%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> /XObject << /I1 16 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text /ImageC ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20240717204056+00'00') /ModDate (D:20240717204056+00'00') /Title (Report 07-2024) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 12 0 R 14 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 1982 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 467.249 521.469 279.485 re f 0.773 0.773 0.773 RG 0.75 w 0 J [ ] 0 d 45.641 467.624 520.719 278.735 re S 0.773 0.773 0.773 rg 61.016 482.999 m 550.984 482.999 l 550.984 483.749 l 61.016 483.749 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(PHISHING FROM STAFF EMAIL)] TJ ET 0.400 0.400 0.400 rg BT 61.016 664.909 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 664.909 Td /F3 9.0 Tf [(January 01,1970)] TJ ET BT 173.588 664.909 Td /F2 9.0 Tf [( by )] TJ ET BT 188.096 664.909 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 637.420 Td /F4 9.0 Tf [(An email with the subject "Purchase Order 98474" has been sent from a sun email address to staff and students. The )] TJ ET BT 61.016 626.431 Td /F4 9.0 Tf [(email ask you to click on a link to open your purchase order information \(also see image below\))] TJ ET BT 61.016 606.442 Td /F4 9.0 Tf [(This is not a legitimate email, but a phishing attempt from a compromised university account.)] TJ ET BT 61.016 586.453 Td /F4 9.0 Tf [(By clicking on links and providing your information, you give criminals access to your personal information and your )] TJ ET BT 61.016 575.464 Td /F4 9.0 Tf [(accounts. If you think your account or device has been compromised or you notice suspicious activity:)] TJ ET BT 61.016 555.475 Td /F4 9.0 Tf [(Immediately change your password on www.sun.ac.za/password.)] TJ ET BT 61.016 535.486 Td /F4 9.0 Tf [(Contact the IT Service Desk by )] TJ ET 0.373 0.169 0.255 rg BT 187.565 535.486 Td /F4 9.0 Tf [(logging a request)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 187.565 534.335 m 256.604 534.335 l S 0.153 0.153 0.153 rg BT 256.604 535.486 Td /F4 9.0 Tf [( or calling 808 4367.)] TJ ET 0.400 0.400 0.400 rg BT 61.016 497.197 Td /F2 9.0 Tf [(Posted in:E-mail,Phishing,Security | | With 0 comments)] TJ ET q 370.500 0 0 239.250 61.016 274.238 cm /I1 Do Q endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Annot /Subtype /Link /A 13 0 R /Border [0 0 0] /H /I /Rect [ 187.5647 534.6532 256.6037 543.8107 ] >> endobj 13 0 obj << /Type /Action /S /URI /URI (https://servicedesk.sun.ac.za/jira/servicedesk/customer/portal/6/user/login) >> endobj 14 0 obj << /Type /Annot /Subtype /Link /A 15 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 274.2379 431.5157 513.4879 ] >> endobj 15 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/files/2019/10/schon.jpg) >> endobj 16 0 obj << /Type /XObject /Subtype /Image /Width 494 /Height 319 /ColorSpace /DeviceRGB /Filter /DCTDecode /BitsPerComponent 8 /Length 40544>> stream ExifMM*bj(1"r2i ' 'Adobe Photoshop CC 2019 (Windows)2019:10:14 09:58:23?"*(2 HH Adobe_CMAdobed            g" ?   3!1AQa"q2B#$Rb34rC%Scs5&DTdE£t6UeuF'Vfv7GWgw5!1AQaq"2B#R3$brCScs4%&5DTdEU6teuFVfv'7GWgw ?Q1+ţ'!YeA>F_OY7)ͪ˝M{Kʖfek󅴀,湮{+{];XEE_fK8/jlamLXk*]L7?Na:Uu:5k n-4n'̆=lVNO'eW:5)ά={,^K ?:UeY}:zLHXcF.OUO=1Ƴ$28p-mVsv}?;=؈:sZ/k_[w_3# nmWCe{˽*}L _NE~?H31l,7tѾي׶ѹz9B3t[_?Zk; [NF[6VY#fϠw'zk+=ʬΥc;S=+?GuЫô5, 1i} Sg^޷S:.--9 Z4c==Gέʬ㶠\wu(c ,%c;eM{7 Ufں?c}D6I o.w T-U$YG{ْ66z,6(7t簼d`$7!ߟ[)u7ZMʪn#heA[z[ϱm3U-,ghADCe19ۈ o7'hc}MnK'O7q#'=Ē.;SFj5YgWlw՟OL5[Z%ۈi5]]p[!;5=Cӆc^@lN>_ѫ| N7Y]Mk.s;lksk8ג> l$=UkEbfs׈ƐSggmCxGisEѿhl}!_׮cCp{Oi$#K/}P1/3w=ͨxIX$״7We-ɯ%ka$I%)$IJI$RI$I%)$IO_٘YɯymM9͑ t?ckgALo|/?ֳ-ߤWXb7 s9XFPcZRw[ipHn fuoD|6Iwhd NkqN΅l{v~Isۿu@gQZpmSn#}O> RW`Is{^ò1wкv}XA.NՇK5ς$Z~Tm9x%s+GOS~F;?uSu&C]68Y],J]Hws*X_{I-O 7l%3{6YX>-W_iY}@R1ϥkͻ}6c[om$A$IJI$RI$I%)$IJI$SW5@&D #gJ`mƧӱ48E?gV~ Wloͷ#x\~G;4 ʻps-b$}nGoVs[2[KYc6A.Ku̳^!պ OݷoTۜfs1ŭ} so ϲĔꤨ3E5T:\ g6vƆ< kmmk}lX?O3/֜ߑ > Ec3bŌD#jV{7I% TI$$I)I$J'VYojM6wcT^%w _}jimmpBɩkǽֹI/s\ٻo"w>h%auvݩ3tDZnU[l̗H:D|6M}_EzGF~.S@/֋}8v#$I)I$JRI$I$$I)I$JRI$I$m9a}ߵ G;mQ#ZEk7~v~/D|6O8c "b?Eg~UIU$UI%?U$UI%?U$UI%?U$UI%?U$UI%?U$UI%?U$UI%?U$UI%?Photoshop 3.08BIM%8BIM: printOutputPstSboolInteenumInteClrmprintSixteenBitbool printerNameTEXTprintProofSetupObjc Proof Setup proofSetupBltnenum builtinProof proofCMYK8BIM;-printOutputOptionsCptnboolClbrboolRgsMboolCrnCboolCntCboolLblsboolNgtvboolEmlDboolIntrboolBckgObjcRGBCRd doub@oGrn doub@oBl doub@oBrdTUntF#RltBld UntF#RltRsltUntF#Pxl@R vectorDataboolPgPsenumPgPsPgPCLeftUntF#RltTop UntF#RltScl UntF#Prc@YcropWhenPrintingboolcropRectBottomlong cropRectLeftlong cropRectRightlong cropRectToplong8BIMHH8BIM&?8BIM Z8BIM8BIM 8BIM' 8BIMH/fflff/ff2Z5-8BIMp8BIM8BIM8BIM08BIM-8BIM@@8BIM8BIMI? Untitled-1?nullboundsObjcRct1Top longLeftlongBtomlong?RghtlongslicesVlLsObjcslicesliceIDlonggroupIDlongoriginenum ESliceOrigin autoGeneratedTypeenum ESliceTypeImg boundsObjcRct1Top longLeftlongBtomlong?RghtlongurlTEXTnullTEXTMsgeTEXTaltTagTEXTcellTextIsHTMLboolcellTextTEXT horzAlignenumESliceHorzAligndefault vertAlignenumESliceVertAligndefault bgColorTypeenumESliceBGColorTypeNone topOutsetlong leftOutsetlong bottomOutsetlong rightOutsetlong8BIM( ?8BIM8BIM8BIM g  Adobe_CMAdobed            g" ?   3!1AQa"q2B#$Rb34rC%Scs5&DTdE£t6UeuF'Vfv7GWgw5!1AQaq"2B#R3$brCScs4%&5DTdEU6teuFVfv'7GWgw ?Q1+ţ'!YeA>F_OY7)ͪ˝M{Kʖfek󅴀,湮{+{];XEE_fK8/jlamLXk*]L7?Na:Uu:5k n-4n'̆=lVNO'eW:5)ά={,^K ?:UeY}:zLHXcF.OUO=1Ƴ$28p-mVsv}?;=؈:sZ/k_[w_3# nmWCe{˽*}L _NE~?H31l,7tѾي׶ѹz9B3t[_?Zk; [NF[6VY#fϠw'zk+=ʬΥc;S=+?GuЫô5, 1i} Sg^޷S:.--9 Z4c==Gέʬ㶠\wu(c ,%c;eM{7 Ufں?c}D6I o.w T-U$YG{ْ66z,6(7t簼d`$7!ߟ[)u7ZMʪn#heA[z[ϱm3U-,ghADCe19ۈ o7'hc}MnK'O7q#'=Ē.;SFj5YgWlw՟OL5[Z%ۈi5]]p[!;5=Cӆc^@lN>_ѫ| N7Y]Mk.s;lksk8ג> l$=UkEbfs׈ƐSggmCxGisEѿhl}!_׮cCp{Oi$#K/}P1/3w=ͨxIX$״7We-ɯ%ka$I%)$IJI$RI$I%)$IO_٘YɯymM9͑ t?ckgALo|/?ֳ-ߤWXb7 s9XFPcZRw[ipHn fuoD|6Iwhd NkqN΅l{v~Isۿu@gQZpmSn#}O> RW`Is{^ò1wкv}XA.NՇK5ς$Z~Tm9x%s+GOS~F;?uSu&C]68Y],J]Hws*X_{I-O 7l%3{6YX>-W_iY}@R1ϥkͻ}6c[om$A$IJI$RI$I%)$IJI$SW5@&D #gJ`mƧӱ48E?gV~ Wloͷ#x\~G;4 ʻps-b$}nGoVs[2[KYc6A.Ku̳^!պ OݷoTۜfs1ŭ} so ϲĔꤨ3E5T:\ g6vƆ< kmmk}lX?O3/֜ߑ > Ec3bŌD#jV{7I% TI$$I)I$J'VYojM6wcT^%w _}jimmpBɩkǽֹI/s\ٻo"w>h%auvݩ3tDZnU[l̗H:D|6M}_EzGF~.S@/֋}8v#$I)I$JRI$I$$I)I$JRI$I$m9a}ߵ G;mQ#ZEk7~v~/D|6O8c "b?Eg~UIU$UI%?U$UI%?U$UI%?U$UI%?U$UI%?U$UI%?U$UI%?U$UI%?8BIM!]Adobe PhotoshopAdobe Photoshop CC 20198BIM http://ns.adobe.com/xap/1.0/ &Adobed@       ? P25 @0!1A"$%!1"A3Qa2#tPqBR$6 @brC40S%d5E P!q1AQa@"23B0R#c brC!1AQPaq@ p0 զmLԀZS3f+Mh<̯%DdXM=q#$1jƤDݧ_ym۳2ކA{&;bwď#2Q5>&(Z3nJ/x^D>2Gy8՟&H-LڙeNxd`H;oJ)ԞD(F-ɊКZ 3|MM!5|K2I/Siσ-Lڙ 3jf2y50U0-Li͟/J#=ejjϰyǑ^MzS6j@-Lڙ 3yLcl2&F*3leI@B&0/K`ZS4E!uF9vjNZO6ea~svC@ 3Js̀M% >%@}g >S6j@-Lڙ 3C9O4igM)g  s= zI ])j]jfS8慡FubeqtƠ&L;yWvƦ gog2yqe=+oS6j@!x Z϶-Z3RjfHedْ+ 0S6 jy= ҎS5Ra FmLԀZ3Rjf"I@2͋9!t\eS5 mLԀZ3RjfF|<2 3VNp" ZtZ3RjfH]voWU*q \B!WU*q \B!WU*q \B!WU*q \B!WU*q \B!WU*q \B!WU*q \B!WU*A/ilJ-wH2W QIa8G;~IM/3P=39uoVaUK5hٖsJVd$qԷkg8gK{6xXݝAe")EfPfBJbyB *t񝈼vUs*V0=¬e3'a QiflLJVg3eF E13۰ ;RZXIG^n4JP~}s` E}fR^&­=psY\z:)f)tQ*OseWy ,|I]% 1+AR9H!3Ys)+蚻M["d QRI!R|GEf,Zn/ <,aVy<#2yآQ83 wo))ūuG/f{Q$= tdRz/qxZ'#/o΃^+ѝI8X"bgya:B)L):d x0IG$IH"h|PDb1fKC c/&0qkuOY*d1òFy_;0m"CALX sV:Ȧ'/qVf{@B^m/23Ʊy{r`(}Ĥxes(icGL2r9z˒I-+%;SlHck㎡𬬳Z"%5Ԋ@IEE/NTR=I,/-*0 ]]v_>=0N |2xEP"`1{8 19RRi*s^I[8989¶YDDsލc(S1avM Rc?,-0$8I){:P?gv4p\lșZ%. 3@L+AT$,\--Y*CXIOg)$ILle<{UÒ 1WB7ύy|o>7ύ:KT<߈`pxSf/ 7]'$ǂގZAJu0J%C}oXe7"qa%M4.9j!nyiXHTi>zIU*q#F)6InCF;~8$Fo 7S{]Gz<7ޏ)yMwokS{]Gz7ύy|o>7Ͽ? OZ|-> OiZ|-> OiZ|-2QiZ|-> OiZ|-> Oi??oYJ?s /ޘǻcxcݏ {v<1dž=ǻcxcݏ {v<1dž=ǻcxcݏ {v<1dž=ǻcxcݏ {v<1dž=ǻcxcݏ {v<1dž=ǻcxcݏ {v<1dž=ǻcxcݏ {v<1dž=ǻcxc݋?Gc.[ڗW+6NCSV REj\1l!9_}Z SҫxlxD|7;SB17"+.=hESڦ^Q,rDs]{${Ǵ2 ʜj[5r4`:lAtlj -r(>\(&Zaj6].4 td_uv.73uz"{M!#QIgN 8NCrp I]C5t1rRDێ@P禴>էbs1R߽%[BA(m8JKK1VWrm>۪[54W" 7 KZWЕ\DTN)rm-  {O]1nH6lvpQpNqt+ߋ}3L.rVQ6G 77rBb5¦\"{YR+%(p=Hi:>TELj\/?V ֻ/8tفmr>m̰ȆyN*}Km;Ez;Ȉn4J%I8baėjlc=12D]b>A#jEb% eD@%|hٚ.iڙ$Oeю^tM-,󯲊(E.\iy!F8p}X؉UDX92c423$"\TN8)B~\vIaYMu^'1+F'DhKE$$ON:{SE@Eqݒ2q+8W6M#~֤ӦmmUUK^1i.X21ܫ 7 ^_!^yEϩoJf:w}Ox ^![YNcIe"PUㄺ7i 쬆]lUH*J*KEڹz\ +ejJJNԪGF&m [- Xm=[UڌLStms! L%@[MZ'-ˊqwD. S*.~Mrun[ң uE̓ :yҹ9ˑxϠVT8QOf-lNLcH8䚲MHx:5}OڮS N+trWek_ՈDs$$v5\`?͜qiQYm> 﫧Sn)0_`TJziT'dgݗl3VgMbbqpwzz)lՠhLRH)z;;r[ ˊ#&iM5EE/蛘ڵ'LuHTopJzsb7ӯ Ń?r6EM">8eg9N4s frh06nٚ3:ٛiӫ^>Vk K̖dǐfϱ38^vcK2<ۄeu]?ĚΊqIhӢĜ#ۄ#* Fޯ8꣉x%R[ 0l"j](}UN2lte=EޥUQKZU)r{NJI|d髯㜼ixalcPij.S%*؞;ykEs[F6QУB*iJڸR@\0AmZ#ȇGTw<$` ="E@IWMk9<2o]NdUUNKk:0"Вmhxbuٝ5c$}u Ihe0C8*ҳ8M̹H[{Y$yLHȄZ~& /-BkJ=EDӿ/z&dmWUpU*KOBF-om). eͧH *[oG7Ƶ\ 1eڐmRz1丅uVSі^F]g]]k,5dZIQu]zz&i-zwݒRJ<"uWB|kq'irf!r0seV)&+rDJZfVD)n%4m ut㈷8ƅ|M&Q鐚in>^ʝkJb#[,g,n7/skUP4Wxaqؗdod@iJWu!dCOgx.\ƣى"ċ%註+U)n-v$yI۳Eu:DݽlM!*,>oRXj2G]'M3i\'uLBdYQN@-@`(L_pyhm\BXlmq)Uqs(#uSM%5l**<*F9ʐ Q S*&Ieԭk",& $Nc.GQwJiLМq֔BWBu嚠s̎p'IHg/Nmgyx Cv7UZ'U\u?)ŷd~N9hia !ru5-8d *&Ypdc_ 8Pڌt%]JD\.KMzy : xrpQg( ~޳8rLۍH)%0NۧǸ4܌(\h <rڢ :ּ2֟'mIRDږU7E *ʹkcp?0\m&5r\yl%_&bȐ(ɲ!tv/2Kû4{@MY3W.iOS:n&joQ1`eDuQ{)Rig4ɶ6.0ot.9௿XS&S 0;- ѳ8r4ʎNxPsĉl,1d*]B)Eǃn fXdʜ(a[ba4OЉ\"Ăoۦe݂}Xm_6)[t*W##qZ:!MYaِ"~dԺQUj!ltHclv!kEJ{Y~/,)%UDJ"2c?+bܺ=\ܩL1p|p0zQGGkZ iDME=?hJ?%KW_텨ϽRDV$㈏4N% _UӶMHT˷#Kim]?`U[D"fҴ4jEҋa^c.=wqqtuH=ZauqkO;Re#NvQrB *ƥn*1!JH&A4lPOJUi l6wOĨ n`6,Y =mV^UJf:>OwUMT'DҸ[Wԍ]FQD=^> #ƭxRؽmI(UVuNk<59BzʉJ4Ē։G/Zb<y\3acJ?yIbkmj/q$TgK2SmMxQTrL։3&#W"*#'nPQr'ۮe -XTP0X6;KQ1%u p-$`M]*&\%̖$<[47OtqE1).EkyL*r@ 9G:vln3ܚFuQԜ֙g "S5[E? \`@?Y,UҔҚi\N 2fcwHBh$#.)2ΈnbWyhtj)vvv4Ĉ"%E)1)uy:UZHUoM\_OT(R=l~x V<J88ODdE_P flȣBₔʸDeD\&>*21 3QE2#cU=lW' dQJ}yEE֍5 EE!t݊7DF\FC1k._lMdKXbp ӆ#;lxX&AA (vqyQ+Vb :^$x x@ۚ :+0&&cIQN-7M2 xyH˪u{ZWQg( ~޳8 mȔ#8ΝhJ+.B2ۥ60Ck`*)/v]qx$'ր](z3\Yٔ\7iV5Z=}_E[lqAjh/s*KZ W$&tPuAxtZ5fI ER$S*&yɆ-UmCSSb%0fcBB E_0F}:T6O_H6cXE,*znI=1ٓ(YxHhi\Yv⩚/M2dܭj_l%<nڥ$ZaCҤ9*'˷Y.\V]erѹ\2xsr KKi,@Eyw۪Zbmډ'!K.ސ$u"*eDe;d[`Z>]T*=qöߜc_ԛR_Ur1MU4T\Yڙ)y.: F<*K^LFer9wX t*!*権K]|{uRE΄*/+\LO6"Dun-OjF*j˚qǔg%)șh[h](E{+P;9Yr k+HGmP Uxr\œtt!;q͆3` ך㹒Mc,xO4Mlpj!ڋsΞLD$uQ[j:e+Q2mP!t"Q*ָ:!H;[6椦i}IK!ǖKbZ,ndHqE^nK;uMj^4NΑq7Zjk^=l Wṟ*kSB=$WKLQrOa~y7uq y6TV3ǜd5&S =pxHR*:yEI=,ɇ78U =HV4,-f:`qQ8d0gcXmp-:. <[rXߨid+*ڍIe9NWƸ7ԹѹR@k%FSQZ 9 =MܺZsUQQ(#[L-Q|TĈ5{<8/j.XɺH~W3F kNH9 }xkz.2ȹ&[yM+Zn%ʕ Le72l$uӕ8ҽ_%}8NJzti%4hh^?/S/S/S/S/S/S/S/S/S/S/S/S o^%F́^ֿ?Gc1zQpoVA%OFL7"; O6HBB2_9.[QڦUVUxSX,3"FZ}d< ŷWZ[CRWiSf0FFi%J֩UD)lrY>Ck1ʜi\lը!U* *\fLyv j-QUm%Ԡng[lu*%N4N bb%t3ۍRnnu'? rB"Sp'IٳRCG*&Y.}g( p )^ʦ$G~%)h]s.sEJ*k,@b4q-֬ Ӱھ|H6d.Ftdb+ll!-(#hjTpszcF>5J-["pvGjh^Qg( ~޳8927;t}@*Eo+yQtt6 C*TBz2Zg( qepQ [ HU%8-Hp`gyV@54SGtYzz*2qO,INPMUJ*j-sڧ~ܜ%H jǞ: / m֣HSn>ک5^}+z1qq2VǸs6B뢄HDس?oYJ?%lX?..=K3J6sp falylCޛHB ^ZajWeBcKN.ˆ*5i @JẬ6ӈ:5b,$,747SIZt@ɺpI)V|"<< < m:-;mBqlЮ]*fɗ0[H GFO({}x"=Ǩ哂tQWrmn5o\j^ H't> @~mژ{hAZ+ RuV˃ۃ!(<}a2]f2lK1Vвw6ZBwc+K'/>_kJ?%?!ZA|?|?|?|?|?|?|?|?|?|?|?|?|?|?|?5twwF:P'd=89#I ٭}a#\kX9JX1š V‘5 Hu2nc#MHIIFiÐ쳣r4 " A*̎7Fx> "@$\u3(Q;JZPzLޜyV^V1V3R9.xQ= F qFG"-Dƴ- 5z(.jPTh2Q* :f@z"@7xe3vCP%>QX#@%GT.T6(6vJ\;G ,Sp|G8#5 $]!t;)-LPPAǬkj 8C-ѭCw5s%6S\wJƁ*UH2gGhӫ sjd6i+'q ڱh jaD(oȣe$M'|x(h2!kZaď d =!XbpSFM)]>N2n|aW#}+bCڸE²4@p䛄gI.fPt xLQPE= b{yʑhMq~v']jIt3Zi"wIX.]HF+Evn5釫M4[Yh]}OJWevhO|Ata p nRچvHQ&@eM*}p8,@ST4 k[)2`0(=zP0ƏP8|]3 GQZ795&@Vlt$fexNpՌ`, z\M]T-LN$Ɋ)& E"̀4Pդ 9+%+*0C5ʗD`RhwPuOoGS 4ʻe/H0nXC{]E nĮW GtO9 aXJ":uNɽHaFN,J2bF%"9e VdS&1k@S.#boV0F& 5Y𝊽|]\?"[u'~5'WQc8"4esfGX h0- 69 JHc ,6BaYb' Uܚ8 [Fp<_ 1+g@S@4zxTQCo/ %jDǹiu M]UPhkeQ  .?QJy6)0UVi@\2Np$ 1zS8$uxмkq,>1ްێqr\9ɗdMS]JNz8V44ҼtB3&q& M * Upцlq*GODUGG jc9<U ]gTˆ*efKqmUd/lY*lSbD8v/T Բ:::[} db&My5 E/`'1Tr5<ĺahkfnP 8 0 jnpA[кmagKoP$vDvugS+țz12!@mPQI6Ll.CuRUV+{F@;իWE >j.H#?]:t[(+RU]ͺ}@ٻk$K%‰R?QZ?fk=^k,<G324]ђcE%Q:A!<۩K'&Ԃh$C2jؐ}-B[< f5kN5̕io24)L龪/$,4Q諐#ZZ^0Hyy&&KDZijS6s Az'6H:MC)Bi%]W]V.UT-S$.?ı#WNhIJ$]1=TejkW: Gd?#y1.R ZL{I <~  T-LH0PDG<̴o+G٦j M6 uNmNSBd get8ix|r?UJ+,c05suvlOk.8Ɠ `(;IIǜB<1ԋpa.0 li\_N"|-I{Ҕi"bv- gDN#T(wO9Uƣi֦KM$LvB. ҖrɴA)˚mE*}B 니 u9$ū$Gk\8WZ,(w+y>HP7ZALLPzǹU)s;Eֱzu؂` sc[]."S9=2=6~iz°HLEq|=_{YΌwDFB N]-*QG)R/Ck%mkaKg3IV񺂚h]1MjzVZ-M|zuES+tjRṋ E3~ZŇSpuĄ&_V];Fd` SoG A~g2z:3;X" wX ΙJ~RӠqF+;L,|UE)9+C9JB, %jv#f TGhP6CHS Ym<6\Uh˄1]3]U#uV(3롤o-%I@Ml(`p' TU^OwuE\ fY`2AST;.z fĈKS!UǁB 5 Y0À!$ՄؓHvtr&FWvƧi2ȹrǠP\㝡RIu7OpYIp 'J{ID'68@oE (PB )MY?j] hAfB Ghvn@W%i噧;yӮyΠSVP=_Jt)NVT5.l\hQ[6gã׿L9=j膗v]:sp]}"MSd}xui+C:0L`0th߾|{߾|{߾|{߾|{߾|{߾|{߾|{߾|{߾|{߾|{߾|{߾|{߾|{߾|{߾|{߾|{߾|{߾n|K_J.6s-}{?G{]Kn#& FiP h+$aӓGA:+\\Kڰ;r᧫: N v@Z1@[@蓞b-LF S\ânn1E5\Hf@U5yuβ~\+sW?\+s=Mok~~~~~~~~~~~~~~~~?!oooNw;ayw;~r-^L7ǂyj5Ϗ:prvzgs8#/:zz8BsGWÆq_?7Ǐ{7Ǐ{7Ǐ{7Ǐ{7Ǐ{7Ǐ{7Ǐ{7Ǐ{7Ǐ{7Ǐ{7Ǐ{7Ǐ{7Ǐ{7Ǐ{7Ǐ{7Ǐ{7Ǐ{7/~پ?nht]LS}>\^p=Wlw̮̮̮̮̮ ~ @I$I$I$I$I$I$I$E $@ A  G+\(KR $A$A$I$I A$@H$@@A I @P @ A @$@@ @@$@ ?סx@I RA$@RI? 9yag~yag~yag~yag~yag~yag~yag~yag~yag~yag~yag~yag~yag~yag~yag~ߢB,wIIYk} Aк]},H8\99TuO:Va ж[C"| A`]X {ꫂ;m\"3g[`@(SRײ ʼnx4׏h  &a INWpk)^6DyV<4NlyeMnmBKSfe${eQS\Cߡ7ӵoi-ǎmȫ瑖(k_, 3 '%[44=G0EΘ Yn$=ڕbN"3 [E|1ݤtY^,`]KJ߃"ⱡy*'#ee?n\Ô¹ǐz\`,\'C82&|tF+͒<?-MȀ3ݎ N^[m͆ƮaGTÇsÍ^%.z%t0o`1!9n9ff2H<4T?:Ł5 Cfm)ٕc(.zi"MD@2Bł/"o_JC(ܱ# Q!;pely"%6ε# <<|!)NiI@ptdĐ҉Aʖgr>{0N޼ ҿؓ* 8Y.ދ:Z 0AY-SAf^uA@JEw E@8uG L ^sC yԎ ˲һPۑF+ qوEu2h6VXGʦJTUa=GZ,)`+ rħ_ӥ!ǡ"hk;ؘ*i.8(\46uA-NQ@ I((mqIU`m}{?]kҎa6.r e _ DDfuΒs#P8/ F͜.HK]BP˞<@4X엤xpF CꇀeK)r:OQR/9%D.=lt0*㴘meNz{drBxEL> 3HLը>+BW 9xLP6?mɡPq4_8'#7 ޙ-Ak1i Jf5 buB>frZF?&ݙiBC|n#3?(H-:/(Hax>yħ́X$/}F4hXpAf0xp^pdcU3Pg_)$bE@*+HCY*N؁JF%xDžJLpǩ$D s2 p @݀Y >0T7+ZVG?WeT=Ԃa A`T@:T qcl$`O1 8^$4&ȃms]YS7N0LzR%!m BZԲq6’Fq&!0* YL%x02bXkZ@ GNv5(>B(P5"$ /KAIK-bA @IAx=PN1y߮&֢jgL+lvòEcs>` /Ă@FF%BͩQzizI6>[^VM~!h"ŧI-w`LlJFx:ut,5ha|n8 *~")^20ã8[mZpC^d(2R5XQ5YH]";3Xm|30gUi8: ,Eh `GBWmP,aAhM:ݚ-}J@GUD$RU8Fl ypyaP9׍DR9ZyOFP 8؅t1w74P/hhI6RUG,tI چ,Qt@pLJ[QJ2jf7E!!gՐ&ѽ^!T b-V 1ŝUn\1Y +zJ*1H81iF0M(l?Ԋ(>0a T2YA*#Ȅ!&q6Q`hNh+" pX] ('E@rH U &cdP7bQq ́/_ -iZu~RH$جdDM"g%B+ c$`B>CL&w1:XGsd 87;qJq7ۡE;ã p]%Kl$AO8FRX`:a>JV\j #8N)ۦWEn |:D` Ld 0<9U#'liBX9Aq0:@qnQS@O'KpưW!221X _uiLeC3\ -T6y@!I=MʧIrrq}GckkfD[|31<(e*z1XBM^zׯ^U?  D 5Jl0`"'@+2JZTV]MQl_ > 9g;( =?~Cܘ\ TRY`Z~np4 }()M~8Pp* y !D#,lhB!0M@m0@RY.\GƔP321s98CX%&X%΋ Prho+SùL1j(PLLp0۲a hԎbF^4 (b+!<5 xJCJu<$1CldVtS \֔nr@<5 (?+XoH^kJWP:!I(RX6yC&57^J 9ЃR:I9f jls@ 4rmZH@\XG3JIFDE{Oyow… (PB #h[({{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{?^^^0jYqu= ŗF4%3Sտ V]9h\zrt{s [|i/ nO̅qW6OILC5g-NkqZaw~g K o^l4x#sRpj 4_\av^vbSֽ?N޸dmktoN=|׳Ǽ׳Ǽ׳Ǽ׳Ǽ׳Ǽ׳Ǽ׳Ǽ׳Ǽ׳Ǽ׳Ǽ׳Ǽ׳Ǽ׳Ǽ׳Ǽ׳Ǽ׳Ǽ׳Ǽ׳1xg Y?RE)-x}^=B՟^ۻ:߶X95CNp\:cK M}1Tۚ3 n=D"b]ޣõ?oӭȈW<}zqh9qY©*ׯ׳袊((m?Ygygygygygygygygygygygygygygygyg endstream endobj xref 0 17 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000332 00000 n 0000000369 00000 n 0000000507 00000 n 0000000596 00000 n 0000002630 00000 n 0000002742 00000 n 0000002857 00000 n 0000002977 00000 n 0000003085 00000 n 0000003213 00000 n 0000003340 00000 n 0000003467 00000 n 0000003568 00000 n trailer << /Size 17 /Root 1 0 R /Info 5 0 R >> startxref 44281 %%EOF phishing « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

phishing

« Older Entries
Newer Entries »

Phishing scams requesting quotes and notification about “new message”

Wednesday, November 21st, 2018

Phishing attacks on the university continue with this week’s “flavour” being a return of the old “Request For Quotation” scam. With this scam you might receive an email from a large corporation arrives asking for you to provide a quotation, with an attached PDF that you are asked to fill in and send back to the sender.

Why would an academic department secretary be getting an RFQ to supply industrial supplies like sewage pumps? Scammers often only want to steal information from their victims, and in the case of the Faculty of Health Sciences, the scam RFQ could change to supply something like medical supplies or equipment.

Remember the email may look very convincing, with known company letterheads, VAT certificates etc.

It is important not to respond to the sender or to open up the attachment. Often scammers just need a response so they can identify “live bait” and fine-tune their attack to a particular person.

Another phishing scam that appears to be coming back uses attention-getting subjects like “You have a new message” or “We’ve resolved your dispute” or “SARS refund pending” designed to get your attention. This particular one uses forged “Citibank” branding and informs you that a dispute has been resolved and you will be paid some money, but you are asked to open up a “document” to see the disputed transaction.

The danger is in the document which will be download if you click on the link. In this particular case, it is a document with embedded macros that will install malware on your computer to steal personal information. Normally macros in Microsoft Word are disabled by default, but if you have enabled them for legitimate reasons then there would be a danger to your computer if you attempt to open the attached document.

These phishing scams are sent out to many university email addresses at the same time, so you are not personally being targeted by the phishers. These attacks will continue in various forms, because there are still individuals who fall for these scams, making phishing attacks very profitable.

If you do receive mail like this then please report it to IT Cyber Security. Once you have reported the spam or phishing mail, you can delete it immediately. You can do this in two ways:

  1. By reporting it on the ICT Partner Portal. Go to https://servicedesk.sun.ac.za and select “Report phishing, spam and malware” right at the bottom of the list. Fill in your information and add the email as an attachment. Your request will automatically be logged on the system.
  2. By sending an email
    – Start up a new mail addressed to csirt@sun.ac.za. 
    – Use the Title “SPAM” (without quotes) in the Subject.
    – With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the – New Mail.
    – Send the mail.

[Article by David Wiles]

Email

Tags: ,
Posted in phishing, Security | Comments Off on Phishing scams requesting quotes and notification about “new message”

Cybersecurity Awareness month: Some statistics and common sense advice

Monday, November 5th, 2018

It’s November and Cybersecurity Awareness month is behind us. As a final signoff,  we would like to share a few statistics and give some common sense advice to help you spot phishing scams.

Surely South Africa is not sophisticated or advanced enough to be included in phishing attacks? According to Drew van Vuuren, CEO of 4Di Privaca, South Africa is the second most targeted country globally when it comes to phishing attacks.

The cost of phishing in South Africa amounted to approximately R4.2 billion in 2013 alone and 5% of phishing attacks globally occur in South Africa. It is not a matter of “if” the university is going to be a target, but “when”. Phishing attacks are not Information Technology’s concern, but should also be yours as a user of the internet. 

According to a 2016 survey by Symantec, over 30% of South African internet users share at least three pieces of personal information on their social media profiles which could be used to steal their identity. 

60% of the respondents admitted that they had no idea what their privacy settings were and who could see their personal information on sites like Facebook, Instagram, Twitter etc.

People often become victims of online fraud by using the same password or usernames on multiple sites, including social media sites and internet banking sites. According to Ofcom’s “Adults’ Media Use and Attitudes Report 2013” report, 55% of the poll respondents used the same password for most, if not all, websites.

Here are 10 common-sense tips to help you spot and prevent becoming a victim of a phishing scam:

1. Learn to identify suspected phishing emails

  • They duplicate the images and branding of a real company.
  • They copy the name of a company or an employee of the company.
  • They include sites that are visually similar or identical to a real business.
  • They promote gifts or threaten the closure of an existing account.

2. Check the source of information from incoming email

Your bank, Information Technology, or cell phone provider will never ask you to send your passwords or personal information by mail. Never respond to these questions, and if you have the slightest doubt, call your bank, IT or your cell phone provider directly for clarification.

3. Never go to your bank’s website by clicking on links in emails

Do not click on hyperlinks or attachments, as it will direct you to a fraudulent website. Type in the URL into your browser or use your own bookmarks or favourites if you want to go faster.

4. Beef up the security of your computer

Common sense and good judgement are as vital as keeping your computer protected with a good antivirus and anti-malware software to block this type of attack. In addition, you should always have the most recent update on your operating system and web browsers.

5. Enter your sensitive data on secure websites only

In order for a site to be ‘safe’, the address must begin with ‘https://’ and your browser should show a closed lock icon.

6. Periodically check your accounts

It never hurts to check your bank accounts periodically to be aware of any irregularities in your online transactions.

7. Phishing doesn’t only pertain to online banking

Most phishing attacks are against banks, but can also use any popular website to steal personal data such as eBay, Facebook, PayPal, etc. Even the university’s e-HR site was targeted in 2017.

8. Phishing is international

Phishing knows no boundaries and can reach you in any language. In general, they are poorly written or translated so this may be another indicator that something is wrong. However, don’t be convinced it’s legitimate if it’s in Afrikaans – phishers are getting clever and adapting.

9. Have the slightest doubt? Do not risk it.

The best way to prevent phishing is to consistently reject any email or news that asks you to provide confidential data. Delete these emails and call your bank to clarify any doubts.

10. Keep up to date and read about the evolution of malware

If you want to keep up to date with the latest malware attacks, recommendations or advice to avoid any danger on the network, subscribe to the Information Technology blog or follow them on Twitter. Put your local computer geek or the IT HelpDesk on the speed dial of your cell phone, and don’t be embarrassed or too proud to ask questions from those who are knowledgeable on this topic.

Keep safe out there.

Email

Tags:
Posted in phishing, Security, Tips | Comments Off on Cybersecurity Awareness month: Some statistics and common sense advice

Cybersecurity Awareness Month: Spear phishing

Tuesday, October 30th, 2018

In a previous article, we referred to “spear phishing“. Spear phishing attacks deliberately target the university instead of sending out general emails, hoping someone will respond. This approach is successful because scammers focus on typical staff and student activities and adapt their phishing emails accordingly.

Over the past two years, the university was targeted with a few large-scale spear phishing attacks resulting in student and staff accounts being compromised and in several instances, some of the victims suffered financial loss.

In April 2017 an e-mail was sent from “Stellenbosch Payroll” with the subject of “NOTIFICATION: Your 13.69% Salary Increase.” The bait of a 13.69% salary increase certainly attracted attention and was sent at a time when salary increases and performance bonuses were being granted.

Many people overlooked the lack of a personal salutation and the grammar and spelling mistakes. The lure of a 13.69% salary increase and possible sizable salary increase made them throw caution to the wind. The university branding also created a false sense of security. 

According to the email, staff had to download the two attached documents with information on the salary increase. University staff clicked on the links and was diverted to a forged website identical to the real login page of the University Human Resources division. The forged website address was not in the university domain but very few people would spot that detail. (see below)

Once on the site, they entered their usernames and passwords to view the documents explaining their so-called salary increase. The password did not work, but the scammers captured usernames and passwords and gained access to the real HR website using the stolen details and changed the victim’s banking account details so that their salary would be paid into the scammer’s own account. The person’s bank account details were also captured and could be for further exploitation. 

 

A second spear phishing attack occurred a year later in May 2018.

An email was sent from an already compromised UNISA account. The mail warned that the receiver’s email account was due to be deactivated and that they should click on a link to renew it. The Subject said “Dear SUN E-mail User (c) Copyright 2018 Stellenbosch University” and the signature was from the “2018 Email Microsoft Administrator”, which many saw as legitimate.

Clearly, the spear-phishing scammers researched their intended target and used words and other details like SUN, Stellenbosch University & IT HelpDesk that would increase its legitimacy.

The link took the victims to another forged website. This time it was a perfect copy of the University’s own “Single Sign-On” page students and staff use to access important University services, for example SUNLearn and the staff portal. (see below)

The website address was also not in the university domain, but  the rest of the details, such as the branding and the Afrikaans link,  looked convincing.

Once the victims entered their usernames and passwords, the scammers gained control over the user’s accounts and could send out further email messages from within the university to catch more victims.

What could we have done to spot and prevent these attacks?

Unfortunately, there is an institutional perception that Information Technology has to prevent and protect users against attacks. This is not true. Users of an institutional network or even private users have the responsibility to be aware of the dangers we face in cyberspace, to sensitize themselves to the warning signs, be informed and help Information Technology flagging suspicious e-mails by reporting them and not using weak or easily-guessable passwords.

Here are some common-sense checks:

  • Don’t trust display names. These can be anything a scammer wants them to be.
  • Check for fake email domains. These will often be slightly different versions of the real thing.
  • Look at the university logo and other images.  Are they commonly available on the internet?
  • Review links carefully by hovering over the link text (without clicking). A link that is different from the one in the link text is a sign that it is malicious.
  • Look for the sun.ac.za domain name in the link. If the domain is different it is probably a malicious link.
  • Look out for bad spelling and grammar, as this can be a tell-tale sign that it’s not a legitimate message.
  • Spear phishing emails and messages are highly focused and targeted.  The criminal will spend a lot of time compiling emails and website to look authentic.
  • If you are suspicious about an email don’t visit the site. Verify it first by checking with Information Technology if it’s legitimate.
  • Use strong passwords and never use the same password (especially if it is a weak one) on multiple sites.

In the final article for the Cybersecurity Awareness Month, we will share a few thoughts on how to increase your cybersecurity awareness and give a few tips and suggestions about what the university could do to fight and prevent these attacks.

Keep safe out there.

Email

Tags:
Posted in phishing, Security, Tips | Comments Off on Cybersecurity Awareness Month: Spear phishing

Cybersecurity Awareness Month: Social Engineering – The weakest link

Thursday, October 25th, 2018

When we use the term “hacker” in our day-to-day conversation, we tend to associate it with an attacker who uses their technical expertise to break into protected computer systems and compromise sensitive data. We hear about this breed of hacker in the news and we invest millions of rands in new technologies to improve our network defences.

However, there is another type of attacker who use their tactics to bypass even the most expensive and effective cybersecurity technology. They use a variety of media, including phone calls and social media, and trick people into offering them access to sensitive information. These are the social engineers, hackers who exploit the one weakness found in every institution, also universities: human psychology

Social engineering is a term that covers a broad spectrum of malicious activity. It is a means of attack that leans on human interaction and involves manipulating people. All the methods listed in our previous article use social engineering.

The object of a social engineer is to convince people to bypass or suppress their natural reserve or suspicion in order to get access to technology systems or data. For example, someone who calls the secretary of a department pretending to be from the IT Department asking questions and getting them to reveal sensitive information such as login names, e-mail addresses, WiFi passwords, etc. They are in essence con-artists.

Whether it is through a phone call or an email, social engineering attacks are always very effective because they rely on the weakest link of security – human beings.

The best historical record of social engineering is the story of the Trojan War from Homer’s Illiad. After a ten-year siege on the Trojans, the Greeks pretended to accept their defeat. They left behind an enormous wooden horse as an offer of peace, and the Trojans opened their city gates to bring in the horse as a victory trophy. However, the Greeks soldiers were hiding inside the wooden horse, crept out at night, opened the city gates and allowed the Greek army to enter and destroy the city of Troy.

How to protect yourself:

  • First and foremost, be suspicious of anyone who contacts you via email or telephone and appears to know a lot about you. They may be very friendly and attempt to gain your trust, but if you’ve never dealt with this person before, ask yourself how they know so much about you and why they are contacting you.
  • If you are contacted by telephone, don’t blindly provide information. If you’re suspicious (that little voice in the back of your mind that says “something is not right here”), hang up.
  • Offer to call the person back. Ask them for a direct phone number. If they can’t provide one, discontinue the call.
  • If they do provide a number, do some research. Can you find a website for the company? Do a Google search on the phone number – does it come back linked to the company name you were given?

As a matter of habit, never give personal or sensitive information, for example, your login name, ID number, password and bank account number, over the phone or email. If the person is persistent, explain that you are concerned about security and will not provide this information over the phone. If they don’t accept your explanation, they should not be trusted.

Not only are your inboxes and phone lines being targeted, but so are your social media sites. Take a long, hard look at your social media presence. How much do you reveal about yourself to the world? Do you provide information about your position with a company? Do you share your habits – where you shop, gym or like to eat or socialize? Even the most mundane information you share could make you a target for a social engineering attack. Any social engineer will do their homework on you ahead of time. Whether it’s selfies or cat videos, most us like to tweet, tag, link, comment, like, and post online. Platforms like Facebook and Instagram are full of information social engineers can use.  

How many personal details are displayed on your department or Facebook page? Some departmental web pages even display personal cell phone numbers.

Over the past week, there has also been an increase in extortion phishing. Extortion phishing is the practice of obtaining money through force or threats via email. The victim receives an email suggesting they have been recorded through their webcam whilst watching adult websites. The criminals demand a ransom in Bitcoin or some untraceable cryptocurrency and threaten to circulate the recording to their contacts unless payment is made. Often scammers state that they know your password, installed malware on the computer and demand payment.

The new extortion phish threat plays on our own innate sense of guilt. More worrying, however, is that the passwords they have are often correct or close to correct because they have been leaked through data breaches. Usually, these passwords are old and haven’t been used for months or years. In some cases, they’ve remained unchanged or have only changed by a single letter or number. For example, how many times would I have to guess the correct password if the old password is “christopher” and the new password is “Christopher123”.

Your password and email address are potentially out there for all to see. One way to check if your username and password have been leaked in a data breach is to use a site like Firefox Monitor. You can enter in your e-mail address and the site will tell you if your information, e.g. email address and password have been compromised.

Social engineering attacks range from unsophisticated attacks, for example simply lying to get information, to very elaborate attacks, for example specifically designed websites. They have one thing in common – exploiting the weakest link, human beings. 

For this reason, these attacks will continue to increase, so being aware and cautious is the best defence.

Next time we will focus a little more on the type of attacks the university has suffered over the past year or so, and how to spot them.

Keep safe out there;

Email

Tags:
Posted in phishing, Security, Tips | Comments Off on Cybersecurity Awareness Month: Social Engineering – The weakest link

Cybersecurity Awareness Month: Identity Thieves Modus Operandi – Part 2

Friday, October 19th, 2018

In our previous article, we mentioned that identity theft isn’t always “high-tech”. It can happen to anyone, even if they don’t have a computer, use social media or own a cell phone. However, in this article, we’ll focus on “high-tech” methods of identity theft.

The identity thief’s goal is to obtain your personal information, such as your ID Number, bank or credit card account numbers, credit report information or the existence and size of your savings and investment portfolios. Once they have any of these, they can contact your financial institution pretending to be you or someone with authorized access to your account. The thief may, for example, claim that they have forgotten their chequebook and needs information about their account.

Credit or debit card theft – Many people believe credit card fraud and identity theft are the same. In reality, they are different crimes. The main difference between credit card fraud and identity theft is that credit card fraud typically involves a single credit account, but if your identity is stolen, the potential for damaging your credit history can be much greater, because someone can open numerous lines of credit in your name. Credit card fraud typically occurs when someone steals your credit card information and uses it to make unauthorized purchases. This can be done by stealing your purse or wallet or, if the criminal works at a retail store or in a restaurant, he or she may simply copy your credit card information during a transaction.

Pretexting – If you receive a phone call from someone from a reputable research firm asking you to participate in a survey, asking seemingly harmless questions like the name of your cell phone provider, bank, or even your preferred shopping centre, this is probably a pretexting scam. Pretexting is the practice of getting your personal information, such as telephone records, bank or credit card numbers, or any other information, under false pretences. A pretexter pretends they are someone else to obtain your personal information claiming they are from a survey firm and want to they ask you a few questions. Sometimes they will claim to be representatives from other types of organizations – not just survey firms –  but banks, SARS, insurance companies and ISPs.

Skimming – Identity thieves place small machines or skimmers, in the card slots of ATMs to steal credit and debit card numbers and pin codes from unsuspecting victims. This has also been reported to occur at some petrol stations where you can pay at the pump. It is not easy to look at a card reader and see that it has been altered in some way before you insert your debit or credit card, as some of the skimmers are so advanced that they are virtually undetectable. In some cases, a skimmer may remain in place for months at a time, unnoticed by employees of the “host” store and it could take months before victims realize that an identity thief has stolen their card number and PIN. Most victims only find out after the thief starts making illegitimate purchases or withdrawals from their accounts, often to the tune of thousands of rands.

Man-in-the-middle attacks – Smartphones and tablets have become a major point of access to the internet. There are many Wi-Fi networks that people can connect to from almost anywhere, for example, public libraries, airports, shopping malls and government or municipal facilities. Unfortunately, this also opens a “port of entry” for hackers which has led to the increase of “Man-In-The-Middle” attacks. A Man-In-The-Middle attack, also known under the acronym MITM, happens when a communication between two parties is intercepted by an outside entity. The perpetrator either eavesdrops on the communication or impersonates one of the two parties, making it appear as a regular exchange of data. A MITM attack targets users of enterprise email accounts, financial applications, and e-commerce websites in order to steal account details, credentials, bank account or credit card numbers and to monitor password changes.

Phishing – The Internet scam known as “phishing” (the “ph” substitution distinguishes the activity from the real “fishing” but the activity is intrinsically the same) is a spam email message that contains a link to what appears to be from a legitimate business, such as your bank, but it is actually a fake website. The email often states that you must update your account information through a bogus link to a phisher’s website and the user, unknowingly, gives out personal information to the fake website.

Pharming – A relatively new Internet scam is “pharming”. Using a virus or malware, the victim’s Internet browser is hijacked without their knowledge. If the address of a legitimate website is typed into the address bar of a browser the virus redirects the victim’s browser to a fake site.  All identifying information, such as bank passwords and credit card numbers, is collected by the scammers who steal the user’s identity.

Vishing – This is similar to “phishing”. However “vishing” scams attempt to trick targets into divulging personal information such as credit card, bank account and social security numbers using new telephone technology. Typically, “vishing” targets will receive a phone call from what appears to be a legitimate business, such as their bank or credit card issuer, and the victim is informed that their account has been compromised. The “visher” usually requests that the caller enter their account or credit card number or even their social security number to secure their account, thereby compromising the victim’s identity.

SMiShing (SMS phishing) – This form of “phishing” specifically targets smartphones. Smishing uses the scammers’ old favorite—phishing, to send out an email to entice their intended victims to click a link that downloads malicious software or virus on the smartphone. As its name implies, smishing comes from “SMS phishing”. A smishing attack goes after the smartphone via text message and usually occurs when a message is received from an unknown number that offers some sort of incentive. It might be telling you about a free offer, a coupon, that there’s something wrong with your account, or even more likely, it might claim that “your friend” has sent you a “greeting card” or message. Unlike viruses of the “old days” that sought to lock up your computer or disable your files, smishing attacks remain hidden and continue to feed information back to the smisher. Information like contacts list, email address books, and passwords are sent to the scammers.

Spear-phishing – Our last method is spear phishing. With this method, the scammer is targeting you specifically instead of just sending out random “shot in the dark” emails that someone might fall for. Spear-phishing is very successful, especially within environments like the university, because scammers pay attention to your internet activity and send you requests that look like the real thing, claiming to be from entities within your own environment. Scammers can pull off spear phishing attempts based on the information you share about yourself, as well as other bad habits such as using the same password for multiple websites. As soon as you post updates to social media, especially about accounts, people you interact with, purchases you’ve made, etc. you’re handing over vital information a scammer can use to target you.

How to protect yourself from identity theft:

  • Don’t give out your personal information on the phone, email or snail mail unless you’ve initiated the contact or unless you are sure it’s safe. And don’t feel guilty about saying No.
  • Never use your pet’s name, children’s name or a nickname as a password.
  • Ask your financial companies about their policies for preventing identity theft.
  • Be VERY careful about answering surveys — and certainly don’t give out any personal information to anyone who calls on the phone or asks via email. If you do answer survey questions, use common sense and don’t give out any information that could be sold or used by identity thieves. In other words “control” the information that you give out.
  • Tell your colleagues, family and friends about the dangers of identity theft. Awareness and sensitisation empower even the most “non-technical” person.

In the next article, we will be providing a bit of information about social engineeringKeep safe out there.

Email

Posted in phishing, Security, Tips | Comments Off on Cybersecurity Awareness Month: Identity Thieves Modus Operandi – Part 2

« Older Entries
Newer Entries »
 

© 2013-2024 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.