%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> /XObject << /I1 16 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text /ImageC ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20250718191054+00'00') /ModDate (D:20250718191054+00'00') /Title (Report 07-2025) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 12 0 R 14 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 9179 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 174.779 521.469 571.955 re f 0.773 0.773 0.773 RG 0.75 w 0 J [ ] 0 d 45.641 175.154 520.719 571.205 re S 0.773 0.773 0.773 rg 61.016 190.529 m 550.984 190.529 l 550.984 191.279 l 61.016 191.279 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(CYBERSECURITY AWARENESS MONTH: CREATING STRONG )] TJ ET BT 61.016 676.134 Td /F1 14.4 Tf [(PASSWORDS)] TJ ET 0.400 0.400 0.400 rg BT 61.016 647.326 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 647.326 Td /F3 9.0 Tf [(May 10,2021)] TJ ET BT 156.578 647.326 Td /F2 9.0 Tf [( by )] TJ ET BT 171.086 647.326 Td /F3 9.0 Tf [(David Wiles)] TJ ET 0.373 0.169 0.255 rg BT 61.016 619.837 Td 1.096 Tw /F4 9.0 Tf [(Before)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 61.016 618.686 m 87.530 618.686 l S 0.153 0.153 0.153 rg BT 87.530 619.837 Td 1.096 Tw /F4 9.0 Tf [(we pointed out that most people underestimate the importance of having a secure password, and still make the )] TJ ET BT 61.016 608.848 Td 0.000 Tw /F4 9.0 Tf [(mistake of using simple words and numbers as a password.)] TJ ET BT 61.016 588.859 Td 0.566 Tw /F4 9.0 Tf [(Keep in mind that your email and social network accounts contain very personal information about you. You must have a )] TJ ET BT 61.016 577.870 Td 0.000 Tw /F4 9.0 Tf [(strong password to keep your personal life personal, and not become a victim of identity theft.)] TJ ET 0.153 0.153 0.153 RG 85.866 560.697 m 85.866 561.110 85.696 561.520 85.404 561.811 c 85.113 562.103 84.703 562.272 84.291 562.272 c 83.878 562.272 83.469 562.103 83.177 561.811 c 82.885 561.520 82.716 561.110 82.716 560.697 c 82.716 560.285 82.885 559.875 83.177 559.584 c 83.469 559.292 83.878 559.122 84.291 559.122 c 84.703 559.122 85.113 559.292 85.404 559.584 c 85.696 559.875 85.866 560.285 85.866 560.697 c f BT 91.016 557.881 Td 1.403 Tw /F4 9.0 Tf [(Using email or your profile on Facebook, Whatsapp or Google, hackers can and do, extract a huge amount of )] TJ ET BT 91.016 546.892 Td 0.000 Tw /F4 9.0 Tf [(personal data of your personal "online" life.)] TJ ET 85.866 538.719 m 85.866 539.132 85.696 539.542 85.404 539.833 c 85.113 540.125 84.703 540.294 84.291 540.294 c 83.878 540.294 83.469 540.125 83.177 539.833 c 82.885 539.542 82.716 539.132 82.716 538.719 c 82.716 538.307 82.885 537.897 83.177 537.606 c 83.469 537.314 83.878 537.144 84.291 537.144 c 84.703 537.144 85.113 537.314 85.404 537.606 c 85.696 537.897 85.866 538.307 85.866 538.719 c f BT 91.016 535.903 Td 0.513 Tw /F4 9.0 Tf [(If you use the same password for multiple online accounts, you run the risk, if this password is hacked, of all your )] TJ ET BT 91.016 524.914 Td 0.000 Tw /F4 9.0 Tf [(online accounts being compromised.)] TJ ET 85.866 516.741 m 85.866 517.154 85.696 517.564 85.404 517.855 c 85.113 518.147 84.703 518.316 84.291 518.316 c 83.878 518.316 83.469 518.147 83.177 517.855 c 82.885 517.564 82.716 517.154 82.716 516.741 c 82.716 516.329 82.885 515.919 83.177 515.628 c 83.469 515.336 83.878 515.166 84.291 515.166 c 84.703 515.166 85.113 515.336 85.404 515.628 c 85.696 515.919 85.866 516.329 85.866 516.741 c f BT 91.016 513.925 Td 0.739 Tw /F4 9.0 Tf [(Using a personal name for an online account, the name of the city that you live in, the names of your children or )] TJ ET BT 91.016 502.936 Td 0.000 Tw /F4 9.0 Tf [(your date of birth, give hackers vital clues for attempting to access your personal data.)] TJ ET 85.866 494.763 m 85.866 495.176 85.696 495.586 85.404 495.877 c 85.113 496.169 84.703 496.338 84.291 496.338 c 83.878 496.338 83.469 496.169 83.177 495.877 c 82.885 495.586 82.716 495.176 82.716 494.763 c 82.716 494.351 82.885 493.941 83.177 493.650 c 83.469 493.358 83.878 493.188 84.291 493.188 c 84.703 493.188 85.113 493.358 85.404 493.650 c 85.696 493.941 85.866 494.351 85.866 494.763 c f BT 91.016 491.947 Td 1.239 Tw /F4 9.0 Tf [(For an average expert hacker, it is always easy to find passwords that are made up of words from the English )] TJ ET BT 91.016 480.958 Td 0.000 Tw /F4 9.0 Tf [(vocabulary or other languages, using a basic technique called "brute force" or "dictionary" attacks.)] TJ ET BT 61.016 457.999 Td /F1 9.0 Tf [(What makes a password safe?)] TJ ET BT 78.360 438.026 Td /F4 9.0 Tf [(1.)] TJ ET BT 91.016 438.010 Td /F4 9.0 Tf [(A password at least 8 characters long.)] TJ ET BT 78.360 427.037 Td /F4 9.0 Tf [(2.)] TJ ET BT 91.016 427.021 Td /F4 9.0 Tf [(The password does not contain information that is easy to find online, such as the date of birth, the telephone )] TJ ET BT 91.016 416.032 Td /F4 9.0 Tf [(number, your spouses name, the name of a pet, or a childs name.)] TJ ET BT 78.360 405.059 Td /F4 9.0 Tf [(3.)] TJ ET BT 91.016 405.043 Td /F4 9.0 Tf [(The password does not contain words found in the dictionary.)] TJ ET BT 78.360 394.070 Td /F4 9.0 Tf [(4.)] TJ ET BT 91.016 394.054 Td /F4 9.0 Tf [(The password contains special characters like @ # $% ^ &, and numbers.)] TJ ET BT 78.360 383.081 Td /F4 9.0 Tf [(5.)] TJ ET BT 91.016 383.065 Td /F4 9.0 Tf [(The password uses a combination of uppercase and lowercase letters.)] TJ ET BT 61.016 360.106 Td /F1 9.0 Tf [(A trick that the experts use to create secure passwords:)] TJ ET BT 61.016 340.117 Td /F4 9.0 Tf [(Think of a phrase and use the first letters of the words in the phrase.)] TJ ET 85.866 322.944 m 85.866 323.357 85.696 323.767 85.404 324.058 c 85.113 324.350 84.703 324.519 84.291 324.519 c 83.878 324.519 83.469 324.350 83.177 324.058 c 82.885 323.767 82.716 323.357 82.716 322.944 c 82.716 322.532 82.885 322.122 83.177 321.831 c 83.469 321.539 83.878 321.369 84.291 321.369 c 84.703 321.369 85.113 321.539 85.404 321.831 c 85.696 322.122 85.866 322.532 85.866 322.944 c f BT 91.016 320.128 Td /F4 9.0 Tf [(For example: )] TJ ET BT 146.033 320.128 Td /F2 9.0 Tf [("In South Africa, a barbecue is called a Braai!")] TJ ET 85.866 311.955 m 85.866 312.368 85.696 312.778 85.404 313.069 c 85.113 313.361 84.703 313.530 84.291 313.530 c 83.878 313.530 83.469 313.361 83.177 313.069 c 82.885 312.778 82.716 312.368 82.716 311.955 c 82.716 311.543 82.885 311.133 83.177 310.842 c 83.469 310.550 83.878 310.380 84.291 310.380 c 84.703 310.380 85.113 310.550 85.404 310.842 c 85.696 311.133 85.866 311.543 85.866 311.955 c f BT 91.016 309.139 Td /F4 9.0 Tf [(Take the first letters of each word and the password that is created is )] TJ ET BT 368.144 309.139 Td /F3 9.0 Tf [(ISAabicaB!)] TJ ET 85.866 300.966 m 85.866 301.379 85.696 301.789 85.404 302.080 c 85.113 302.372 84.703 302.541 84.291 302.541 c 83.878 302.541 83.469 302.372 83.177 302.080 c 82.885 301.789 82.716 301.379 82.716 300.966 c 82.716 300.554 82.885 300.144 83.177 299.853 c 83.469 299.561 83.878 299.391 84.291 299.391 c 84.703 299.391 85.113 299.561 85.404 299.853 c 85.696 300.144 85.866 300.554 85.866 300.966 c f BT 91.016 298.150 Td /F4 9.0 Tf [(This will be very difficult to guess, but easy to remember.)] TJ ET 85.866 289.977 m 85.866 290.390 85.696 290.800 85.404 291.091 c 85.113 291.383 84.703 291.552 84.291 291.552 c 83.878 291.552 83.469 291.383 83.177 291.091 c 82.885 290.800 82.716 290.390 82.716 289.977 c 82.716 289.565 82.885 289.155 83.177 288.864 c 83.469 288.572 83.878 288.402 84.291 288.402 c 84.703 288.402 85.113 288.572 85.404 288.864 c 85.696 289.155 85.866 289.565 85.866 289.977 c f BT 91.016 287.161 Td /F4 9.0 Tf [(At this point, you can decide to make your the Google password is )] TJ ET BT 357.146 287.161 Td /F3 9.0 Tf [(ISAabicaB!-G)] TJ ET BT 414.656 287.161 Td /F4 9.0 Tf [(, and Facebook )] TJ ET BT 481.697 287.161 Td /F3 9.0 Tf [(ISAabicaB!-F)] TJ ET BT 91.016 276.172 Td /F4 9.0 Tf [(and your university account )] TJ ET BT 205.568 276.172 Td /F3 9.0 Tf [(ISAabicaB!-U)] TJ ET BT 262.574 276.172 Td /F4 9.0 Tf [(S and so on.)] TJ ET 85.866 267.999 m 85.866 268.412 85.696 268.822 85.404 269.113 c 85.113 269.405 84.703 269.574 84.291 269.574 c 83.878 269.574 83.469 269.405 83.177 269.113 c 82.885 268.822 82.716 268.412 82.716 267.999 c 82.716 267.587 82.885 267.177 83.177 266.886 c 83.469 266.594 83.878 266.424 84.291 266.424 c 84.703 266.424 85.113 266.594 85.404 266.886 c 85.696 267.177 85.866 267.587 85.866 267.999 c f BT 91.016 265.183 Td /F4 9.0 Tf [(There is already a capital letter and a special character )] TJ ET BT 312.110 265.183 Td /F3 9.0 Tf [(\(!\))] TJ ET BT 321.101 265.183 Td /F4 9.0 Tf [(, so you just need to add a number to finish off a good )] TJ ET BT 91.016 254.194 Td /F4 9.0 Tf [(password like )] TJ ET BT 148.031 254.194 Td /F3 9.0 Tf [(9-ISAabicaB!-US)] TJ ET BT 221.543 254.194 Td /F2 9.0 Tf [(\(9 could be the month you created the password in - for example\))] TJ ET BT 61.016 234.205 Td /F4 9.0 Tf [(You will have already made your password a lot more difficult to hack, and it can be a lot of fun to create.)] TJ ET 0.400 0.400 0.400 rg BT 61.016 215.716 Td /F2 9.0 Tf [(Posted in:News,Phishing,Security,Tips | Tagged:Cyberaware,Cybersecurity,Password,Passwords,Phishing | With 0 )] TJ ET BT 61.016 204.727 Td /F2 9.0 Tf [(comments)] TJ ET q 225.000 0 0 135.000 61.016 493.628 cm /I1 Do Q endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Annot /Subtype /Link /A 13 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 493.6285 286.0157 628.6285 ] >> endobj 13 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/en/2018/10/cyber-aware-month-common-passwords/) >> endobj 14 0 obj << /Type /Annot /Subtype /Link /A 15 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 619.0048 87.5297 628.1623 ] >> endobj 15 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/en/2018/10/cyber-aware-month-common-passwords/) >> endobj 16 0 obj << /Type /XObject /Subtype /Image /Width 300 /Height 180 /ColorSpace /DeviceRGB /Filter /DCTDecode /BitsPerComponent 8 /Length 4011>> stream JFIF``;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82 C    !'"#%%%),($+!$%$C   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$," }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?(< ( ( ( ( ( (Q@((((((((((((((((((((((((((((((((((((((((((+!e:!6Y.9ۻλqT#%s?#klf@D.|m{9HrKՂ(QEQEQEQEQEQEQEQEQEQEQEs$okK 4zbb$1Gő Jq֍'Vj һn_xn 9|AFpב7_ ɣlUQkO]~ZG]at"FZ9<6qުQšC-j-̌e0O(9}~INOt ⺚_Mc2h]/ kön]\=bQ]$rnPiOҿ?Y\#Ͽ5 7Q dѿ6?*?JHD=@+# Q`HM|/C&Tk4o AOҿ??JH0{$y&F:oii7ݎ+vo5'_ U=[,<=4r e-TIQ`HàG5jZMͣ_ϧ9yf3]5y 2j(AEPEPEPEPEPEP0(QEQEQEQEWM?O]6vQȮҹ_ZڃjW]ʎ]ƏBG .ZڭԶȞSm,NN3YڷZ*ڿ3g܏C?s7H9jO[Vz*xr?BG .G!#o?o?:?[Ww3GH9h$5'GQy={j} 33]Ƥռ ӧ{`HJWb}Gum̞B>Vc>>׊5qWgY6[QXQEQEQE ( (Q@Š(AEPEPEPwB]B M"wZ]O8'l2 \vNg]CQ]'<҃ck c@~kPJYUsyvhAԩ4V`< yx[`w5}ax#.j 9}F/.[P{H)өP9`fΕn伔Op?C]jmvv[͕$NY9 ;'~{qF A#wZ+mxvVo͸qdqQєQEHQEQEQE ((QE (Q@Q@Q@Q@r!?KW+#KZRQ: iVdQQ@ QVn%5;"0 ݆g>_x}7vZ\,QWX>da})W( yyv 4 VvPQ%g 9f* 1$IMlCGQǐsG~/i}!ټDQM3:UXz/{ll2THG\tp54ނPIjZO}G1 [U;VC xp+Pu[)o㸶CHWS^Ik ىyZ%^OsqT,{R=N((((((((((((QExׄ p P} ʺ'@Kmq=?~ W^zj)j W=j dg*8ďxW_CQ\~?F?G eE}cmX{$s¿Ug!`jiO dmv-n?׬_C@^ԝ'ϳK}U5=2^=_Pv&I:tzzܥ2Ăf^7湛U]{I^KoYT@Ĩm8 +(tܛwV +A3^^/Eh?ok4"WEW`QEQEQEQEQEQEQEQEQEQEQE (Q@Q@W,QOV(;OH.Lּ3]\ưNI Qs)8R8=j-oQ~ 㴴WJjb߶O;G-oQ~ 㴴Sթ=+_|\DҼ#5)Ŋ8U+#`Mf7FBmb d㓎98+d2aEW!EPEPEPEPEPEPEPEPEPEPEP0(QEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQE (QEQEQEQEQEQEQEQEQEQEQEQE?`4lQTPll(=M6SFh ލފ(==袀 ލފ(==MPz6SElE`4Q@h=MPz6SElE`4Q@FElފ(==MP{Ѱz( endstream endobj xref 0 17 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000332 00000 n 0000000369 00000 n 0000000507 00000 n 0000000596 00000 n 0000009827 00000 n 0000009939 00000 n 0000010054 00000 n 0000010174 00000 n 0000010282 00000 n 0000010409 00000 n 0000010533 00000 n 0000010659 00000 n 0000010783 00000 n trailer << /Size 17 /Root 1 0 R /Info 5 0 R >> startxref 14962 %%EOF Security « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

Security

« Older Entries
Newer Entries »

SPAM WARNING with subject “I Was Paid To Kill You”

Monday, May 28th, 2018

Please be aware of a spam message being distributed to some of our staff members. Subject line “I Was Paid To Kill You”. (See the example below)

This is a scam and can safely be ignored. Our CSIRT team have taken the necessary measures and Campus Security is also looking into it.

From: GDQ Hired Killers <hiredkillers@abgpropslogistics.com>
Date: Monday, 28 May 2018 at 6:17
Subject: I Was Paid To Kill You

Someone Very Close to you paid me to kill you,
if you love yourself get spared,
you have 48hrs to pay R5000, and remember i am watching you and every move you make, don’t even dare try inform the police or anybody around,
death is promised, contact me back via email as soon as you get my message, Only 48hrs, Time is ticking.

Email

Posted in Security | Comments Off on SPAM WARNING with subject “I Was Paid To Kill You”

Phishing scam disguised as the university’s single-sign on page

Wednesday, May 16th, 2018

Due to the vigilance of an observant personnel member from the US Business School, we have encountered a dangerous phishing scam being sent from a compromised UNISA account.

The Subject is “Dear SUN E-mail User © Copyright 2018 Stellenbosch University” which should immediately raise eyebrows. The phishing email “warns” you about the pending expiration of your e-mail account and prompts you to click on a link to reactivate it.

See below what the mail looks like:

The danger is that the phishing scammers have perfectly forged the university’s SINGLE SIGN-ON page, that is used by students an personnel to access the portal pages, the my.sun.ac.za page, SUNLearn etc., as you can see below. Not many people will notice that the address is not a university address, neither is it secure.

It is imperative that you do not click on the link in the mail, and do not provide the scammers with your username and password as they might be able to access the university’s systems that are accessible through the Single Sign-On page.

Last year scammers were able to forge the e-HR login page through a phishing scam and several staff members had their bank accounts details and other personal details exposed to the scammers.  In the light of the issues that Tygerberg staff have been having with general network access earlier this month, and this week’s issue with e-mail, the arrival of this sort of mail at this time can fool some people into thinking that it is legitimate and lead to compromised network and e-mail accounts.

Here’s how to report any phishing or spam mail:

Send the spam/phishing mail to help@sun.ac.za and sysadm@sun.ac.za.

Attach the phishing or suspicious mail on to the message if possible.
1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
2. Use the Title “SPAM” (without quotes) in the Subject.
3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
4. Send the mail.

[Information supplied by David Wiles]

Email

Tags: ,
Posted in E-mail, Security | Comments Off on Phishing scam disguised as the university’s single-sign on page

Phishing Scam with subject: “IT Helpdesk! Treat Very Urgently!”

Wednesday, April 25th, 2018

There is a rather pesky phishing e-mail making its rounds at the moment that you need to watch out for.

The Subject is “IT HelpDesk! Treat Very Urgently!”

The subject alone with its exclamation marks and every word capitalised should show that it is a phishing mail.

Below is an example of the mail:

Please do not respond or click on the links. Report it to the IT CyberSecurity reporting addresses.

Here’s how to report any phishing or spam mail:

Send the spam/phishing mail to help@sun.ac.za and sysadm@sun.ac.za.

Attach the phishing or suspicious mail on to the message if possible.
1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
2. Use the Title “SPAM” (without quotes) in the Subject.
3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
4. Send the mail.

Email

Tags:
Posted in E-mail, Security | Comments Off on Phishing Scam with subject: “IT Helpdesk! Treat Very Urgently!”

Protect what you share

Thursday, March 29th, 2018

Last month it was revealed that a Trump data company, Cambridge Analytica, used the data of Facebook users during the American election. Security company SANS Security provided the information below to clarify the situation and provide solutions if you are concerned about your data being shared online.

“The US Federal Trade Commission is investigating whether Facebook violated terms of a 2011 settlement when data of up to 50 million users were transferred to Cambridge Analytica, a data analytics firm.  This data was originally collected from a Facebook app called “thisisyourdigitallife”.  The app not only collected extensive data from people who downloaded it, but the app connected data on their friends also.  This incident is raising a lot of questions, to include what other data has been collected by other apps, and how was that data shared.  Below are steps you can take to protect your privacy.  Note that while these steps are specific to Facebook, you should consider following the same steps for any social networking sites you use online.  In addition, Facebook will be making privacy changes in the coming months, as such, some of the links or options listed below may change. 

  1. Delete: If you are truly concerned about Facebook and no longer trust it, the most dramatic step you can take is to Delete Your Facebook Account.  If you do, your information cannot be recovered, so we recommend you download all of your past Facebook activity first from your settings page.
  2. Deactivate: The second option is to Deactivate Your Facebook Account, which is in your General Account Settings. This freezes your online activity to include disabling your profile and remove your name and photo from most things you’ve shared on Facebook.  However, you will still be able to message people.  Unlike Deletion, with Deactivation, you can Re-activate your account, which means your profile and past activity is restored.
  3. Minimize Apps: The issue is not only what data Facebook collects about your activity, but what data any third party apps that connect to your Facebook account, apps such as Clash of Clans or What is Your Inner Age.  Only install apps you need and minimize what they collect.  Why do you think there has been such an explosion of these fun and free apps?  Because they make money harvesting your information. In addition, limit what others share about you with their apps in the “Apps Others Use” section. Finally, delete an app when you no longer need it or no longer trust it.  Not sure what apps you have?  Check out your apps page and review your apps. Every app you have is just one more opportunity for others to collect information about you.  
  4. Logins: Many websites (and apps) give you the option of using your Facebook account to login.  While that is convenient, it just means more data sharing is happening between that website and your Facebook account.  Protect your privacy by using a unique login for each and every account you have.  Can’t remember all of your passwords?  Neither can we, that is why we recommend a Password Manager.
  5. Sharing: Always be careful what you share with others.  If you do not want your parents or boss to read it, you probably should not post it.  Yes, you can use privacy options to control who can read your posts, but remember those can be confusing and change often, so what you thought was privately shared can become publicly available.
  6. Two-factor Authentication: Finally, while not related to privacy, one of the best steps you can take to securing any of your online accounts is to enable two-factor authentication.  This requires a second step to logging into the site.  This very simple step is one of THE most effective ways you can secure your online accounts.

Unfortunately, these steps are not as simple as we would like.  Facebook and other sites do this on purpose, they make money by collecting your information.  We want you to be aware that information is being collected about you and the steps you can take to protect yourself.  Finally, while these steps are specific to Facebook, keep in mind many other free sites have the same issues.”

[Source: SANS Security Awareness]

 
Email

Posted in Apps, Security | Comments Off on Protect what you share

“Cryptocurrency” scam email

Wednesday, March 28th, 2018

Please be aware of a  scam making the rounds since yesterday.

It is a “Crypto-currency” (bitcoin) scam that comes in the form of an e-mail from an unknown sender (currently an address from name@dacfinance.online). It will look like this:

 

 

Hi, how are you?
I hope you are okay

 I’ve been trying to reach you for the past couple of days.

Something MAJOR is happening in the trading world and I want you to know about it.

>> Check this with your email somebody@sun.ac.za

 Are you ready for that kind of spending power?

Many people already started to trade cryptocurrencies, BitCoin and LiteCoin.

Join now to our Group!

 To your success,
Some Name
 DAC Finance

cryptocurrency.website address

 

 

This is a sneaky attempt to defraud users seeking an opportunity to invest in Bitcoins (crypto-currency). The website you are taken to is filled with fake testimonials, inflated bank account numbers, exaggerated claims of easy money and various other lies and fabrications. The software that you would be asked to install is fake and will compromise security on your computer and be used to send spam. Furthermore, victims will have to pay anything up to $250 to join the “investment” scheme and the only thing that will happen is that you will be $250 poorer. Here is an example of the website page:

Do not respond to this mail or be tempted to join this scheme. The fact that university e-mail addresses reused and the claims look legitimate should rather be a warning.

As always if you have received mail that looks like this, please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to help@sun.ac.za and sysadm@sun.ac.za.
Attach the phishing or suspicious mail on to the message if possible.
1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
2. Use the Title “SPAM” (without quotes) in the Subject.
3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
4. Send the mail.

[Article by David Wiles]

Email

Tags: , ,
Posted in E-mail, Security | Comments Off on “Cryptocurrency” scam email

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.