Language:
SEARCH
  • Recent Posts

  • Categories

  • Archives

E-mail

Use of sun email for commercial purposes

Tuesday, February 5th, 2019

As staff and students of the University, we use our sun emails every day. But did you know that every year when you reactivate your account, you also agree to the Electronic Communication Policy? 

The ECP explains the acceptable and unacceptable use of the University’s electronic communication facilities, which include the internet and email. (read the full ECP policy here) According to the ECP, point 3.1.3: “The User shall be responsible for using the Facilities only for the purpose for which the User has been authorised.” 

IT facilities and resources are provided to advance the mission of the University. This includes learning, teaching, research, knowledge transfer, public outreach, the commercial activities of the University, or the administration necessary to support all of the above.

The email system is to be used for legitimate institutional purposes only, therefore the use of IT facilities for non-University commercial purposes, or for personal gain, is a violation of this policy.  You may not use the IT Facilities to advertise any trade, service or profession not endorsed by the University. 

Unfortunately, it’s come under our attention that some staff use their sun email address to distribute information regarding beauty products, Tupperware, etc. and acting as agent for the sale of these products. Any bulk unsolicited mail or commercial advertising of other businesses are not allowed on the University network.

If you need to send personal emails, rather consider getting a free email account, for example, Gmail. Separating your business and personal activities is also better security practice in the long run and will protect you and the University network. However, if you use your sun address for personal activities, keep in mind that the University owns any communication sent via email. If needed, University management has the right to access any material in your email or on your computer.  

Phishing attempt: “SARS eFiling Letter notification”

Thursday, January 31st, 2019

An email with the subject “SARS eFiling Letter Notification” was sent from a staff email to staff and students on campus. The email asks you to click on a link to download your SARS documents (See example below)

This is not a legitimate SARS email, but a phishing attempt from a compromised sun email account.

SARS will never ask you to provide any personal information by means of email. By clicking on links and providing your information, you give criminals access to your personal information and your accounts.

If you clicked on the link in this phishing email, immediately change your password on www.sun.ac.za/password. For enquiries contact the IT Service Desk by logging a request or calling 808 4367. More information on phishing is available on our blog and Twitter.

Click for a larger version.

SARS phishing scam

Wednesday, January 30th, 2019

Please be on the lookout for the next phishing attack on the university network. This time (as occurred several times in 2018) it comes with a subject of “SARS eFiling Letter Notification”

This is an obvious phishing scam using a website to attempt to steal your login details.

  1. SARS will not send you an email with the salutation: “Dear Tax Payer”, they’ll address you personally.
  2. The sender is a compromised email address from an estate agent in Pretoria and not a SARS email address.
  3. The link takes you to a site that is not the SARS eFiling Server address.
  4. Apart from department admin who deals with SARS directly, university email addresses are not (and should not be) used for SARS communication.

Here is an example of the email that several of our observant colleagues and students have already reported:

Here is the phishing website that will attempt to steal your login details:

If you receive an email like this, please report it to IT Cyber Security as soon as possible.

Once you have reported the spam or phishing mail, you can delete it immediately. You can report this in two ways:

  1. By reporting it on the ICT Partner Portal. Go to https://servicedesk.sun.ac.za/jira/servicedesk/customer/portal/6/create/115. Fill in your information and add the email as an attachment. Your request will automatically be logged on the system.
  2. By sending an email. 
    1. Start up a new mail addressed to csirt@sun.ac.za.
    2. Use the Title “SPAM” (without quotes) in the Subject.
    3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the – New Mail.
    4. Send the mail.

[ARTICLE BY DAVID WILES]

Feedback on Office365 outage

Friday, January 25th, 2019

On Thursday, 24 January, from 10:30 to 22:00 Outlook users across large parts of the world were left without email. A major outage affecting, among others, South Africa, South America and Europe was caused by a technical problem at one of Microsoft’s data centres in Europe. 

Subsequently, all Stellenbosch University staff could also not access their email. Connectivity to Microsoft Exchange was restored Thursday evening late and staff and students were able to access their emails again. For a full report from Microsoft on the incident, click here 

Keep in mind that cybercriminals could use incidents like these to launch attacks on email users. Neither Microsoft, not IT will ever ask you to reactivate your Microsoft account or divulge personal details.

Please take note that, in instances where email is unavailable, our Twitter feed will be used as the main communication channel and the latest updates will be posted on the feed. For any inquiries please contact the IT Service Desk at 021 808 4367 or log a request on the ICT Partner Portal.

Warning: Phishing scams with fake invoices

Monday, October 1st, 2018

The nature of the university as an academic institution means that goods like books and academic journals are purchased by staff.

Phishing scammers will often exploit these purchases by either spoofing the e-mail addresses of well-known publishers or sending “invoices” that are infected with malware to fool people into divulging personal details like passwords and bank account details, or more seriously, infecting their victim’s computers with ransomware which encrypts the contents of the hard drive and demands a ransom to unlock access to the encrypted files.

Last week several colleagues reported that they were getting invoices from a journal publisher for books they allegedly purchased. An invoice for books purchased is usually attached.

Here is an example of the phishing scam:

Please keep an eye open for this threat over the next few days. We have been reading reports of a drastic increase in the incidents of ransomware infections targeting large institutions like universities. Keep on your toes, these criminals will never stop trying, because they catch their victims from the university so easily. Don’t become a victim. Fight them by reporting these scams to the IT CyberSecurity Team, and by spreading the news to your colleagues and classmates.

 If you have received mail that looks like this please immediately report it to the Information Technology Security Team using the following method: (especially if it comes from a university address) Once you have reported it, delete it or put it in your Junk Mail folder.

  1. Start up a new mail addressed to csirt@sun.ac.za, cc sysadm@sun.ac.za.
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

[ARTICLE BY DAVID WILES]

 

 

© 2013-2024 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.