%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> /XObject << /I1 16 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text /ImageC ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20250718121331+00'00') /ModDate (D:20250718121331+00'00') /Title (Report 07-2025) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 12 0 R 14 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 9179 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 174.779 521.469 571.955 re f 0.773 0.773 0.773 RG 0.75 w 0 J [ ] 0 d 45.641 175.154 520.719 571.205 re S 0.773 0.773 0.773 rg 61.016 190.529 m 550.984 190.529 l 550.984 191.279 l 61.016 191.279 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(CYBERSECURITY AWARENESS MONTH: CREATING STRONG )] TJ ET BT 61.016 676.134 Td /F1 14.4 Tf [(PASSWORDS)] TJ ET 0.400 0.400 0.400 rg BT 61.016 647.326 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 647.326 Td /F3 9.0 Tf [(May 10,2021)] TJ ET BT 156.578 647.326 Td /F2 9.0 Tf [( by )] TJ ET BT 171.086 647.326 Td /F3 9.0 Tf [(David Wiles)] TJ ET 0.373 0.169 0.255 rg BT 61.016 619.837 Td 1.096 Tw /F4 9.0 Tf [(Before)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 61.016 618.686 m 87.530 618.686 l S 0.153 0.153 0.153 rg BT 87.530 619.837 Td 1.096 Tw /F4 9.0 Tf [(we pointed out that most people underestimate the importance of having a secure password, and still make the )] TJ ET BT 61.016 608.848 Td 0.000 Tw /F4 9.0 Tf [(mistake of using simple words and numbers as a password.)] TJ ET BT 61.016 588.859 Td 0.566 Tw /F4 9.0 Tf [(Keep in mind that your email and social network accounts contain very personal information about you. You must have a )] TJ ET BT 61.016 577.870 Td 0.000 Tw /F4 9.0 Tf [(strong password to keep your personal life personal, and not become a victim of identity theft.)] TJ ET 0.153 0.153 0.153 RG 85.866 560.697 m 85.866 561.110 85.696 561.520 85.404 561.811 c 85.113 562.103 84.703 562.272 84.291 562.272 c 83.878 562.272 83.469 562.103 83.177 561.811 c 82.885 561.520 82.716 561.110 82.716 560.697 c 82.716 560.285 82.885 559.875 83.177 559.584 c 83.469 559.292 83.878 559.122 84.291 559.122 c 84.703 559.122 85.113 559.292 85.404 559.584 c 85.696 559.875 85.866 560.285 85.866 560.697 c f BT 91.016 557.881 Td 1.403 Tw /F4 9.0 Tf [(Using email or your profile on Facebook, Whatsapp or Google, hackers can and do, extract a huge amount of )] TJ ET BT 91.016 546.892 Td 0.000 Tw /F4 9.0 Tf [(personal data of your personal "online" life.)] TJ ET 85.866 538.719 m 85.866 539.132 85.696 539.542 85.404 539.833 c 85.113 540.125 84.703 540.294 84.291 540.294 c 83.878 540.294 83.469 540.125 83.177 539.833 c 82.885 539.542 82.716 539.132 82.716 538.719 c 82.716 538.307 82.885 537.897 83.177 537.606 c 83.469 537.314 83.878 537.144 84.291 537.144 c 84.703 537.144 85.113 537.314 85.404 537.606 c 85.696 537.897 85.866 538.307 85.866 538.719 c f BT 91.016 535.903 Td 0.513 Tw /F4 9.0 Tf [(If you use the same password for multiple online accounts, you run the risk, if this password is hacked, of all your )] TJ ET BT 91.016 524.914 Td 0.000 Tw /F4 9.0 Tf [(online accounts being compromised.)] TJ ET 85.866 516.741 m 85.866 517.154 85.696 517.564 85.404 517.855 c 85.113 518.147 84.703 518.316 84.291 518.316 c 83.878 518.316 83.469 518.147 83.177 517.855 c 82.885 517.564 82.716 517.154 82.716 516.741 c 82.716 516.329 82.885 515.919 83.177 515.628 c 83.469 515.336 83.878 515.166 84.291 515.166 c 84.703 515.166 85.113 515.336 85.404 515.628 c 85.696 515.919 85.866 516.329 85.866 516.741 c f BT 91.016 513.925 Td 0.739 Tw /F4 9.0 Tf [(Using a personal name for an online account, the name of the city that you live in, the names of your children or )] TJ ET BT 91.016 502.936 Td 0.000 Tw /F4 9.0 Tf [(your date of birth, give hackers vital clues for attempting to access your personal data.)] TJ ET 85.866 494.763 m 85.866 495.176 85.696 495.586 85.404 495.877 c 85.113 496.169 84.703 496.338 84.291 496.338 c 83.878 496.338 83.469 496.169 83.177 495.877 c 82.885 495.586 82.716 495.176 82.716 494.763 c 82.716 494.351 82.885 493.941 83.177 493.650 c 83.469 493.358 83.878 493.188 84.291 493.188 c 84.703 493.188 85.113 493.358 85.404 493.650 c 85.696 493.941 85.866 494.351 85.866 494.763 c f BT 91.016 491.947 Td 1.239 Tw /F4 9.0 Tf [(For an average expert hacker, it is always easy to find passwords that are made up of words from the English )] TJ ET BT 91.016 480.958 Td 0.000 Tw /F4 9.0 Tf [(vocabulary or other languages, using a basic technique called "brute force" or "dictionary" attacks.)] TJ ET BT 61.016 457.999 Td /F1 9.0 Tf [(What makes a password safe?)] TJ ET BT 78.360 438.026 Td /F4 9.0 Tf [(1.)] TJ ET BT 91.016 438.010 Td /F4 9.0 Tf [(A password at least 8 characters long.)] TJ ET BT 78.360 427.037 Td /F4 9.0 Tf [(2.)] TJ ET BT 91.016 427.021 Td /F4 9.0 Tf [(The password does not contain information that is easy to find online, such as the date of birth, the telephone )] TJ ET BT 91.016 416.032 Td /F4 9.0 Tf [(number, your spouses name, the name of a pet, or a childs name.)] TJ ET BT 78.360 405.059 Td /F4 9.0 Tf [(3.)] TJ ET BT 91.016 405.043 Td /F4 9.0 Tf [(The password does not contain words found in the dictionary.)] TJ ET BT 78.360 394.070 Td /F4 9.0 Tf [(4.)] TJ ET BT 91.016 394.054 Td /F4 9.0 Tf [(The password contains special characters like @ # $% ^ &, and numbers.)] TJ ET BT 78.360 383.081 Td /F4 9.0 Tf [(5.)] TJ ET BT 91.016 383.065 Td /F4 9.0 Tf [(The password uses a combination of uppercase and lowercase letters.)] TJ ET BT 61.016 360.106 Td /F1 9.0 Tf [(A trick that the experts use to create secure passwords:)] TJ ET BT 61.016 340.117 Td /F4 9.0 Tf [(Think of a phrase and use the first letters of the words in the phrase.)] TJ ET 85.866 322.944 m 85.866 323.357 85.696 323.767 85.404 324.058 c 85.113 324.350 84.703 324.519 84.291 324.519 c 83.878 324.519 83.469 324.350 83.177 324.058 c 82.885 323.767 82.716 323.357 82.716 322.944 c 82.716 322.532 82.885 322.122 83.177 321.831 c 83.469 321.539 83.878 321.369 84.291 321.369 c 84.703 321.369 85.113 321.539 85.404 321.831 c 85.696 322.122 85.866 322.532 85.866 322.944 c f BT 91.016 320.128 Td /F4 9.0 Tf [(For example: )] TJ ET BT 146.033 320.128 Td /F2 9.0 Tf [("In South Africa, a barbecue is called a Braai!")] TJ ET 85.866 311.955 m 85.866 312.368 85.696 312.778 85.404 313.069 c 85.113 313.361 84.703 313.530 84.291 313.530 c 83.878 313.530 83.469 313.361 83.177 313.069 c 82.885 312.778 82.716 312.368 82.716 311.955 c 82.716 311.543 82.885 311.133 83.177 310.842 c 83.469 310.550 83.878 310.380 84.291 310.380 c 84.703 310.380 85.113 310.550 85.404 310.842 c 85.696 311.133 85.866 311.543 85.866 311.955 c f BT 91.016 309.139 Td /F4 9.0 Tf [(Take the first letters of each word and the password that is created is )] TJ ET BT 368.144 309.139 Td /F3 9.0 Tf [(ISAabicaB!)] TJ ET 85.866 300.966 m 85.866 301.379 85.696 301.789 85.404 302.080 c 85.113 302.372 84.703 302.541 84.291 302.541 c 83.878 302.541 83.469 302.372 83.177 302.080 c 82.885 301.789 82.716 301.379 82.716 300.966 c 82.716 300.554 82.885 300.144 83.177 299.853 c 83.469 299.561 83.878 299.391 84.291 299.391 c 84.703 299.391 85.113 299.561 85.404 299.853 c 85.696 300.144 85.866 300.554 85.866 300.966 c f BT 91.016 298.150 Td /F4 9.0 Tf [(This will be very difficult to guess, but easy to remember.)] TJ ET 85.866 289.977 m 85.866 290.390 85.696 290.800 85.404 291.091 c 85.113 291.383 84.703 291.552 84.291 291.552 c 83.878 291.552 83.469 291.383 83.177 291.091 c 82.885 290.800 82.716 290.390 82.716 289.977 c 82.716 289.565 82.885 289.155 83.177 288.864 c 83.469 288.572 83.878 288.402 84.291 288.402 c 84.703 288.402 85.113 288.572 85.404 288.864 c 85.696 289.155 85.866 289.565 85.866 289.977 c f BT 91.016 287.161 Td /F4 9.0 Tf [(At this point, you can decide to make your the Google password is )] TJ ET BT 357.146 287.161 Td /F3 9.0 Tf [(ISAabicaB!-G)] TJ ET BT 414.656 287.161 Td /F4 9.0 Tf [(, and Facebook )] TJ ET BT 481.697 287.161 Td /F3 9.0 Tf [(ISAabicaB!-F)] TJ ET BT 91.016 276.172 Td /F4 9.0 Tf [(and your university account )] TJ ET BT 205.568 276.172 Td /F3 9.0 Tf [(ISAabicaB!-U)] TJ ET BT 262.574 276.172 Td /F4 9.0 Tf [(S and so on.)] TJ ET 85.866 267.999 m 85.866 268.412 85.696 268.822 85.404 269.113 c 85.113 269.405 84.703 269.574 84.291 269.574 c 83.878 269.574 83.469 269.405 83.177 269.113 c 82.885 268.822 82.716 268.412 82.716 267.999 c 82.716 267.587 82.885 267.177 83.177 266.886 c 83.469 266.594 83.878 266.424 84.291 266.424 c 84.703 266.424 85.113 266.594 85.404 266.886 c 85.696 267.177 85.866 267.587 85.866 267.999 c f BT 91.016 265.183 Td /F4 9.0 Tf [(There is already a capital letter and a special character )] TJ ET BT 312.110 265.183 Td /F3 9.0 Tf [(\(!\))] TJ ET BT 321.101 265.183 Td /F4 9.0 Tf [(, so you just need to add a number to finish off a good )] TJ ET BT 91.016 254.194 Td /F4 9.0 Tf [(password like )] TJ ET BT 148.031 254.194 Td /F3 9.0 Tf [(9-ISAabicaB!-US)] TJ ET BT 221.543 254.194 Td /F2 9.0 Tf [(\(9 could be the month you created the password in - for example\))] TJ ET BT 61.016 234.205 Td /F4 9.0 Tf [(You will have already made your password a lot more difficult to hack, and it can be a lot of fun to create.)] TJ ET 0.400 0.400 0.400 rg BT 61.016 215.716 Td /F2 9.0 Tf [(Posted in:News,Phishing,Security,Tips | Tagged:Cyberaware,Cybersecurity,Password,Passwords,Phishing | With 0 )] TJ ET BT 61.016 204.727 Td /F2 9.0 Tf [(comments)] TJ ET q 225.000 0 0 135.000 61.016 493.628 cm /I1 Do Q endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Annot /Subtype /Link /A 13 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 493.6285 286.0157 628.6285 ] >> endobj 13 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/en/2018/10/cyber-aware-month-common-passwords/) >> endobj 14 0 obj << /Type /Annot /Subtype /Link /A 15 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 619.0048 87.5297 628.1623 ] >> endobj 15 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/en/2018/10/cyber-aware-month-common-passwords/) >> endobj 16 0 obj << /Type /XObject /Subtype /Image /Width 300 /Height 180 /ColorSpace /DeviceRGB /Filter /DCTDecode /BitsPerComponent 8 /Length 4011>> stream JFIF``;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82 C    !'"#%%%),($+!$%$C   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$," }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?(< ( ( ( ( ( (Q@((((((((((((((((((((((((((((((((((((((((((+!e:!6Y.9ۻλqT#%s?#klf@D.|m{9HrKՂ(QEQEQEQEQEQEQEQEQEQEQEs$okK 4zbb$1Gő Jq֍'Vj һn_xn 9|AFpב7_ ɣlUQkO]~ZG]at"FZ9<6qުQšC-j-̌e0O(9}~INOt ⺚_Mc2h]/ kön]\=bQ]$rnPiOҿ?Y\#Ͽ5 7Q dѿ6?*?JHD=@+# Q`HM|/C&Tk4o AOҿ??JH0{$y&F:oii7ݎ+vo5'_ U=[,<=4r e-TIQ`HàG5jZMͣ_ϧ9yf3]5y 2j(AEPEPEPEPEPEP0(QEQEQEQEWM?O]6vQȮҹ_ZڃjW]ʎ]ƏBG .ZڭԶȞSm,NN3YڷZ*ڿ3g܏C?s7H9jO[Vz*xr?BG .G!#o?o?:?[Ww3GH9h$5'GQy={j} 33]Ƥռ ӧ{`HJWb}Gum̞B>Vc>>׊5qWgY6[QXQEQEQE ( (Q@Š(AEPEPEPwB]B M"wZ]O8'l2 \vNg]CQ]'<҃ck c@~kPJYUsyvhAԩ4V`< yx[`w5}ax#.j 9}F/.[P{H)өP9`fΕn伔Op?C]jmvv[͕$NY9 ;'~{qF A#wZ+mxvVo͸qdqQєQEHQEQEQE ((QE (Q@Q@Q@Q@r!?KW+#KZRQ: iVdQQ@ QVn%5;"0 ݆g>_x}7vZ\,QWX>da})W( yyv 4 VvPQ%g 9f* 1$IMlCGQǐsG~/i}!ټDQM3:UXz/{ll2THG\tp54ނPIjZO}G1 [U;VC xp+Pu[)o㸶CHWS^Ik ىyZ%^OsqT,{R=N((((((((((((QExׄ p P} ʺ'@Kmq=?~ W^zj)j W=j dg*8ďxW_CQ\~?F?G eE}cmX{$s¿Ug!`jiO dmv-n?׬_C@^ԝ'ϳK}U5=2^=_Pv&I:tzzܥ2Ăf^7湛U]{I^KoYT@Ĩm8 +(tܛwV +A3^^/Eh?ok4"WEW`QEQEQEQEQEQEQEQEQEQEQE (Q@Q@W,QOV(;OH.Lּ3]\ưNI Qs)8R8=j-oQ~ 㴴WJjb߶O;G-oQ~ 㴴Sթ=+_|\DҼ#5)Ŋ8U+#`Mf7FBmb d㓎98+d2aEW!EPEPEPEPEPEPEPEPEPEPEP0(QEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQE (QEQEQEQEQEQEQEQEQEQEQEQE?`4lQTPll(=M6SFh ލފ(==袀 ލފ(==MPz6SElE`4Q@h=MPz6SElE`4Q@FElފ(==MP{Ѱz( endstream endobj xref 0 17 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000332 00000 n 0000000369 00000 n 0000000507 00000 n 0000000596 00000 n 0000009827 00000 n 0000009939 00000 n 0000010054 00000 n 0000010174 00000 n 0000010282 00000 n 0000010409 00000 n 0000010533 00000 n 0000010659 00000 n 0000010783 00000 n trailer << /Size 17 /Root 1 0 R /Info 5 0 R >> startxref 14962 %%EOF Security « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

Security

« Older Entries
Newer Entries »

Stricter rules for VPN

Thursday, June 21st, 2018

Many of our staff and students use FortiClient to obtain VPN access to the Stellenbosch University network when they are not on campus. To maintain a safe and secure network, we have to put measures in place for our services to minimise the potential exposure to the University from damages which may result from unauthorised use of university resources.  This is particularly important when it comes to access via VPN to our network.  

From 6 August 2018 new VPN users have to register for VPN usage. If you have used VPN (FortiClient) since 1 January 2018, you are considered a registered user by default and don’t have to reapply for access. However, if you are a new VPN user, please follow the process described below.

If you need VPN access to the SU network via FortiClient, the following simple process is applicable: 

  1. The head of your department needs to send an email to help@sun.ac.za motivating why you require VPN access for work purposes.
  2. You will receive an email confirming your registration with instructions on how to install the FortiClient needed for VPN usage. 

VPN (Virtual Private Network) is a way of connecting your off-site computer directly to the University network and allows you to access internal resources such as other computers, network storage, websites, journals using the applications already installed on your off-site computer. VPN provides an encrypted connection which helps to ensure that sensitive data is safely transmitted and prevents unauthorized people from eavesdropping on the traffic, allowing the user to conduct work remotely.

A secure VPN connection to the SU network with FortiClient is not necessary for standard, web-based services. These include email, library resources, SUNLearn or the SUN-e-HR website. All of these services are already accessible via the internet without a VPN connection.

More information on the use of VPN and FortiClient at SU is also available on our service catalogue.

 

 

Email

Tags: , ,
Posted in Connectivity, Security | Comments Off on Stricter rules for VPN

New variant of BIP Dharma ransomware found

Monday, June 11th, 2018

WHAT IS RANSOMWARE?

Ransomware, for example, CryptoLocker, WannaCry or BIP Dharma, is a type of malware that installs itself on a device, takes files on the device or network storage, encrypts them, and then extorts money from the user to unlock the files.  This type of programme can be installed by means of an e-mail attachment, an infected programme or unsafe website with malware installed on it. 

The software “kidnaps” your data by encrypting or limiting your access to it and then sending you a message demanding money to regain your access. The only way access is possible again is by acquiring an encryption key from the creator of the ransomware at a fee. However, paying this fee doesn’t guarantee that you will have access to your data again, so doing this is a huge risk.

According to Sophos security ransomware is one of the most widespread and damaging threats that internet users face today. 

HOW TO AVOID BECOMING A RANSOMWARE VICTIM 

You can practice the following security practices to avoid falling victim to ransomware.

1. Make backups

Ensure that you always have the latest backup of your work somewhere else, preferably off-site. If you do fall for a ransomware attack, you will still have your data. Having your data off-site also protects it from events such as a fire, flood or theft or damage to your device. Additionally, you can encrypt your device to ensure that if it ends up in the wrong hands, they won’t be able to access it. 

2. Do not open attachments

If you receive an attachment from someone you don’t know. And even if you do know the person, first confirm whether they did send it to you. Just because it’s from someone you know, it doesn’t mean it’s safe. Your colleague or friend’s account could have been hacked. 

3. Scan attachments

There are tools such as VirusTotal available for scanning attachments to ensure that they are safe to open. VirusTotal is an online scanning tool and can be found at https://www.virustotal.com/#/home/upload.

4. Keep Windows updated

Make sure all Windows updates are installed as soon as they come out. Also make sure you update all programmes, especially Java, Flash, and Adobe Reader. Older programs contain security vulnerabilities that are commonly exploited by malware distributors. Therefore it is important to keep them updated.

5. Security software

Make sure you have some sort of security software installed. If you are unsure whether you have adequate protection on your device, contact us to assess your security.

6. Difficult password

Use hard passwords and never reuse the same password at multiple sites.

 

[SOURCE: www.sophos.com]

 

Email

Posted in E-mail, Security | Comments Off on New variant of BIP Dharma ransomware found

Phishing Scam about “Unexpected Mail Shutdown

Wednesday, June 6th, 2018

There is currently a bombardment of phishing emails arriving in university accounts about an “Unexpected Mail Shutdown”. The mail used alarmist threats about pending shutdowns and has all the signs of a phishing scam, including a website that is not on the university network.

This is a typical phishing scam and although it is being sent to university addresses, you should not react, respond or click on any links, as the phishers insert your email address in the link field and thus can identify your account as functional.

Below is the mail arriving in many university accounts:

 

If you have received this mail like this, please report is to the Information Technology Cybersecurity Team using the following method:

Send the spam/phishing mail to help@sun.ac.za and sysadm@sun.ac.za

Attach the phishing or suspicious mail on to the message if possible.
1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
2. Use the Title “SPAM” (without quotes) in the Subject.
3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
4. Send the mail.

[Information supplied by David Wiles]

Email

Tags: ,
Posted in phishing, Security | Comments Off on Phishing Scam about “Unexpected Mail Shutdown

Tripadvisor phishing scam

Monday, June 4th, 2018

It seems that there are a number of you who make some use of TripAdvisor.com for planning your overseas trips. TripAdvisor is travel and restaurant website that provides hotel and restaurant reviews, accommodation bookings etc. but the phishing scammers are currently targeting South African and Australian users with a phishing scam to try to get access to their TripAdvisor account.

Be on the lookout for a phishing scam that *might* target university personnel and student accounts over the next few days:

Hi <your name>,

Want to keep your username?
Since you haven’t been on TripAdvisor in a while, your username <your TripAdvisor username> will expire in two weeks. Want to keep it? Simply click on the button below:

Keep my username

While this might not seem to be much of an issue for some people, the real danger is that, in many cases, university personnel and students – some making use of TripAdvisor,  use the same password for all their Internet accounts. According to a recent Ofcom report, over 55% of Internet users older than 16 used the same password for most – if not all! – the websites they tended to use.

If you do use the same password for lots of sites, and one of those sites are hacked, (like Tripadvisor) and hackers could start using your “leaked password” on multiple sites, they could gain access to more areas of your life such as your email, banking, social media and other accounts.

A very useful site to check if any of your online account have been hacked is https://haveibeenpwned.com/ This site helps you to check if you have an account that has been compromised in a data breach. 

I concede that remembering passwords can be a real challenge, especially if you have a lot of online accounts. I recommend using password management software – also sometimes known as a password vault – like 1Password, KeePass and Lastpass.

Password management software can remember all your hard-to-crack passwords for you (they can even generate them to make sure they’re super complex), and store them securely behind one master password.

Please be very careful out there. Don’t become a statistic or a victim of identity theft!

[Article by David Wiles]

Email

Posted in E-mail, Security | Comments Off on Tripadvisor phishing scam

Phishing mail using intimidation and threats

Friday, June 1st, 2018

There is no need to panic or be in anyway concerned for your personal safety about the latest batch of “phishing” emails that are going out with “death threats” or extortion regarding your “alleged” online activity around pornography sites etc.

A simple Google search using the following term “I Was Paid To Kill You scam” gave me 43 million results, all of the first 100 or so pages reporting this mail as a scam. A further search, narrowing the results down to only South Africa and only from last week, resulted in a little over 100 000 results, all of which were reporting as a hoax.

A similar scam first surfaced in the USA in 2006. An email from a would-be assassin was sent to a number of users from a Russian e-mail address. The “assassin” apparently appointed by a close acquaintance of his target, offers the victim the opportunity to buy him or herself a new lease on life by paying between $50,000 and $150,000.

If you receive mail like this, you should never panic. If you look at the extortion mail there are clues that reveal that the mail is a hoax:

  1. The subject line: “I Was Paid To Kill You”, “YOU SHOULD BE ASHAMED OF YOURSELF”, “YOUR PRIVACY HAS BEEN COMPROMISED”
    These are designed to cause anxiety, stress and panic.
  2. Time limits: “You have 48 Hours to pay…”
    How can the scammer know that you have received the mail and when you have read the mail and keep track of time to see if “48-hours” has passed?
  3. Engagement: “Contact me back via e-mail…”
    Never make contact with the scammers. This immediately alerts them that a “real person” read their mail and they will be able to concentrate their nefarious efforts on you.

If you ever receive emails like these, please report is to the Information Technology Cybersecurity Team using the following method:

Send the spam/phishing mail to help@sun.ac.za and sysadm@sun.ac.za.

Attach the phishing or suspicious mail on to the message if possible.
1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
2. Use the Title “SPAM” (without quotes) in the Subject.
3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
4. Send the mail.

[Article by David Wiles]

Email

Tags: ,
Posted in E-mail, Security | Comments Off on Phishing mail using intimidation and threats

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.