%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20250719005603+00'00') /ModDate (D:20250719005603+00'00') /Title (Report 07-2025) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Contents 7 0 R >> endobj 7 0 obj << /Length 6801 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 125.618 521.469 621.116 re f 0.773 0.773 0.773 RG 0.75 w 0 J [ ] 0 d 45.641 125.993 520.719 620.366 re S 0.773 0.773 0.773 rg 61.016 141.368 m 550.984 141.368 l 550.984 142.118 l 61.016 142.118 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(WARNING: SEXTORTION SCAM)] TJ ET 0.400 0.400 0.400 rg BT 61.016 664.909 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 664.909 Td /F3 9.0 Tf [(January 02,2021)] TJ ET BT 173.588 664.909 Td /F2 9.0 Tf [( by )] TJ ET BT 188.096 664.909 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 637.420 Td /F4 9.0 Tf [(There is a "sextortion" email making the rounds at the moment and with many personnel and students still working )] TJ ET BT 61.016 626.431 Td /F4 9.0 Tf [(andstudying from home, many are concerned about the risks.)] TJ ET BT 61.016 615.442 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 604.453 Td /F4 9.0 Tf [("The device has been successfully hacked" is a new ‘sextortion’ email scam for 2021. This email scam, like most )] TJ ET BT 61.016 593.464 Td /F4 9.0 Tf [(sextortion scams, relies on “social engineering”, a process through which the scammers induce shame, panic or guilt. The )] TJ ET BT 61.016 582.475 Td /F4 9.0 Tf [(scammers \(the authors of the email\) claim that they obtained material compromising the user \(because of a computer )] TJ ET BT 61.016 571.486 Td /F4 9.0 Tf [(hack, email account hack, router hack, etc\) and threaten to publish it if the ransom is not paid. None these claims are true )] TJ ET BT 61.016 560.497 Td /F4 9.0 Tf [(in any way; they are just deception.)] TJ ET BT 61.016 549.508 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 538.519 Td /F4 9.0 Tf [(The “The device has been successfully hacked” email message says that someone successfully hacked the recipient’s )] TJ ET BT 61.016 527.530 Td /F4 9.0 Tf [(device and monitored it for a long time. The hacker claims that this was made possible by a virus installed on the device )] TJ ET BT 61.016 516.541 Td /F4 9.0 Tf [(when the user visited the adult site. Using this virus, the hacker was able to record a video that compromises the user, and )] TJ ET BT 61.016 505.552 Td /F4 9.0 Tf [(gained access to the user’s personal contacts, instant messengers, and social networks. If the recipient pays $1300 in )] TJ ET BT 61.016 494.563 Td /F4 9.0 Tf [(Bitcoin, the hacker promises to delete all the data. Next, the scam email contains the bitcoin address to which the ransom )] TJ ET BT 61.016 483.574 Td /F4 9.0 Tf [(should be transferred. This email is just a sextortion scam, and all the statements are fake. )] TJ ET BT 61.016 472.585 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 461.596 Td /F4 9.0 Tf [(What to do when you receive the "The device has been successfully hacked" SCAM: )] TJ ET 0.153 0.153 0.153 RG 85.866 444.423 m 85.866 444.835 85.696 445.245 85.404 445.537 c 85.113 445.828 84.703 445.998 84.291 445.998 c 83.878 445.998 83.469 445.828 83.177 445.537 c 82.885 445.245 82.716 444.835 82.716 444.423 c 82.716 444.011 82.885 443.601 83.177 443.309 c 83.469 443.018 83.878 442.848 84.291 442.848 c 84.703 442.848 85.113 443.018 85.404 443.309 c 85.696 443.601 85.866 444.011 85.866 444.423 c f BT 91.016 441.607 Td /F4 9.0 Tf [(Do not panic.)] TJ ET 85.866 433.434 m 85.866 433.846 85.696 434.256 85.404 434.548 c 85.113 434.839 84.703 435.009 84.291 435.009 c 83.878 435.009 83.469 434.839 83.177 434.548 c 82.885 434.256 82.716 433.846 82.716 433.434 c 82.716 433.022 82.885 432.612 83.177 432.320 c 83.469 432.029 83.878 431.859 84.291 431.859 c 84.703 431.859 85.113 432.029 85.404 432.320 c 85.696 432.612 85.866 433.022 85.866 433.434 c f BT 91.016 430.618 Td /F4 9.0 Tf [(Do not pay a ransom.)] TJ ET 85.866 422.445 m 85.866 422.857 85.696 423.267 85.404 423.559 c 85.113 423.850 84.703 424.020 84.291 424.020 c 83.878 424.020 83.469 423.850 83.177 423.559 c 82.885 423.267 82.716 422.857 82.716 422.445 c 82.716 422.033 82.885 421.623 83.177 421.331 c 83.469 421.040 83.878 420.870 84.291 420.870 c 84.703 420.870 85.113 421.040 85.404 421.331 c 85.696 421.623 85.866 422.033 85.866 422.445 c f BT 91.016 419.629 Td /F4 9.0 Tf [(If there’s a link in the scam email, do not click it, otherwise you might unwittingly install malware or ransomware on )] TJ ET BT 91.016 408.640 Td /F4 9.0 Tf [(your computer.)] TJ ET BT 61.016 388.651 Td /F4 9.0 Tf [(The mail will come from several e-mail addresses, which might very from user to user. Scammers use thousands of "throw-)] TJ ET BT 61.016 377.662 Td /F4 9.0 Tf [(away" e-mail addresses to send out these scams.)] TJ ET BT 61.016 366.673 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 355.684 Td /F4 9.0 Tf [(If you do get such an e-mail use one of the two methods below to report it to IT Cyber Security as soon as possible. This )] TJ ET BT 61.016 344.695 Td /F4 9.0 Tf [(way IT can filter and block the senders)] TJ ET 0.592 0.592 0.592 rg 0.592 0.592 0.592 RG 305.016 337.997 m 306.516 337.997 l 305.766 337.247 l 305.766 337.247 l f 1.000 1.000 1.000 rg 1.000 1.000 1.000 RG 305.016 335.747 m 306.516 335.747 l 305.766 336.497 l 305.766 336.497 l f 306.516 337.997 m 306.516 335.747 l 305.766 336.497 l 305.766 337.247 l f 0.592 0.592 0.592 rg 0.592 0.592 0.592 RG 305.016 337.997 m 305.016 335.747 l 305.766 336.497 l 305.766 337.247 l f 0.153 0.153 0.153 rg BT 61.016 317.956 Td /F1 9.0 Tf [(By reporting it on the ICT Partner Portal.??)] TJ ET BT 61.016 297.967 Td /F4 9.0 Tf [(Go to https://servicedesk.sun.ac.za/jira/servicedesk/customer/portal/6/create/115. )] TJ ET BT 61.016 277.978 Td /F4 9.0 Tf [(Fill in your information and add the email as an attachment. Your request will automatically be logged on the system.??)] TJ ET BT 61.016 257.989 Td /F4 9.0 Tf [(If you have accidentally responded to the phisher and already provided them with your personal details, it is vitally )] TJ ET BT 61.016 247.000 Td /F4 9.0 Tf [(important that you immediately go to the USERADM page \(either http://www.sun.ac.za/password or )] TJ ET BT 61.016 236.011 Td /F4 9.0 Tf [(www.sun.ac.za/useradm and change your password immediately.\))] TJ ET BT 61.016 216.022 Td /F4 9.0 Tf [(Make sure the new password is completely different and is a strong password that will not be easily guessed, as well as )] TJ ET BT 61.016 205.033 Td /F4 9.0 Tf [(changing the passwords on your social media and private e-mail accounts, especially if you use the same passwords on )] TJ ET BT 61.016 194.044 Td /F4 9.0 Tf [(these accounts. Contact the IT HelpDesk if you are still unsure.)] TJ ET BT 432.949 174.055 Td /F4 9.0 Tf [([ARTICLE BY DAVID WILES])] TJ ET 0.400 0.400 0.400 rg BT 61.016 155.566 Td /F2 9.0 Tf [(Posted in:E-mail,News,Security | | With 0 comments)] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj xref 0 12 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000305 00000 n 0000000334 00000 n 0000000472 00000 n 0000000535 00000 n 0000007388 00000 n 0000007500 00000 n 0000007615 00000 n 0000007735 00000 n trailer << /Size 12 /Root 1 0 R /Info 5 0 R >> startxref 7843 %%EOF E-mail « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

E-mail

« Older Entries
Newer Entries »

Warning: Phishing scams with fake invoices

Monday, October 1st, 2018

The nature of the university as an academic institution means that goods like books and academic journals are purchased by staff.

Phishing scammers will often exploit these purchases by either spoofing the e-mail addresses of well-known publishers or sending “invoices” that are infected with malware to fool people into divulging personal details like passwords and bank account details, or more seriously, infecting their victim’s computers with ransomware which encrypts the contents of the hard drive and demands a ransom to unlock access to the encrypted files.

Last week several colleagues reported that they were getting invoices from a journal publisher for books they allegedly purchased. An invoice for books purchased is usually attached.

Here is an example of the phishing scam:

Please keep an eye open for this threat over the next few days. We have been reading reports of a drastic increase in the incidents of ransomware infections targeting large institutions like universities. Keep on your toes, these criminals will never stop trying, because they catch their victims from the university so easily. Don’t become a victim. Fight them by reporting these scams to the IT CyberSecurity Team, and by spreading the news to your colleagues and classmates.

 If you have received mail that looks like this please immediately report it to the Information Technology Security Team using the following method: (especially if it comes from a university address) Once you have reported it, delete it or put it in your Junk Mail folder.

  1. Start up a new mail addressed to csirt@sun.ac.za, cc sysadm@sun.ac.za.
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

[ARTICLE BY DAVID WILES]

 

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on Warning: Phishing scams with fake invoices

SARS phishing scam from sun email

Monday, August 13th, 2018

If you receive an email with the subject “SARS eFilings” from any university email account, do not respond or click on the link. This is not a legitimate email from SARS.

The suspicious email is being sent from compromised staff email accounts informing users that “An EMP Statement of Account for the tax payer listed below has been issued by SARS” and you “need to log into the google doc with your correct details to view the document”. (as shown in example below):

It is important that you help us by spreading the word, informing us about suspicious mails and letting your colleagues and friends know about the scams. You are our eyes and ears, and your input, information and questions are extremely valuable.

When you click on links and provide your information on phishing emails, criminals will be able to gain access to your personal information. If you clicked on the link of this phishing email, immediately go to the www.sun.ac.za/useradm website and change the passwords on all your university accounts.

Remember that once the phishers lose control of one compromised account they might simply move over to another account and they might also close the website they were using once it is blocked by us and would use another one that looks and acts in the same way. Currently, the phishers are servers in Europe to launch their attacks. This is a common tactic with a spear-phishing attack such as this. 

To help us, please:

  • continue to watch out for mail like or similar to this and do NOT respond to it, click on links or provide your email address username or password
  • report the new phishing mail to the correct e-mail addresses of Information Technology Cyber Security using the method added to the bottom of this post
  • remember, just because a mail comes from a “student” or a “personnel” e-mail address and has university branding does not mean in any way that it is legitimate

If you have received mail that looks like this please immediately report it to the Information Technology Security Team using the following method: (especially if it comes from a university address)

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

For more information on reporting and combating phishing and spam: https://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

[Information supplied by David Wiles]

 

Email

Posted in E-mail, phishing, Security | Comments Off on SARS phishing scam from sun email

Before you resign or retire …

Tuesday, July 31st, 2018

You’ve packed up your office, said goodbye to your colleagues and you are ready for your new job. But what happens to your sun email address, your data or any electronic services you used while working at Stellenbosch University? We have a few tips and instructions. 

As soon as your active role as staff expires, all your electronic services also terminate. This process is necessary to maintain a healthy and secure network and to ensure that unused, dormant accounts are not used for nefarious purposes by cybercriminals.

In other words, from the date when your service at SU is terminated, you no longer have an active role at the university and you can no longer use university services. In this event, you will receive an email from helpinfo@sun.ac.za informing you that your username will expire.

To ensure that you are prepared in advance, we also suggest you do the following at least three months before you leave the university:

  1. Create a new email address for yourself (if you don’t have one already) There are various options, for example, Gmail or Yahoo.
  2. Activate your Out of Office function on you sun.ac.za Outlook mailbox and indicate in the message what your new email address is, in case someone needs to contact you. 
  3. If you use your @sun address for your banking, Facebook, DSTV or iCloud accounts or any other services or social media, change it to your new email address. We would also like to urge you to keep your work-related and private emails separate. Rather create a private email address for your personal correspondence.
  4. If you have any personal data on your electronic work devices or network storage (G: or H: drive), remove it and store it on your own external hard drive or online cloud storage, for example, Google Drive or OneDrive
  5. Make sure that your relevant work-related data is accessible for further usage by your colleagues and the university after you leave. However, do NOT give your password to colleagues when you leave the university as this poses a security risk.
  6. If you need any assistance, contact Information Technology and one of our technicians can assist you.

Students who are graduating or terminating their studies can find the necessary information on this pamphlet compiled by the IT HUB.

Email

Posted in E-mail, General, Tips | Comments Off on Before you resign or retire …

Warning: Phishing scam exploiting ABSA new logo

Tuesday, July 17th, 2018

Many of you use ABSA as your bank of choice, as well as making use of ABSA Bank’s Internet Banking facilities, so this warning might be of particular significance.

Earlier this month ABSA announced a new logo – part of its rebranding campaign – and almost immediately phishing scammers exploited this opportunity to continue their nefarious campaign of identity theft through phishing email attacks.

Several users have reported getting the following email – allegedly from ABSA – taking advantage of the new logo to target the bank’s customers in a phishing email scam by attempting to trick users to click on a link to take them to a fake website.

The scam email states that it comes from Absa CEO Maria Ramos, but it’s actually from an outside source and informs victims that “today marks a very significant day in the Absa journey”. The email uses Absa’s slogan, saying “We are also launching a new, fresh and vibrant Absa logo and identity that reflects our commitment to you, our customers”. Potential victims are then encouraged to click on their “New Absa eStatements” in PDF format. This is not a statement, but an HTML file which takes users to a phishing website.

Here is one example of the phishing e-mail which has already appeared in several University email accounts, as well as personal home email accounts:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

As always, you should never respond to a suspicious looking email or message or click on a link in any suspicious looking email. Rather delete the email. No South African bank will ever contact customers and request sensitive information (card PIN, card CVV or online banking password) via email, telephone or SMS.

If you have received a phishing email, immediately report it to the Information Technology CyberSecurity Team using the following method:
 
1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
2. Use the Title “SPAM” (without quotes) in the Subject.
3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:
If you did click on the link of a phishing spam and unwittingly gave the scammers your username, email address and password  immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different and is a strong password that will not be easily guessed.), as well as changing the passwords on your social media and private email accounts (especially if you use the same passwords on these accounts.)
 
Useful information on how to report and combat phishing and spam can also be found on our blog

[ARTICLE BY DAVID WILES]

Email

Tags: , , ,
Posted in E-mail, phishing, Security | Comments Off on Warning: Phishing scam exploiting ABSA new logo

Phishing attempt from SUN email address

Monday, June 25th, 2018

If you receive an email with the subject “Mailbox” or “Urgent Alert !!” from a university account, do not respond to it or click on the link. This is not a legitimate email from Information Technology.

We have received reports that a suspicious email is being sent out from a university account informing users that their email has exceeded its storage limit and they have to click on a link to “avoid blockage or deactivation”(As shown in example)

If you follow the link and give your information, it will be used by phishing criminals to gain access to your personal information, including your bank details. If you did click on the link of this phishing email, immediately go to the www.sun.ac.za/useradm website and change the passwords on all your university accounts.

If you have any inquiries, please let us know by logging a request or calling our Service Desk at 808 4367. 

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on Phishing attempt from SUN email address

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.