%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> /XObject << /I1 24 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text /ImageC ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20250725070706+00'00') /ModDate (D:20250725070706+00'00') /Title (Report 07-2025) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 12 0 R 14 0 R 16 0 R 18 0 R 20 0 R 22 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 4042 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 291.236 521.469 455.498 re f 0.773 0.773 0.773 RG 0.75 w 0 J [ ] 0 d 45.641 291.611 520.719 454.748 re S 0.773 0.773 0.773 rg 61.016 306.986 m 550.984 306.986 l 550.984 307.736 l 61.016 307.736 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(REMEMBER TO CHECK YOUR JUNK EMAIL FOLDER)] TJ ET 0.400 0.400 0.400 rg BT 61.016 664.909 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 664.909 Td /F3 9.0 Tf [(January 01,1970)] TJ ET BT 173.588 664.909 Td /F2 9.0 Tf [( by )] TJ ET BT 188.096 664.909 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 637.420 Td /F4 9.0 Tf [(To ensure that staff and students )] TJ ET BT 195.098 637.420 Td /F1 9.0 Tf [(aren't)] TJ ET BT 219.245 637.420 Td /F4 9.0 Tf [( exposed to malicious )] TJ ET BT 61.016 626.431 Td /F4 9.0 Tf [(phishing or spam emails our system administrators and security )] TJ ET BT 61.016 615.442 Td /F4 9.0 Tf [(team)] TJ ET 0.373 0.169 0.255 rg BT 81.023 615.442 Td /F4 9.0 Tf [( had to enable a stricter spam filter earlier this year as added )] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 81.023 614.291 m 325.130 614.291 l S BT 61.016 604.453 Td /F4 9.0 Tf [(protection.)] TJ ET 0.18 w 0 J [ ] 0 d 61.016 603.302 m 103.037 603.302 l S 0.153 0.153 0.153 rg BT 61.016 584.464 Td /F4 9.0 Tf [(A spam filter assigns every message, received and sent, a spam )] TJ ET BT 61.016 573.475 Td /F4 9.0 Tf [(confidence level based on the likelihood that the message is )] TJ ET BT 61.016 562.486 Td /F4 9.0 Tf [(spam. Depending on its level an inbound message may be )] TJ ET BT 61.016 551.497 Td /F4 9.0 Tf [(relayed directly to the user's Junk Email folder. The filter looks at )] TJ ET BT 61.016 540.508 Td /F4 9.0 Tf [(certain criteria contained in the email it rates, for example too )] TJ ET BT 61.016 529.519 Td /F4 9.0 Tf [(many hyperlinks or a suspicious file attached. Tweaking the filter )] TJ ET BT 61.016 518.530 Td /F4 9.0 Tf [(can be tricky we don't want you to miss important emails, but at )] TJ ET BT 61.016 507.541 Td /F4 9.0 Tf [(the same time it's our responsibility to protect you and all our staff )] TJ ET BT 61.016 496.552 Td /F4 9.0 Tf [(from harmful attacks.)] TJ ET BT 61.016 476.563 Td /F4 9.0 Tf [(For this reason, it's important that you regularly look in your Junk )] TJ ET BT 61.016 465.574 Td /F4 9.0 Tf [(Email folder in case the spam filter might have relayed it there.)] TJ ET BT 61.016 445.585 Td /F4 9.0 Tf [(The main purpose of Microsoft Outlook's Junk Email Filter helps )] TJ ET BT 61.016 434.596 Td /F4 9.0 Tf [(is to reduce unwanted email messages in your Inbox. Junk email, )] TJ ET BT 61.016 423.607 Td /F4 9.0 Tf [(also known as spam, is moved by the filter away to the Junk )] TJ ET BT 61.016 412.618 Td /F4 9.0 Tf [(Email folder. This is done at an institutional level by Microsoft \(as )] TJ ET BT 61.016 401.629 Td /F4 9.0 Tf [(mentioned above\), but you can also flag or "un"flag messages from a person or company as Junk email.)] TJ ET 0.373 0.169 0.255 rg BT 61.016 381.640 Td /F4 9.0 Tf [(How to change your spam filter's preferences.)] TJ ET 0.18 w 0 J [ ] 0 d 61.016 380.489 m 243.806 380.489 l S BT 61.016 370.651 Td /F4 9.0 Tf [(How to tag an email as junk mail.)] TJ ET 0.18 w 0 J [ ] 0 d 61.016 369.500 m 193.064 369.500 l S BT 61.016 359.662 Td /F4 9.0 Tf [(How to report spam or junk email to Microsoft.)] TJ ET 0.18 w 0 J [ ] 0 d 61.016 358.511 m 244.571 358.511 l S 0.153 0.153 0.153 rg BT 244.571 359.662 Td /F4 9.0 Tf [( \(downloadable PDF-document\))] TJ ET BT 61.016 339.673 Td /F4 9.0 Tf [(If you have any questions, please log a request on the )] TJ ET 0.373 0.169 0.255 rg BT 279.149 339.673 Td /F4 9.0 Tf [(ICT Partner Portal.)] TJ ET 0.18 w 0 J [ ] 0 d 279.149 338.522 m 354.173 338.522 l S 0.400 0.400 0.400 rg BT 61.016 321.184 Td /F2 9.0 Tf [(Posted in:E-mail,Notices,Tips | | With 0 comments)] TJ ET q 225.000 0 0 225.000 325.984 421.211 cm /I1 Do Q endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Annot /Subtype /Link /A 13 0 R /Border [0 0 0] /H /I /Rect [ 81.0227 614.6092 325.1297 623.7667 ] >> endobj 13 0 obj << /Type /Action /S /URI /URI (https://blogs.sun.ac.za/it/en/2020/03/additional-microsoft-security-for-email-activated/) >> endobj 14 0 obj << /Type /Annot /Subtype /Link /A 15 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 603.6202 103.0367 612.7777 ] >> endobj 15 0 obj << /Type /Action /S /URI /URI (https://blogs.sun.ac.za/it/en/2020/03/additional-microsoft-security-for-email-activated/) >> endobj 16 0 obj << /Type /Annot /Subtype /Link /A 17 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 380.8072 243.8057 389.9647 ] >> endobj 17 0 obj << /Type /Action /S /URI /URI (https://support.office.com/en-us/article/changing-the-level-of-protection-e89c12d8-9d61-4320-8c57-d982c8d52f6b) >> endobj 18 0 obj << /Type /Annot /Subtype /Link /A 19 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 369.8182 193.0637 378.9757 ] >> endobj 19 0 obj << /Type /Action /S /URI /URI (https://support.office.com/en-us/article/Video-Block-unwanted-mail-a3cda7e7-03ab-4188-9a9c-0f05e6a41e75) >> endobj 20 0 obj << /Type /Annot /Subtype /Link /A 21 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 358.8292 244.5707 367.9867 ] >> endobj 21 0 obj << /Type /Action /S /URI /URI (http://admin.sun.ac.za/Infoteg/dokumente/Report_junkmail.pdf) >> endobj 22 0 obj << /Type /Annot /Subtype /Link /A 23 0 R /Border [0 0 0] /H /I /Rect [ 279.1487 338.8402 354.1727 347.9977 ] >> endobj 23 0 obj << /Type /Action /S /URI /URI (http://servicedesk.sun.ac.za) >> endobj 24 0 obj << /Type /XObject /Subtype /Image /Width 300 /Height 300 /ColorSpace /DeviceRGB /Filter /DCTDecode /BitsPerComponent 8 /Length 7855>> stream JFIF,,ExifMM*C    !'"#%%%),($+!$%$C   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$,,"D !1A"Qaq2#5BRs6Sbr$&34Cc%t&!12AQ"qBRa ?R uh֏YdQ-n_m;.n=ܜ޾nSܠJ|wo>>\s""" """ """ """ """ """ """ ""lm.{Z7O8]4 k}_ϑ\󹐎]^|w;˓a;Xأ52Tc'wWUW i]^\ӇX;RmI$dv|A.0N,?hQUhnP&p98v.wSPm  0= e.վB Â`m)H[n]-7iBhh׌HAa""  }(mq={Ldw3Eh|22@-;;i_$m :[rg{=DYnr=z>>pb-SI%GuGzH+t)sv䪵Mq뺥|6@1 y^V;VQ\&tC2n޸#D#cgymZ.ofN\Ρ舢 7kUU+jOՖg85j-SHc8j^kE5C.Cp+׏ {xg'KFm*"#LָM#z|wp˭OS0!`$eVg<8`,)bX#کlOwtUH99/}ڗHh'MYz8LNw}ӗVԉCd/0v6+< 17 z*[ ܲtjM-TSs(+TGmF2؞`>^2v5kzK`{OY!\;LѷzlV&|{r״z"" """ """ """ "" 4 wS$AU ɤ2j}ўQ2=U霰{|6oY%N+89s$`8{ F|=+oNmNY*qN$˩.R~0)|k"cV>{Wu:_+UGUoa|' 2'ѹq.=5TOԒHl=jG[y:YQT6hGrmx>ʋ9iV<';_*gtދ?@K5猁汤XB湱C\Cs[xgn]1ßʴ/!Y \=; #o[ZUNJ3?=dעQFO #WMpvGaM*K6pd#q,VЏP>17.GxYp .,o<2+>Sn3\$X]SbU>J`bqf|qZ[P6#亂nϸ%c;41rFZ?==ߧf9VΘaT;cje!ɤJR^kM=:ݹMSqQ8pk9]XsNViI;f>7-xAue\ !ܶՂwseD@DDD@DDD@DDD@DD' VJm_.]|c/uY[\VҵQ 2(enq )M9;עq a SاsbWBbwt`.e%+g'g8' mU;?u)㥘:6y`YE|쬵2UO3'i9AgM/4 ښڗ"zK/ uqϓWӝhU$ c8ȎoSBa׶)$O q-WbS6\e彎P~BYmx7v]J 3[]AR%,;Р)Y4m9,A|oX'Y*˷߬|ۇ8sVeik+aXYUKG,w|zIvwQm穾x_XYn|H e7]acw? h=mM/8 nc yFFFOOj*_OSjM2ZN;mC$isCe}$drV3Gu;>+o_BRr@^GS8y(o|3SA΀Okn"+EEepa-c#أE$,hVwn\ї=0twS!&*inc' Ĩ+U. K 8d|qy1ӻ9f 26}MB7d/CjX੊ccËO5{XZᐩ@Whsw;{+\*3A ¬lP+P=m}{WYūg d$,H[2}{&'{Z0ҷ]XnT4Յ敷A+= ({iKVxUiBAxޭT10 G&gf?pߊFhGZ;VZOw5 ̢%20pwhzJttYVyܝ]=m#\;8fslVy2ϭ50tUc:9YcprF-+ LYJdF7 j2tR\঑DE|nY6x*|G* QǗ[k,w'淐!TF"AX_ڿZ҃Nbg?ڷi^iAn:F!U` 1GeoҚQ?S#끓Ug%U7Bxv+/i*ne|s7R@DDD@DDEoFlj]1_|G.kjϪ\wngrbG.gN+{{M-qi*x^al{{ji[4҃VҶiM(5M+'ap0ѡTfѼ+5*ژIJ=n8$0gX^B0Z*'޴E%E_"GwI%["4$-P+49ӿpxNț6+3] ˧ '\)i?F<_#˱k`ع96 DGj|۴ Ճ{`V]y:c-k7q }e h- )8p] gE}$qSkm*c-SCd\זU5[jKG";8ߐ\aS=f!JTf 8\+鄄apQ@DDD@QFIQFY/q;cۧ^A(=2hRjCopH^jMH0>_HZgw͟/۩_u4ӳ=*eO?H1zm録&wg|BũlmOkUt]H mO\*=I#WXaKn"zr[eªԲUkKDEpIy^9rwÆu8gJVC<xqw%j\;i(1<9mSč< 滷nf%U&|'I Oh_eKxwZA_p).T ,+tNTiH۫dtSAt_8$;qV]XpwqU 6Fzi{0>Čjh*cT:Va) Jm:6wY%r,<+~m=ƲeE۪Inv|aUj&Tgfc\={Z2I]rMJebL"퉄dxjSP|=hqX)(D`d-`1 6i {\BHZkMW; {Or6ݟ{-x\I|t4=LL`!7-ݽbv,I38Ij6vj*Y4o.S2Zqi]<텾:1miݻyNВ"T,SNl-o(Q4d5r(~(m6֌9,PDDD@^ajrZsObܮn dQK++ƌq5Ti*{i5 ))"xx-s{W^Ol ੗UAr tgO wLrO,Y^ 0V(gVշ3vpW^zG?9A׫;T#dݞ* > startxref 14748 %%EOF E-mail « Informasietegnologie
Language:
SEARCH
  • Recent Posts

  • Categories

  • Archives

E-mail

Warning: Phishing scams with fake invoices

Monday, October 1st, 2018

The nature of the university as an academic institution means that goods like books and academic journals are purchased by staff.

Phishing scammers will often exploit these purchases by either spoofing the e-mail addresses of well-known publishers or sending “invoices” that are infected with malware to fool people into divulging personal details like passwords and bank account details, or more seriously, infecting their victim’s computers with ransomware which encrypts the contents of the hard drive and demands a ransom to unlock access to the encrypted files.

Last week several colleagues reported that they were getting invoices from a journal publisher for books they allegedly purchased. An invoice for books purchased is usually attached.

Here is an example of the phishing scam:

Please keep an eye open for this threat over the next few days. We have been reading reports of a drastic increase in the incidents of ransomware infections targeting large institutions like universities. Keep on your toes, these criminals will never stop trying, because they catch their victims from the university so easily. Don’t become a victim. Fight them by reporting these scams to the IT CyberSecurity Team, and by spreading the news to your colleagues and classmates.

 If you have received mail that looks like this please immediately report it to the Information Technology Security Team using the following method: (especially if it comes from a university address) Once you have reported it, delete it or put it in your Junk Mail folder.

  1. Start up a new mail addressed to csirt@sun.ac.za, cc sysadm@sun.ac.za.
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

[ARTICLE BY DAVID WILES]

 

SARS phishing scam from sun email

Monday, August 13th, 2018

If you receive an email with the subject “SARS eFilings” from any university email account, do not respond or click on the link. This is not a legitimate email from SARS.

The suspicious email is being sent from compromised staff email accounts informing users that “An EMP Statement of Account for the tax payer listed below has been issued by SARS” and you “need to log into the google doc with your correct details to view the document”. (as shown in example below):

It is important that you help us by spreading the word, informing us about suspicious mails and letting your colleagues and friends know about the scams. You are our eyes and ears, and your input, information and questions are extremely valuable.

When you click on links and provide your information on phishing emails, criminals will be able to gain access to your personal information. If you clicked on the link of this phishing email, immediately go to the www.sun.ac.za/useradm website and change the passwords on all your university accounts.

Remember that once the phishers lose control of one compromised account they might simply move over to another account and they might also close the website they were using once it is blocked by us and would use another one that looks and acts in the same way. Currently, the phishers are servers in Europe to launch their attacks. This is a common tactic with a spear-phishing attack such as this. 

To help us, please:

  • continue to watch out for mail like or similar to this and do NOT respond to it, click on links or provide your email address username or password
  • report the new phishing mail to the correct e-mail addresses of Information Technology Cyber Security using the method added to the bottom of this post
  • remember, just because a mail comes from a “student” or a “personnel” e-mail address and has university branding does not mean in any way that it is legitimate

If you have received mail that looks like this please immediately report it to the Information Technology Security Team using the following method: (especially if it comes from a university address)

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

For more information on reporting and combating phishing and spam: https://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

[Information supplied by David Wiles]

 

Before you resign or retire …

Tuesday, July 31st, 2018

You’ve packed up your office, said goodbye to your colleagues and you are ready for your new job. But what happens to your sun email address, your data or any electronic services you used while working at Stellenbosch University? We have a few tips and instructions. 

As soon as your active role as staff expires, all your electronic services also terminate. This process is necessary to maintain a healthy and secure network and to ensure that unused, dormant accounts are not used for nefarious purposes by cybercriminals.

In other words, from the date when your service at SU is terminated, you no longer have an active role at the university and you can no longer use university services. In this event, you will receive an email from helpinfo@sun.ac.za informing you that your username will expire.

To ensure that you are prepared in advance, we also suggest you do the following at least three months before you leave the university:

  1. Create a new email address for yourself (if you don’t have one already) There are various options, for example, Gmail or Yahoo.
  2. Activate your Out of Office function on you sun.ac.za Outlook mailbox and indicate in the message what your new email address is, in case someone needs to contact you. 
  3. If you use your @sun address for your banking, Facebook, DSTV or iCloud accounts or any other services or social media, change it to your new email address. We would also like to urge you to keep your work-related and private emails separate. Rather create a private email address for your personal correspondence.
  4. If you have any personal data on your electronic work devices or network storage (G: or H: drive), remove it and store it on your own external hard drive or online cloud storage, for example, Google Drive or OneDrive
  5. Make sure that your relevant work-related data is accessible for further usage by your colleagues and the university after you leave. However, do NOT give your password to colleagues when you leave the university as this poses a security risk.
  6. If you need any assistance, contact Information Technology and one of our technicians can assist you.

Students who are graduating or terminating their studies can find the necessary information on this pamphlet compiled by the IT HUB.

Warning: Phishing scam exploiting ABSA new logo

Tuesday, July 17th, 2018

Many of you use ABSA as your bank of choice, as well as making use of ABSA Bank’s Internet Banking facilities, so this warning might be of particular significance.

Earlier this month ABSA announced a new logo – part of its rebranding campaign – and almost immediately phishing scammers exploited this opportunity to continue their nefarious campaign of identity theft through phishing email attacks.

Several users have reported getting the following email – allegedly from ABSA – taking advantage of the new logo to target the bank’s customers in a phishing email scam by attempting to trick users to click on a link to take them to a fake website.

The scam email states that it comes from Absa CEO Maria Ramos, but it’s actually from an outside source and informs victims that “today marks a very significant day in the Absa journey”. The email uses Absa’s slogan, saying “We are also launching a new, fresh and vibrant Absa logo and identity that reflects our commitment to you, our customers”. Potential victims are then encouraged to click on their “New Absa eStatements” in PDF format. This is not a statement, but an HTML file which takes users to a phishing website.

Here is one example of the phishing e-mail which has already appeared in several University email accounts, as well as personal home email accounts:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

As always, you should never respond to a suspicious looking email or message or click on a link in any suspicious looking email. Rather delete the email. No South African bank will ever contact customers and request sensitive information (card PIN, card CVV or online banking password) via email, telephone or SMS.

If you have received a phishing email, immediately report it to the Information Technology CyberSecurity Team using the following method:
 
1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
2. Use the Title “SPAM” (without quotes) in the Subject.
3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:
If you did click on the link of a phishing spam and unwittingly gave the scammers your username, email address and password  immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different and is a strong password that will not be easily guessed.), as well as changing the passwords on your social media and private email accounts (especially if you use the same passwords on these accounts.)
 
Useful information on how to report and combat phishing and spam can also be found on our blog

[ARTICLE BY DAVID WILES]

Phishing attempt from SUN email address

Monday, June 25th, 2018

If you receive an email with the subject “Mailbox” or “Urgent Alert !!” from a university account, do not respond to it or click on the link. This is not a legitimate email from Information Technology.

We have received reports that a suspicious email is being sent out from a university account informing users that their email has exceeded its storage limit and they have to click on a link to “avoid blockage or deactivation”(As shown in example)

If you follow the link and give your information, it will be used by phishing criminals to gain access to your personal information, including your bank details. If you did click on the link of this phishing email, immediately go to the www.sun.ac.za/useradm website and change the passwords on all your university accounts.

If you have any inquiries, please let us know by logging a request or calling our Service Desk at 808 4367. 

 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.