%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R 32 0 R ] /Count 2 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20250719005534+00'00') /ModDate (D:20250719005534+00'00') /Title (Report 07-2025) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 12 0 R 14 0 R 16 0 R 18 0 R 20 0 R 22 0 R 24 0 R 26 0 R 28 0 R 30 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 6707 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 69.563 521.469 677.171 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 45.266 746.734 m 566.734 746.734 l 565.984 745.984 l 46.016 745.984 l f 566.734 746.734 m 566.734 69.563 l 565.984 69.563 l 565.984 745.984 l f 45.266 746.734 m 45.266 69.563 l 46.016 69.563 l 46.016 745.984 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(MULTI-FACTOR AUTHENTICATION \(MFA\) FAQS)] TJ ET 0.400 0.400 0.400 rg BT 61.016 664.909 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 664.909 Td /F3 9.0 Tf [(June 08,2020)] TJ ET BT 160.079 664.909 Td /F2 9.0 Tf [( by )] TJ ET BT 174.587 664.909 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 637.420 Td /F4 9.0 Tf [(Information Technology recently)] TJ ET BT 189.068 637.420 Td /F4 9.0 Tf [( enabled MFA for our staff and students. Soon?all staff and students?will be required to )] TJ ET BT 61.016 626.431 Td /F4 9.0 Tf [(use multi factor authentication to secure their information and the university)] TJ ET BT 360.149 626.431 Td /F4 9.0 Tf [(’s)] TJ ET BT 366.647 626.431 Td /F4 9.0 Tf [( network.)] TJ ET BT 403.160 626.431 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 606.442 Td /F1 9.0 Tf [(FREQUENTLY ASKED QUESTIONS)] TJ ET BT 211.532 606.442 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 586.453 Td /F1 9.0 Tf [(What is MFA?? )] TJ ET BT 61.016 566.464 Td /F4 9.0 Tf [(Multi-Factor Authentication adds a second layer of security to your account to ensure that your account stays safe, even if )] TJ ET BT 61.016 555.475 Td /F4 9.0 Tf [(someone else knows your password. This will mean that, for certain services, including Microsoft Outlook, Teams, etc. you )] TJ ET BT 61.016 544.486 Td /F4 9.0 Tf [(will be prompted to provide more information in order to authenticate your identity as a Stellenbosch University student or )] TJ ET BT 61.016 533.497 Td /F4 9.0 Tf [(staff member. )] TJ ET 0.373 0.169 0.255 rg BT 118.535 533.497 Td /F4 9.0 Tf [(More about MFA here.)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 118.535 532.346 m 208.571 532.346 l S 0.153 0.153 0.153 rg BT 208.571 533.497 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 513.508 Td /F1 9.0 Tf [(Why is it so important that I enrol for MFA?  )] TJ ET BT 61.016 493.519 Td /F4 9.0 Tf [(By enrolling for MFA)] TJ ET BT 142.538 493.519 Td /F4 9.0 Tf [(,)] TJ ET BT 145.040 493.519 Td /F4 9.0 Tf [( you ensure that your account is )] TJ ET BT 275.108 493.519 Td /F4 9.0 Tf [(more )] TJ ET BT 298.112 493.519 Td /F4 9.0 Tf [(secure.)] TJ ET BT 327.623 493.519 Td /F4 9.0 Tf [(  You are protecting your own data \(including your HR, )] TJ ET BT 61.016 482.530 Td /F4 9.0 Tf [(payment details, etc.\), your colleagues and the university.)] TJ ET BT 61.016 462.541 Td /F1 9.0 Tf [(How do I enrol for MFA?)] TJ ET BT 165.020 462.541 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 442.552 Td /F4 9.0 Tf [(By following the steps set out in the )] TJ ET 0.373 0.169 0.255 rg BT 204.593 442.552 Td /F4 9.0 Tf [(.pdf document.)] TJ ET 0.18 w 0 J [ ] 0 d 204.593 441.401 m 264.128 441.401 l S 0.153 0.153 0.153 rg BT 264.128 442.552 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 422.563 Td /F1 9.0 Tf [(What must I do if the document does not open? )] TJ ET BT 61.016 402.574 Td /F4 9.0 Tf [(If the document does not open, it could be due to a slow internet connection or you do not have a PDF reader \(e.g. Adobe )] TJ ET BT 61.016 391.585 Td /F4 9.0 Tf [(Acrobat\) installed. Please also clear your browser history or try to open the link in a different browser.?)] TJ ET BT 468.176 391.585 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 371.596 Td /F1 9.0 Tf [(How can a PDF reader be installed? )] TJ ET BT 61.016 351.607 Td /F4 9.0 Tf [(Please raise a request on the ICT Partner Portal that is available at)] TJ ET BT 327.641 351.607 Td /F4 9.0 Tf [( )] TJ ET 0.373 0.169 0.255 rg BT 330.143 351.607 Td /F4 9.0 Tf [(https://servicedesk.sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 330.143 350.456 m 445.694 350.456 l S 0.153 0.153 0.153 rg BT 445.694 351.607 Td /F4 9.0 Tf [( )] TJ ET BT 448.196 351.607 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 331.618 Td /F1 9.0 Tf [(What can I do if I have problems to enrol for MFA? )] TJ ET BT 61.016 311.629 Td /F4 9.0 Tf [(If you are struggling to )] TJ ET BT 152.564 311.629 Td /F4 9.0 Tf [(enrol)] TJ ET BT 172.571 311.629 Td /F4 9.0 Tf [( for)] TJ ET BT 185.576 311.629 Td /F4 9.0 Tf [( MFA, please )] TJ ET BT 241.097 311.629 Td /F4 9.0 Tf [(log a)] TJ ET BT 260.609 311.629 Td /F4 9.0 Tf [( request on )] TJ ET BT 308.138 311.629 Td /F4 9.0 Tf [(the)] TJ ET BT 320.648 311.629 Td /F4 9.0 Tf [( )] TJ ET 0.373 0.169 0.255 rg BT 323.150 311.629 Td /F4 9.0 Tf [(ICT Partner Portal)] TJ ET 0.18 w 0 J [ ] 0 d 323.150 310.478 m 395.672 310.478 l S 0.153 0.153 0.153 rg BT 395.672 311.629 Td /F4 9.0 Tf [( and a technician will contact you.?)] TJ ET BT 534.740 311.629 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 291.640 Td /F1 9.0 Tf [(When do I have to enrol for MFA? )] TJ ET BT 61.016 271.651 Td /F4 9.0 Tf [(Please )] TJ ET BT 91.031 271.651 Td /F4 9.0 Tf [(enrol)] TJ ET BT 111.038 271.651 Td /F4 9.0 Tf [( for MFA as soon as possible. It is critical that all our staff and students use two-factor authentication. )] TJ ET BT 61.016 251.662 Td /F1 9.0 Tf [(How will I know that I have successfully enrolled for MFA? )] TJ ET BT 61.016 231.673 Td /F4 9.0 Tf [(A confirmation message will be displayed on the last screen of the )] TJ ET BT 326.633 231.673 Td /F4 9.0 Tf [(enrolment)] TJ ET BT 366.647 231.673 Td /F4 9.0 Tf [( process.)] TJ ET BT 403.160 231.673 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 220.684 Td /F4 9.0 Tf [(You are now enrolled for Multi Factor Authentication.)] TJ ET BT 61.016 200.695 Td /F1 9.0 Tf [(What must I do if I don't see the  screens as indicated on the enrolment document? )] TJ ET BT 61.016 180.706 Td /F4 9.0 Tf [(Raise a request on the ICT Partner Portal at)] TJ ET BT 236.597 180.706 Td /F4 9.0 Tf [( )] TJ ET 0.373 0.169 0.255 rg BT 239.099 180.706 Td /F4 9.0 Tf [(https://servicedesk.sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 239.099 179.555 m 354.650 179.555 l S 0.153 0.153 0.153 rg BT 354.650 180.706 Td /F4 9.0 Tf [( )] TJ ET BT 357.152 180.706 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 160.717 Td /F1 9.0 Tf [(Will I be charged for the MFA authentication SMS's? )] TJ ET BT 61.016 140.728 Td /F4 9.0 Tf [(No, the SMS's are at the cost of the University.)] TJ ET BT 247.316 140.728 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 120.739 Td /F1 9.0 Tf [(Can I enrol for MFA if I stay in an area without cell phone signal? )] TJ ET BT 61.016 100.750 Td /F4 9.0 Tf [(No, you need a cellphone with reception to enrol for MFA.)] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Annot /Subtype /Link /A 13 0 R /Border [0 0 0] /H /I /Rect [ 118.5347 542.2879 118.5347 542.2879 ] >> endobj 13 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/en/2020/05/what-is-mfa/) >> endobj 14 0 obj << /Type /Annot /Subtype /Link /A 15 0 R /Border [0 0 0] /H /I /Rect [ 118.5347 532.6642 208.5707 541.8217 ] >> endobj 15 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/en/2020/05/what-is-mfa/) >> endobj 16 0 obj << /Type /Annot /Subtype /Link /A 17 0 R /Border [0 0 0] /H /I /Rect [ 204.5927 451.3429 204.5927 451.3429 ] >> endobj 17 0 obj << /Type /Action /S /URI /URI (http://admin.sun.ac.za/infoteg/dokumente/MFA_guide.pdf) >> endobj 18 0 obj << /Type /Annot /Subtype /Link /A 19 0 R /Border [0 0 0] /H /I /Rect [ 204.5927 441.7192 264.1277 450.8767 ] >> endobj 19 0 obj << /Type /Action /S /URI /URI (http://admin.sun.ac.za/infoteg/dokumente/MFA_guide.pdf) >> endobj 20 0 obj << /Type /Annot /Subtype /Link /A 21 0 R /Border [0 0 0] /H /I /Rect [ 330.1427 360.3979 330.1427 360.3979 ] >> endobj 21 0 obj << /Type /Action /S /URI /URI (https://servicedesk.sun.ac.za/) >> endobj 22 0 obj << /Type /Annot /Subtype /Link /A 23 0 R /Border [0 0 0] /H /I /Rect [ 330.1427 350.7742 445.6937 359.9317 ] >> endobj 23 0 obj << /Type /Action /S /URI /URI (https://servicedesk.sun.ac.za/) >> endobj 24 0 obj << /Type /Annot /Subtype /Link /A 25 0 R /Border [0 0 0] /H /I /Rect [ 323.1497 320.4199 323.1497 320.4199 ] >> endobj 25 0 obj << /Type /Action /S /URI /URI (https://servicedesk.sun.ac.za/) >> endobj 26 0 obj << /Type /Annot /Subtype /Link /A 27 0 R /Border [0 0 0] /H /I /Rect [ 323.1497 310.7962 395.6717 319.9537 ] >> endobj 27 0 obj << /Type /Action /S /URI /URI (https://servicedesk.sun.ac.za/) >> endobj 28 0 obj << /Type /Annot /Subtype /Link /A 29 0 R /Border [0 0 0] /H /I /Rect [ 239.0987 189.4969 239.0987 189.4969 ] >> endobj 29 0 obj << /Type /Action /S /URI /URI (https://servicedesk.sun.ac.za/) >> endobj 30 0 obj << /Type /Annot /Subtype /Link /A 31 0 R /Border [0 0 0] /H /I /Rect [ 239.0987 179.8732 354.6497 189.0307 ] >> endobj 31 0 obj << /Type /Action /S /URI /URI (https://servicedesk.sun.ac.za/) >> endobj 32 0 obj << /Type /Page /Parent 3 0 R /Contents 33 0 R >> endobj 33 0 obj << /Length 1873 >> stream 0.153 0.153 0.153 rg 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 587.833 521.469 170.151 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 45.266 587.833 m 566.734 587.833 l 565.984 588.583 l 46.016 588.583 l f 566.734 757.984 m 566.734 587.833 l 565.984 588.583 l 565.984 757.984 l f 45.266 757.984 m 45.266 587.833 l 46.016 588.583 l 46.016 757.984 l f 61.016 603.583 m 550.984 603.583 l 550.984 604.333 l 61.016 604.333 l f 0.153 0.153 0.153 rg BT 61.016 740.193 Td /F1 9.0 Tf [(Which IT services will be activated for MFA? )] TJ ET BT 61.016 720.204 Td /F4 9.0 Tf [(For the first phase all Microsoft365 \(Outlook, Sharepoint Online, OneDrive for Business, etc.\) applications will require MFA )] TJ ET BT 61.016 709.215 Td /F4 9.0 Tf [(authentication. )] TJ ET BT 61.016 689.226 Td /F1 9.0 Tf [(What will happen if a service is activated for MFA?)] TJ ET BT 277.079 689.226 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 669.237 Td /F4 9.0 Tf [(Before you can access the )] TJ ET BT 169.574 669.237 Td /F4 9.0 Tf [(service)] TJ ET BT 198.077 669.237 Td /F4 9.0 Tf [( y)] TJ ET BT 205.079 669.237 Td /F4 9.0 Tf [(ou will be requested to enter the one-time pin number)] TJ ET BT 418.181 669.237 Td /F4 9.0 Tf [( that will be sent to the cell )] TJ ET BT 61.016 658.248 Td /F4 9.0 Tf [(phone number that you have indicated during the enrolment process.)] TJ ET BT 335.660 658.248 Td /F4 9.0 Tf [( Or if you chose to use the Authenticator App a )] TJ ET BT 61.016 647.259 Td /F4 9.0 Tf [(message will be sent to your phone via the app which request that you approve and in some cases it might also ask for a )] TJ ET BT 61.016 636.270 Td /F4 9.0 Tf [(scan of your thumbprint. )] TJ ET 0.400 0.400 0.400 rg BT 61.016 617.781 Td /F2 9.0 Tf [(Posted in:Security | | With 0 comments)] TJ ET endstream endobj xref 0 34 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000312 00000 n 0000000341 00000 n 0000000479 00000 n 0000000624 00000 n 0000007383 00000 n 0000007495 00000 n 0000007610 00000 n 0000007730 00000 n 0000007838 00000 n 0000007966 00000 n 0000008067 00000 n 0000008195 00000 n 0000008296 00000 n 0000008424 00000 n 0000008530 00000 n 0000008658 00000 n 0000008764 00000 n 0000008892 00000 n 0000008974 00000 n 0000009102 00000 n 0000009184 00000 n 0000009312 00000 n 0000009394 00000 n 0000009522 00000 n 0000009604 00000 n 0000009732 00000 n 0000009814 00000 n 0000009942 00000 n 0000010024 00000 n 0000010089 00000 n trailer << /Size 34 /Root 1 0 R /Info 5 0 R >> startxref 12015 %%EOF Security « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

Security

« Older Entries
Newer Entries »

Stricter rules for VPN

Thursday, June 21st, 2018

Many of our staff and students use FortiClient to obtain VPN access to the Stellenbosch University network when they are not on campus. To maintain a safe and secure network, we have to put measures in place for our services to minimise the potential exposure to the University from damages which may result from unauthorised use of university resources.  This is particularly important when it comes to access via VPN to our network.  

From 6 August 2018 new VPN users have to register for VPN usage. If you have used VPN (FortiClient) since 1 January 2018, you are considered a registered user by default and don’t have to reapply for access. However, if you are a new VPN user, please follow the process described below.

If you need VPN access to the SU network via FortiClient, the following simple process is applicable: 

  1. The head of your department needs to send an email to help@sun.ac.za motivating why you require VPN access for work purposes.
  2. You will receive an email confirming your registration with instructions on how to install the FortiClient needed for VPN usage. 

A VPN (Virtual Private Network) is a way of connecting your off-site computer directly to the University network and allows you to access internal resources such as other computers, network storage, websites, journals using the applications already installed on your off-site computer. VPN provides an encrypted connection which helps to ensure that sensitive data is safely transmitted and prevents unauthorized people from eavesdropping on the traffic, allowing the user to conduct work remotely.

A secure VPN connection to the SU network with FortiClient is not necessary for standard, web-based services. These include email, library resources, SUNLearn or the SUN-e-HR website. All of these services are already accessible via the internet without a VPN connection.

More information on the use of VPN and FortiClient at SU is also available on our service catalogue.

 

 

Email

Tags: , ,
Posted in Connectivity, Security | Comments Off on Stricter rules for VPN

New variant of BIP Dharma ransomware found

Monday, June 11th, 2018

WHAT IS RANSOMWARE?

Ransomware, for example, CryptoLocker, WannaCry or BIP Dharma, is a type of malware that installs itself on a device, takes files on the device or network storage, encrypts them, and then extorts money from the user to unlock the files.  This type of programme can be installed by means of an e-mail attachment, an infected programme or unsafe website with malware installed on it. 

The software “kidnaps” your data by encrypting or limiting your access to it and then sending you a message demanding money to regain your access. The only way access is possible again is by acquiring an encryption key from the creator of the ransomware at a fee. However, paying this fee doesn’t guarantee that you will have access to your data again, so doing this is a huge risk.

According to Sophos security ransomware is one of the most widespread and damaging threats that internet users face today. 

HOW TO AVOID BECOMING A RANSOMWARE VICTIM 

You can practice the following security practices to avoid falling victim to ransomware.

1. Make backups

Ensure that you always have the latest backup of your work somewhere else, preferably off-site. If you do fall for a ransomware attack, you will still have your data. Having your data off-site also protects it from events such as a fire, flood or theft or damage to your device. Additionally, you can encrypt your device to ensure that if it ends up in the wrong hands, they won’t be able to access it. 

2. Do not open attachments

If you receive an attachment from someone you don’t know. And even if you do know the person, first confirm whether they did send it to you. Just because it’s from someone you know, it doesn’t mean it’s safe. Your colleague or friend’s account could have been hacked. 

3. Scan attachments

There are tools such as VirusTotal available for scanning attachments to ensure that they are safe to open. VirusTotal is an online scanning tool and can be found at https://www.virustotal.com/#/home/upload.

4. Keep Windows updated

Make sure all Windows updates are installed as soon as they come out. Also make sure you update all programmes, especially Java, Flash, and Adobe Reader. Older programs contain security vulnerabilities that are commonly exploited by malware distributors. Therefore it is important to keep them updated.

5. Security software

Make sure you have some sort of security software installed. If you are unsure whether you have adequate protection on your device, contact us to assess your security.

6. Difficult password

Use hard passwords and never reuse the same password at multiple sites.

 

[SOURCE: www.sophos.com]

 

Email

Posted in E-mail, Security | Comments Off on New variant of BIP Dharma ransomware found

Phishing Scam about “Unexpected Mail Shutdown

Wednesday, June 6th, 2018

There is currently a bombardment of phishing emails arriving in university accounts about an “Unexpected Mail Shutdown”. The mail used alarmist threats about pending shutdowns and has all the signs of a phishing scam, including a website that is not on the university network.

This is a typical phishing scam and although it is being sent to university addresses, you should not react, respond or click on any links, as the phishers insert your email address in the link field and thus can identify your account as functional.

Below is the mail arriving in many university accounts:

 

If you have received this mail like this, please report is to the Information Technology Cybersecurity Team using the following method:

Send the spam/phishing mail to help@sun.ac.za and sysadm@sun.ac.za

Attach the phishing or suspicious mail on to the message if possible.
1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
2. Use the Title “SPAM” (without quotes) in the Subject.
3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
4. Send the mail.

[Information supplied by David Wiles]

Email

Tags: ,
Posted in phishing, Security | Comments Off on Phishing Scam about “Unexpected Mail Shutdown

Tripadvisor phishing scam

Monday, June 4th, 2018

It seems that there are a number of you who make some use of TripAdvisor.com for planning your overseas trips. TripAdvisor is travel and restaurant website that provides hotel and restaurant reviews, accommodation bookings etc. but the phishing scammers are currently targeting South African and Australian users with a phishing scam to try to get access to their TripAdvisor account.

Be on the lookout for a phishing scam that *might* target university personnel and student accounts over the next few days:

Hi <your name>,

Want to keep your username?
Since you haven’t been on TripAdvisor in a while, your username <your TripAdvisor username> will expire in two weeks. Want to keep it? Simply click on the button below:

Keep my username

While this might not seem to be much of an issue for some people, the real danger is that, in many cases, university personnel and students – some making use of TripAdvisor,  use the same password for all their Internet accounts. According to a recent Ofcom report, over 55% of Internet users older than 16 used the same password for most – if not all! – the websites they tended to use.

If you do use the same password for lots of sites, and one of those sites are hacked, (like Tripadvisor) and hackers could start using your “leaked password” on multiple sites, they could gain access to more areas of your life such as your email, banking, social media and other accounts.

A very useful site to check if any of your online account have been hacked is https://haveibeenpwned.com/ This site helps you to check if you have an account that has been compromised in a data breach. 

I concede that remembering passwords can be a real challenge, especially if you have a lot of online accounts. I recommend using password management software – also sometimes known as a password vault – like 1Password, KeePass and Lastpass.

Password management software can remember all your hard-to-crack passwords for you (they can even generate them to make sure they’re super complex), and store them securely behind one master password.

Please be very careful out there. Don’t become a statistic or a victim of identity theft!

[Article by David Wiles]

Email

Posted in E-mail, Security | Comments Off on Tripadvisor phishing scam

Phishing mail using intimidation and threats

Friday, June 1st, 2018

There is no need to panic or be in anyway concerned for your personal safety about the latest batch of “phishing” emails that are going out with “death threats” or extortion regarding your “alleged” online activity around pornography sites etc.

A simple Google search using the following term “I Was Paid To Kill You scam” gave me 43 million results, all of the first 100 or so pages reporting this mail as a scam. A further search, narrowing the results down to only South Africa and only from last week, resulted in a little over 100 000 results, all of which were reporting as a hoax.

A similar scam first surfaced in the USA in 2006. An email from a would-be assassin was sent to a number of users from a Russian e-mail address. The “assassin” apparently appointed by a close acquaintance of his target, offers the victim the opportunity to buy him or herself a new lease on life by paying between $50,000 and $150,000.

If you receive mail like this, you should never panic. If you look at the extortion mail there are clues that reveal that the mail is a hoax:

  1. The subject line: “I Was Paid To Kill You”, “YOU SHOULD BE ASHAMED OF YOURSELF”, “YOUR PRIVACY HAS BEEN COMPROMISED”
    These are designed to cause anxiety, stress and panic.
  2. Time limits: “You have 48 Hours to pay…”
    How can the scammer know that you have received the mail and when you have read the mail and keep track of time to see if “48-hours” has passed?
  3. Engagement: “Contact me back via e-mail…”
    Never make contact with the scammers. This immediately alerts them that a “real person” read their mail and they will be able to concentrate their nefarious efforts on you.

If you ever receive emails like these, please report is to the Information Technology Cybersecurity Team using the following method:

Send the spam/phishing mail to help@sun.ac.za and sysadm@sun.ac.za.

Attach the phishing or suspicious mail on to the message if possible.
1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
2. Use the Title “SPAM” (without quotes) in the Subject.
3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
4. Send the mail.

[Article by David Wiles]

Email

Tags: ,
Posted in E-mail, Security | Comments Off on Phishing mail using intimidation and threats

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.