someone successfully hacked the recipient’s device and monitored it for a long time. The hacker claims that this was made possible by a virus installed on the device when the user visited the adult site. Using this virus, the hacker was able to record a video that compromises the user, and gained access to the user’s personal contacts, instant messengers, and social networks. If the recipient pays $1300 in Bitcoin, the hacker promises to delete all the data. Next, the scam email contains the bitcoin address to which the ransom should be transferred. This email is just a sextortion scam, and all the statements are fake. 
 
What to do when you receive the “The device has been successfully hacked” SCAM:

  • Do not panic.
  • Do not pay a ransom.
  • If there’s a link in the scam email, do not click it, otherwise you might unwittingly install malware or ransomware on your computer.
The mail will come from several e-mail addresses, which might very from user to user. Scammers use thousands of “throw-away” e-mail addresses to send out these scams.
 
If you do get such an e-mail use one of the two methods below to report it to IT Cyber Security as soon as possible. This way IT can filter and block the senders

By reporting it on the ICT Partner Portal.​​

Go to https://servicedesk.sun.ac.za/jira/servicedesk/customer/portal/6/create/115. 

Fill in your information and add the email as an attachment. Your request will automatically be logged on the system.​​

If you have accidentally responded to the phisher and already provided them with your personal details, it is vitally important that you immediately go to the USERADM page (either http://www.sun.ac.za/password or www.sun.ac.za/useradm and change your password immediately.)

Make sure the new password is completely different and is a strong password that will not be easily guessed, as well as changing the passwords on your social media and private e-mail accounts, especially if you use the same passwords on these accounts. Contact the IT HelpDesk if you are still unsure.

[ARTICLE BY DAVID WILES]

Email

Posted in E-mail, News, Security | Comments Off on Warning: Sextortion scam

Phasing out of generic IT email addresses

Wednesday, October 7th, 2020

Until now we have used a selection of generic email addresses for enquiries from staff and students. In previous years these mailboxes were attended to manually, but in recent years, with the implementation of the ICT Partner Portal, they have been set up to automatically log a request.

For example, if you emailed quote@sun.ac.za to enquire about hardware components, your email would automatically log a request for information on your name on our platform. Likewise, if you emailed help@sun.ac.za to contact the IT Service Desk, it would log a request on your name. 

However, soon this will no longer be the case. These generic addresses will be phased out gradually and the only way of requesting a service or information will be to log a request on the ICT Partner Portal. (Also see our FAQs on logging a request)

Above mentioned applies to the following email addresses:

help@sun.ac.za
helpinfo@sun.ac.za
software@sun.ac.za
quote@sun.ac.za
student@sun.ac.za
telecom@sun.ac.za
students@sun.ac.za
itkursus@sun.ac.za
ittd@sun.ac.za
portalhelp@sun.ac.za
pbk@sun.ac.za
csirt@sun.ac.za
soc@sun.ac.za
ithub@sun.ac.za

If you have any enquiries please log a request on our ICT Partner Portal.

Email

Posted in E-mail, General, Notices | Comments Off on Phasing out of generic IT email addresses

Unsubscribe from Cortana notifications

Wednesday, August 5th, 2020

Recently Microsoft activated an automatic status update which is sent to students and staff. According to the company new Microsoft 365 experiences, such as the Briefing email and Play My Emails, were enabled using Cortana enterprise services. These features are currently available for Stellenbosch University staff and students.

However, you can unsubscribe from these emails by clicking unsubscribe at the bottom of the email or unsubscribe at https://cortana.office.com/

Email

Posted in E-mail, General | Comments Off on Unsubscribe from Cortana notifications

Phishing scam from a forged email

Thursday, May 14th, 2020

We are almost all in lock down and less careful with cyber security. The scammers know this and are launching numerous attacks taking advantage of the “work-from-home” situation we find ourselves in. A number of personnel have reported getting e-mails from “Prof. Jimmy Volmink” asking for assistance and are not spotting the tell-tale signs of a phishing scam.

Here is the mail:

  1. Notice that although it looks like Prof Volmink sent it, the email address is not correct.
  2.  Secondly Prof Jimmy is a very approachable person, but he is always professional in his communication so he would never say “Are you free for now”. Nor would he say something like this: (if you did respond to his mail)
    “I am currently in a meeting and I don’t know when the meeting will round off. I would have called you but phone is not allowed. I will want you to handle something for me right away and I will be glad if you can do that for me as soon as possible”.

This is a spear-phishing attack where an institution is directly attacked by impersonating prominent or public figures within the university (like the Dean) to gain access to the university network. This is an especially effective means of attack with everybody at home in lock down, where our guard is down and we are more relaxed. There was a very similar attack in September 2019, using the same tactics.  

Prof Volmink’s account has not been compromised. Phishers are just trying to fool us into thinking that prominent members in our leadership are emailing us asking for assistance, but they are not. It is a scam.

Over the next few days be on the lookout for similar mails that look like they coming from other people within the university.

If you do get mail like this be sure to report it to IT ASAP so they can block the attack and help people who have become victims.

Please immediately report such phishing scams and spam by reporting it on the ICT Partner Portal.​​

Go to https://servicedesk.sun.ac.za/jira/servicedesk/customer/portal/6/create/115.​​

Fill in your information and add the email as an attachment. Your request will automatically be logged on the system.​​

If you have accidentally clicked on the link and already given any personal details to the phishers it is vitally important that you immediately go to the USERADM page (either http://www.sun.ac.za/password  or www.sun.ac.za/useradm ) and change your password immediately. Make sure the new password is completely different, and is a strong password that will not be easily guessed, as well as changing the passwords on your social media and private e-mail accounts, especially if you use the same passwords on these accounts.

 

Email

Posted in E-mail, News, Notices, phishing, Security | Comments Off on Phishing scam from a forged email

Phishing attack from compromised staff account with attached “Secure Message”

Wednesday, May 6th, 2020

With most students and personnel all working from home during the national lockdown, and with the reduced security (and watchfulness) of home computers and personnel/students in their home environment, and with many forced to use unfamiliar means of communication and collaboration like Teams, Zoom, Skype and Skype For Business, the environment is ripe for exploitation by phishers.

The following e-mail (with an infected attachment) is making its rounds at the moment from  a staff email.

If you get an email that look like the following do not open or respond to it. It is quite likely that the personnel doesn’t even know his account is compromised.

Please be careful when opening up attachments “sent” by colleagues especially if they are unannounced or the e-mail makes you feel a bit suspicious. Always trust your instincts.

Email

Posted in E-mail, News, phishing, Security | Comments Off on Phishing attack from compromised staff account with attached “Secure Message”

« Older Entries
Newer Entries »
 

© 2013-2024 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.