Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

E-mail

« Older Entries
Newer Entries »

Phishing e-mail with deceptive subject “IT ADMIN”

Tuesday, April 10th, 2018

Several observant colleagues and some students have reported a number of phishing emails being sent (usually in pairs) from a university account in the United Kingdom. The subject is “IT ADMIN” with no salutation or any other information other than “You have a pending message click here to read”.

With some students still on their autumn break and many colleagues only returning this week from the short school holiday, mailboxes have filled up full, voicemails and Skype 4 Business voice messages might have been left and some might be fooled into thinking that a message from “IT ADMIN” *might* be important.

This is a common tactic used by phishing scammers to attempt to con their victims into giving their usernames and passwords.

Many phishing emails use short and cryptic messages to instil a sense of urgency to scare users into doing the attackers’ bidding. In this case, a short mail about a mysterious “pending message” requires the victims to click on a link in order to retrieve the message. In actuality, the link leads to a fake login page designed to collect the user’s login credentials and deliver them to the attackers.

You should always inspect all URLs carefully to see if they redirect to an unknown website – this scam links to weebly.com. Also look out for generic salutations, grammar mistakes, and spelling errors scattered throughout the email. There are several in this mail.

It is no coincidence that a compromised UK university email address has been used. Large institutions like universities, with large numbers of students and personnel, are always a challenge to protect and are choice targets for phishing attacks.

In the same way, some Stellenbosch University students and personnel are fooled by the scam and give the scammers their passwords and login details by filling them in on the fake login page. The original email account is discarded by the scammers and compromised Stellenbosch University accounts might be used. This has happened several times before.

So, do not be surprised if later this week there is a fresh breakout of these “pending message” mails from “IT ADMIN” but this time coming from Stellenbosch University student or personnel accounts. It is very important to report this to the IT Cyber Security team.

If you have received mail that looks like this, please immediately report it by sending the spam/phishing mail to help@sun.ac.za
and sysadm@sun.ac.za. 

Attach the phishing or suspicious mail on to the message if possible.
1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
2. Use the Title “SPAM” (without quotes) in the Subject.
3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
4. Send the mail.

[Article by David Wiles]

Email

Tags:
Posted in E-mail, phishing | Comments Off on Phishing e-mail with deceptive subject “IT ADMIN”

Forgot to reactivate?

Tuesday, April 3rd, 2018

To have access to internet, email and any other network service, you need to reactivate your username annually. If you haven’t reactivated for 2018, your access will have expired on 4 April. What do you do now?

  1. You will not be able to access the network from your devices. In order to reactivate, use a colleague’s PC or laptop.
  2. Browse to the following address: www.sun.ac.za/useradm.
  3. You will see three options:
    Sign on 
    Forgot password
    Reactivate expired username

    Select Reactivate expired username.

4. You will be asked to sign in with your username and ID number or Passport number. See example below.

5. After signing in, you will see a list of options for your username, as well as the appropriate cost points options. 

6. Select the usernames you want to activate and fill in the correct cost point. This is very important. Rather make sure which cost point you should use from your department’s financial officer. If it’s incorrect it will result in a delay of your activation. 

7. Your request for activation will be forwarded to your cost centre manager. 

8. As soon as they approve it, you will have access to the SU network again.

 

 

Email

Tags: ,
Posted in E-mail, Internet | Comments Off on Forgot to reactivate?

“Cryptocurrency” scam email

Wednesday, March 28th, 2018

Please be aware of a  scam making the rounds since yesterday.

It is a “Crypto-currency” (bitcoin) scam that comes in the form of an e-mail from an unknown sender (currently an address from name@dacfinance.online). It will look like this:

 

 

Hi, how are you?
I hope you are okay

 I’ve been trying to reach you for the past couple of days.

Something MAJOR is happening in the trading world and I want you to know about it.

>> Check this with your email somebody@sun.ac.za

 Are you ready for that kind of spending power?

Many people already started to trade cryptocurrencies, BitCoin and LiteCoin.

Join now to our Group!

 To your success,
Some Name
 DAC Finance

cryptocurrency.website address

 

 

This is a sneaky attempt to defraud users seeking an opportunity to invest in Bitcoins (crypto-currency). The website you are taken to is filled with fake testimonials, inflated bank account numbers, exaggerated claims of easy money and various other lies and fabrications. The software that you would be asked to install is fake and will compromise security on your computer and be used to send spam. Furthermore, victims will have to pay anything up to $250 to join the “investment” scheme and the only thing that will happen is that you will be $250 poorer. Here is an example of the website page:

Do not respond to this mail or be tempted to join this scheme. The fact that university e-mail addresses reused and the claims look legitimate should rather be a warning.

As always if you have received mail that looks like this, please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to help@sun.ac.za and sysadm@sun.ac.za.
Attach the phishing or suspicious mail on to the message if possible.
1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
2. Use the Title “SPAM” (without quotes) in the Subject.
3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
4. Send the mail.

[Article by David Wiles]

Email

Tags: , ,
Posted in E-mail, Security | Comments Off on “Cryptocurrency” scam email

Phishing email with subject: “ DO NOT IGNORE THE WARNING”

Thursday, March 15th, 2018

Several staff are receiving a “threatening” e-mail with the subject “<your email address> DO NOT IGNORE THE WARNING”

Your e-mail address will be inserted at the begining of the message, and then proceeds to inform you about your account being used for “spam activities” and that it will be blacklisted and permanently suspended.

Here is an example of the mail (with all the dangerous stuff removed)

If you are fooled into clicking on the link, you will be taken to a website (based in Zimbabwe) and your e-mail address will be automatically inserted in the field, and you will be asked to type in your password, and then the scammers will have gained access to your network account!

This is a typical tactic employed by phishers targeting university e-mail accounts. They use your contact details and intimidating language to cause you to panic and “click on the link they provide.

When spotting phishing scams remember:

  1. Don’t trust the display name.
  2. Look but don’t click.
  3. Check for spelling mistakes.
  4. Analyse the salutation.
  5. Don’t give up personal information – ever.
  6. Beware of urgent or threatening language in the subject line.
  7. Review the signature (remember the university’s own centennial celebration and “water-wise” branding is being used in *some* external phishing attacks)
  8. Don’t click on attachments.
  9. Don’t trust the header from an email address.
  10. Don’t believe everything you see.

Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it’s legitimate. Be sceptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it.

If you have received mail that looks like this, please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to the following addresses: help@sun.ac.za and sysadm@sun.ac.za

Attach the phishing or suspicious mail on to the message if possible.  

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

[Article by David Wiles]

Email

Posted in E-mail, phishing, Security | Comments Off on Phishing email with subject: “ DO NOT IGNORE THE WARNING”

Phishing scam about reaching your mailbox storage limit

Tuesday, March 6th, 2018

Monday started with a phishing scam threatening to close your mailbox, and Monday is ending with another attack, using a similar intimidation tactic about your mailbox size.

The grammar and spelling is very poor on this one so it should be rather easy to spot. However the use of University branding and “STELLENBOSCH HELP DESK” might fool some people.

The Subject will be “We apologies” (sic)

Dear User,

You have reached the storage limit for your mailbox. Please visit the following link to complete your e-mail access restore.

Follow this link to complete the process: Click Restore

STELLENBOSCH HELP DESK

If you do click on the link (which does not go to a university website) …this webpage will appear. 

 

 

Many thanks to all of you who reported this.

Remember these 5 guidelines:

  1. Information Technology will never request sensitive information such as passwords.
  2. Phishing e-mails often appear as an important notice or urgent matter such as threats that your mailbox is over quota.
  3. Use of aggressive or intimidating language such as ‘immediately’ and threats of consequences of not verifying your account.
  4. Misspelled words and poor grammar that take away from the professional context of the e-mail. (this one is quite obvious)
  5. Use of an impersonal greeting. (Dear User)

If you have received mail that looks like this please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to help@sun.ac.za  and sysadm@sun.ac.za

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

IT have set up a website page with useful information on how to report and combat phishing and spam. The address is:https://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

[Article by David Wiles]

 

Email

Tags: ,
Posted in E-mail, Security | Comments Off on Phishing scam about reaching your mailbox storage limit

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.