Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

Security

« Older Entries
Newer Entries »

Protecting yourself from spearphishing attacks

Tuesday, March 12th, 2019

For a large enterprise like Stellenbosch University phishing attacks are the most common cybercrime.

In the late 1990s and early 2000s, we were all inundated with spam emails, selling everything from fake pharmaceuticals to cheap perfumes. With spam, cybercriminals use a blanket approach sending emails to as many people as possible, hoping a few gullible customers will be funding further spam emails.

General “shotgun” phishing is still a problem today, but the past 18 months have seen a rise in a more sinister form of cyberattack,  spearphishing, which is much more targeted to an individual or an enterprise’s email system.

Spearphishing is similar to phishing, it’s also a vector for identity theft where cybercriminals try to get users to hand over personal and sensitive information without their knowledge.

Cybercriminals view phishing attacks as a profitable and an easy way to gain access to an enterprise enabling them to launch more sophisticated attacks, for example, spearphishing attacks. Humans are, after all,  the weakest link and thus the most effective target for criminals looking to infiltrate a network like the university.

Even though spearphishing is more focused than its less-sophisticated relative phishing, everyone can apply the following principles to protect yourself and the university against cybercriminal activity:

Use common sense when it comes to phishing attacks
Be sensible and smart while browsing online and checking your emails. Never click on links, download files or open attachments in email or social media, even if it appears to be from a known, trusted source. You should never click on links in an email to a website unless you are absolutely sure it’s authentic. If you have any doubt, open a new browser window and type the address into the address bar. Always be wary of emails asking for confidential information – especially if it asks for personal details or banking information. The university and your bank will never request sensitive information via email. They do not need it. They have it all already.

Watch out for shortened links
Pay particularly close attention to shortened links, especially on social media. Cybercriminals often use Bit.ly, Tinyurl.com, Goo.gl or Tr.im to trick you into thinking you are clicking a legitimate link when in fact, you are being inadvertently directed to a fake site. Always place your mouse over a web link in an email (known as “hovering”) to see if you’re being sent to the right website.

Does the email look suspicious? Read it again
Many phishing emails are obvious. They will be filled with plenty of spelling mistakes, CAPITALISATION and exclamation marks. They will also have impersonal salutations – e.g. ‘Dear Valued Customer’ or ‘Dear Sir/Madam’ salutations – and will have implausible and generally suspicious content. Cybercriminals will often intentionally make mistakes in their emails bypass spam filters and improve responses. 

Be wary of threats and urgent deadlines
Sometimes the university does need you to do something urgently, however, this is an exception rather the rule. For example, you all have been getting reminders to reactivate your network account by the end of March. Threats and urgency, especially coming from what claims to be a legitimate company, are a giveaway sign of phishing. Some of these threats may include notices of a fine or advising you to take action to stop your account from being closed. Ignore the scare tactics and rather contact the company via phone.

Browse securely with HTTPS
You should always, where possible, use a secure website, indicated by https:// and a security “lock” icon in the browser’s address bar, to browse. This is particularly important when submitting sensitive information online, such as credit card details.

Never use public, unsecured Wi-Fi, including MatiesWiFi, for banking, shopping or entering personal information online. Convenience should never be more important than safety. When in doubt, use your mobile’s 3/4G or LTE connection.

[ARTICLE by David Wiles]

Email

Tags: ,
Posted in phishing, Security, Tips | Comments Off on Protecting yourself from spearphishing attacks

Formjacking: a new threat to cybersecurity

Thursday, February 28th, 2019

Believe it or not, cybercriminals are contributing to the growth of the English language, by annually introducing new words to the dictionary.  Forget phishing and ransomware. Formjacking is the cybercriminal’s new flavour of the month

Formjacking is a type of malicious code injection when criminals hack a site and take over the functionality of its form page. Data is then collected from the user through the malicious form, forwarding it to the virus authors.

The uncomfortable truth is that users voluntarily surrender their information in a form they believe to be legitimate and secure. Once the information is stolen, it is used for identity theft, bank fraud and other criminal activities. Many companies and enterprises, like the university, use web forms to collect user information and complete transactions. We have all learned to trust the web form systems and our trust makes formjacking an instant success for cybercriminals.

Symantec has observed significant growth of formjacking attacks and found several big companies have already fallen victim to this new form of social engineering including Ticketmaster, Newegg, British Airways and Feedify.

The global statistics collected by Symantec are rather sobering. Since August 2018, Symantec detected and blocked 248,000 formjacking incidents.

All companies, enterprises and legal entities operating a website or online payment transactions are at risk from formjacking, including the university.

Currently, the only way to protect a website from formjacking is for the website administrators to maintain a high level of regular auditing of the code. Formjacking essentially changes the functionality of the text boxes of a web form, and careful, regular auditing should provide enough hints that the original code has been changed, indicating that the site is tampered by outsiders.

More information can be found in Symantec’s 2019 Internet Security Threat Report.

[ARTICLE BY DAVID WILES]

Email

Posted in Security | Comments Off on Formjacking: a new threat to cybersecurity

Free WiFi – not always a good deal

Monday, February 11th, 2019

Do you lurk in the shadows at night in your neighbourhood, looking for a neighbour who forgot to secure his Wi-Fi with a password? When times are rough and the need for internet is desperate, anything is possible.

At least the Wifi at the Wimpy or Mugg & Bean is free AND legal. But even this Wi-Fi might not be the best option.

Using Wi-Fi in itself isn’t the actual problem – it depends on what you do with it.

Public Wi-Fi hotspots are shared with other people. This means anyone, like you, with access to the same hot spot, can technically access your data and monitor your online activity

And you don’t need to be a hacker to be able to do this. Anyone with access to the right software, like Firesheep, can become an instant cybercriminal if he wants to.

In September 2014 Finn Steglich from German company SySS set up a test Wi-Fi access point in London’s financial district. The experiment was attempted to establish how many people would willingly connect to a completely insecure and unknown device. The results were unsettling.

Never conduct any bank transactions or financial business on an open Wi-Fi connection. Not even online shopping – even if you’re panicking you’ll miss Takelot’s daily deal.

Before you use any Wifi hotspot, make sure it’s the establishment’s official spot. cybercriminals set up Wifi hot spots with copies of Twitter, Facebook, etc. to encourage unsuspecting users to log on and thereby provide their login info. Using the same password for multiple websites makes it even easier for them to access other websites with more of your personal information.

There are ways to use Wifi without putting yourself at risk. Kaspersky has a few suggestions.

Email

Posted in Connectivity, News, Security | 4 Comments »

Phishing attempt: “SARS eFiling Letter notification”

Thursday, January 31st, 2019

An email with the subject “SARS eFiling Letter Notification” was sent from a staff email to staff and students on campus. The email asks you to click on a link to download your SARS documents (See example below)

This is not a legitimate SARS email, but a phishing attempt from a compromised sun email account.

SARS will never ask you to provide any personal information by means of email. By clicking on links and providing your information, you give criminals access to your personal information and your accounts.

If you clicked on the link in this phishing email, immediately change your password on www.sun.ac.za/password. For enquiries contact the IT Service Desk by logging a request or calling 808 4367. More information on phishing is available on our blog and Twitter.

Click for a larger version.
Email

Tags: , ,
Posted in E-mail, phishing, Security | Comments Off on Phishing attempt: “SARS eFiling Letter notification”

SARS phishing scam

Wednesday, January 30th, 2019

Please be on the lookout for the next phishing attack on the university network. This time (as occurred several times in 2018) it comes with a subject of “SARS eFiling Letter Notification”

This is an obvious phishing scam using a website to attempt to steal your login details.

  1. SARS will not send you an email with the salutation: “Dear Tax Payer”, they’ll address you personally.
  2. The sender is a compromised email address from an estate agent in Pretoria and not a SARS email address.
  3. The link takes you to a site that is not the SARS eFiling Server address.
  4. Apart from department admin who deals with SARS directly, university email addresses are not (and should not be) used for SARS communication.

Here is an example of the email that several of our observant colleagues and students have already reported:

Here is the phishing website that will attempt to steal your login details:

If you receive an email like this, please report it to IT Cyber Security as soon as possible.

Once you have reported the spam or phishing mail, you can delete it immediately. You can report this in two ways:

  1. By reporting it on the ICT Partner Portal. Go to https://servicedesk.sun.ac.za/jira/servicedesk/customer/portal/6/create/115. Fill in your information and add the email as an attachment. Your request will automatically be logged on the system.
  2. By sending an email. 
    1. Start up a new mail addressed to csirt@sun.ac.za.
    2. Use the Title “SPAM” (without quotes) in the Subject.
    3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the – New Mail.
    4. Send the mail.

[ARTICLE BY DAVID WILES]

Email

Posted in E-mail, phishing, Security | Comments Off on SARS phishing scam

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.