%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R 32 0 R ] /Count 2 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20250720070505+00'00') /ModDate (D:20250720070505+00'00') /Title (Report 07-2025) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 12 0 R 14 0 R 16 0 R 18 0 R 20 0 R 22 0 R 24 0 R 26 0 R 28 0 R 30 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 6707 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 69.563 521.469 677.171 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 45.266 746.734 m 566.734 746.734 l 565.984 745.984 l 46.016 745.984 l f 566.734 746.734 m 566.734 69.563 l 565.984 69.563 l 565.984 745.984 l f 45.266 746.734 m 45.266 69.563 l 46.016 69.563 l 46.016 745.984 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(MULTI-FACTOR AUTHENTICATION \(MFA\) FAQS)] TJ ET 0.400 0.400 0.400 rg BT 61.016 664.909 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 664.909 Td /F3 9.0 Tf [(June 08,2020)] TJ ET BT 160.079 664.909 Td /F2 9.0 Tf [( by )] TJ ET BT 174.587 664.909 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 637.420 Td /F4 9.0 Tf [(Information Technology recently)] TJ ET BT 189.068 637.420 Td /F4 9.0 Tf [( enabled MFA for our staff and students. Soon?all staff and students?will be required to )] TJ ET BT 61.016 626.431 Td /F4 9.0 Tf [(use multi factor authentication to secure their information and the university)] TJ ET BT 360.149 626.431 Td /F4 9.0 Tf [(’s)] TJ ET BT 366.647 626.431 Td /F4 9.0 Tf [( network.)] TJ ET BT 403.160 626.431 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 606.442 Td /F1 9.0 Tf [(FREQUENTLY ASKED QUESTIONS)] TJ ET BT 211.532 606.442 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 586.453 Td /F1 9.0 Tf [(What is MFA?? )] TJ ET BT 61.016 566.464 Td /F4 9.0 Tf [(Multi-Factor Authentication adds a second layer of security to your account to ensure that your account stays safe, even if )] TJ ET BT 61.016 555.475 Td /F4 9.0 Tf [(someone else knows your password. This will mean that, for certain services, including Microsoft Outlook, Teams, etc. you )] TJ ET BT 61.016 544.486 Td /F4 9.0 Tf [(will be prompted to provide more information in order to authenticate your identity as a Stellenbosch University student or )] TJ ET BT 61.016 533.497 Td /F4 9.0 Tf [(staff member. )] TJ ET 0.373 0.169 0.255 rg BT 118.535 533.497 Td /F4 9.0 Tf [(More about MFA here.)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 118.535 532.346 m 208.571 532.346 l S 0.153 0.153 0.153 rg BT 208.571 533.497 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 513.508 Td /F1 9.0 Tf [(Why is it so important that I enrol for MFA?  )] TJ ET BT 61.016 493.519 Td /F4 9.0 Tf [(By enrolling for MFA)] TJ ET BT 142.538 493.519 Td /F4 9.0 Tf [(,)] TJ ET BT 145.040 493.519 Td /F4 9.0 Tf [( you ensure that your account is )] TJ ET BT 275.108 493.519 Td /F4 9.0 Tf [(more )] TJ ET BT 298.112 493.519 Td /F4 9.0 Tf [(secure.)] TJ ET BT 327.623 493.519 Td /F4 9.0 Tf [(  You are protecting your own data \(including your HR, )] TJ ET BT 61.016 482.530 Td /F4 9.0 Tf [(payment details, etc.\), your colleagues and the university.)] TJ ET BT 61.016 462.541 Td /F1 9.0 Tf [(How do I enrol for MFA?)] TJ ET BT 165.020 462.541 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 442.552 Td /F4 9.0 Tf [(By following the steps set out in the )] TJ ET 0.373 0.169 0.255 rg BT 204.593 442.552 Td /F4 9.0 Tf [(.pdf document.)] TJ ET 0.18 w 0 J [ ] 0 d 204.593 441.401 m 264.128 441.401 l S 0.153 0.153 0.153 rg BT 264.128 442.552 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 422.563 Td /F1 9.0 Tf [(What must I do if the document does not open? )] TJ ET BT 61.016 402.574 Td /F4 9.0 Tf [(If the document does not open, it could be due to a slow internet connection or you do not have a PDF reader \(e.g. Adobe )] TJ ET BT 61.016 391.585 Td /F4 9.0 Tf [(Acrobat\) installed. Please also clear your browser history or try to open the link in a different browser.?)] TJ ET BT 468.176 391.585 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 371.596 Td /F1 9.0 Tf [(How can a PDF reader be installed? )] TJ ET BT 61.016 351.607 Td /F4 9.0 Tf [(Please raise a request on the ICT Partner Portal that is available at)] TJ ET BT 327.641 351.607 Td /F4 9.0 Tf [( )] TJ ET 0.373 0.169 0.255 rg BT 330.143 351.607 Td /F4 9.0 Tf [(https://servicedesk.sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 330.143 350.456 m 445.694 350.456 l S 0.153 0.153 0.153 rg BT 445.694 351.607 Td /F4 9.0 Tf [( )] TJ ET BT 448.196 351.607 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 331.618 Td /F1 9.0 Tf [(What can I do if I have problems to enrol for MFA? )] TJ ET BT 61.016 311.629 Td /F4 9.0 Tf [(If you are struggling to )] TJ ET BT 152.564 311.629 Td /F4 9.0 Tf [(enrol)] TJ ET BT 172.571 311.629 Td /F4 9.0 Tf [( for)] TJ ET BT 185.576 311.629 Td /F4 9.0 Tf [( MFA, please )] TJ ET BT 241.097 311.629 Td /F4 9.0 Tf [(log a)] TJ ET BT 260.609 311.629 Td /F4 9.0 Tf [( request on )] TJ ET BT 308.138 311.629 Td /F4 9.0 Tf [(the)] TJ ET BT 320.648 311.629 Td /F4 9.0 Tf [( )] TJ ET 0.373 0.169 0.255 rg BT 323.150 311.629 Td /F4 9.0 Tf [(ICT Partner Portal)] TJ ET 0.18 w 0 J [ ] 0 d 323.150 310.478 m 395.672 310.478 l S 0.153 0.153 0.153 rg BT 395.672 311.629 Td /F4 9.0 Tf [( and a technician will contact you.?)] TJ ET BT 534.740 311.629 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 291.640 Td /F1 9.0 Tf [(When do I have to enrol for MFA? )] TJ ET BT 61.016 271.651 Td /F4 9.0 Tf [(Please )] TJ ET BT 91.031 271.651 Td /F4 9.0 Tf [(enrol)] TJ ET BT 111.038 271.651 Td /F4 9.0 Tf [( for MFA as soon as possible. It is critical that all our staff and students use two-factor authentication. )] TJ ET BT 61.016 251.662 Td /F1 9.0 Tf [(How will I know that I have successfully enrolled for MFA? )] TJ ET BT 61.016 231.673 Td /F4 9.0 Tf [(A confirmation message will be displayed on the last screen of the )] TJ ET BT 326.633 231.673 Td /F4 9.0 Tf [(enrolment)] TJ ET BT 366.647 231.673 Td /F4 9.0 Tf [( process.)] TJ ET BT 403.160 231.673 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 220.684 Td /F4 9.0 Tf [(You are now enrolled for Multi Factor Authentication.)] TJ ET BT 61.016 200.695 Td /F1 9.0 Tf [(What must I do if I don't see the  screens as indicated on the enrolment document? )] TJ ET BT 61.016 180.706 Td /F4 9.0 Tf [(Raise a request on the ICT Partner Portal at)] TJ ET BT 236.597 180.706 Td /F4 9.0 Tf [( )] TJ ET 0.373 0.169 0.255 rg BT 239.099 180.706 Td /F4 9.0 Tf [(https://servicedesk.sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 239.099 179.555 m 354.650 179.555 l S 0.153 0.153 0.153 rg BT 354.650 180.706 Td /F4 9.0 Tf [( )] TJ ET BT 357.152 180.706 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 160.717 Td /F1 9.0 Tf [(Will I be charged for the MFA authentication SMS's? )] TJ ET BT 61.016 140.728 Td /F4 9.0 Tf [(No, the SMS's are at the cost of the University.)] TJ ET BT 247.316 140.728 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 120.739 Td /F1 9.0 Tf [(Can I enrol for MFA if I stay in an area without cell phone signal? )] TJ ET BT 61.016 100.750 Td /F4 9.0 Tf [(No, you need a cellphone with reception to enrol for MFA.)] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Annot /Subtype /Link /A 13 0 R /Border [0 0 0] /H /I /Rect [ 118.5347 542.2879 118.5347 542.2879 ] >> endobj 13 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/en/2020/05/what-is-mfa/) >> endobj 14 0 obj << /Type /Annot /Subtype /Link /A 15 0 R /Border [0 0 0] /H /I /Rect [ 118.5347 532.6642 208.5707 541.8217 ] >> endobj 15 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/en/2020/05/what-is-mfa/) >> endobj 16 0 obj << /Type /Annot /Subtype /Link /A 17 0 R /Border [0 0 0] /H /I /Rect [ 204.5927 451.3429 204.5927 451.3429 ] >> endobj 17 0 obj << /Type /Action /S /URI /URI (http://admin.sun.ac.za/infoteg/dokumente/MFA_guide.pdf) >> endobj 18 0 obj << /Type /Annot /Subtype /Link /A 19 0 R /Border [0 0 0] /H /I /Rect [ 204.5927 441.7192 264.1277 450.8767 ] >> endobj 19 0 obj << /Type /Action /S /URI /URI (http://admin.sun.ac.za/infoteg/dokumente/MFA_guide.pdf) >> endobj 20 0 obj << /Type /Annot /Subtype /Link /A 21 0 R /Border [0 0 0] /H /I /Rect [ 330.1427 360.3979 330.1427 360.3979 ] >> endobj 21 0 obj << /Type /Action /S /URI /URI (https://servicedesk.sun.ac.za/) >> endobj 22 0 obj << /Type /Annot /Subtype /Link /A 23 0 R /Border [0 0 0] /H /I /Rect [ 330.1427 350.7742 445.6937 359.9317 ] >> endobj 23 0 obj << /Type /Action /S /URI /URI (https://servicedesk.sun.ac.za/) >> endobj 24 0 obj << /Type /Annot /Subtype /Link /A 25 0 R /Border [0 0 0] /H /I /Rect [ 323.1497 320.4199 323.1497 320.4199 ] >> endobj 25 0 obj << /Type /Action /S /URI /URI (https://servicedesk.sun.ac.za/) >> endobj 26 0 obj << /Type /Annot /Subtype /Link /A 27 0 R /Border [0 0 0] /H /I /Rect [ 323.1497 310.7962 395.6717 319.9537 ] >> endobj 27 0 obj << /Type /Action /S /URI /URI (https://servicedesk.sun.ac.za/) >> endobj 28 0 obj << /Type /Annot /Subtype /Link /A 29 0 R /Border [0 0 0] /H /I /Rect [ 239.0987 189.4969 239.0987 189.4969 ] >> endobj 29 0 obj << /Type /Action /S /URI /URI (https://servicedesk.sun.ac.za/) >> endobj 30 0 obj << /Type /Annot /Subtype /Link /A 31 0 R /Border [0 0 0] /H /I /Rect [ 239.0987 179.8732 354.6497 189.0307 ] >> endobj 31 0 obj << /Type /Action /S /URI /URI (https://servicedesk.sun.ac.za/) >> endobj 32 0 obj << /Type /Page /Parent 3 0 R /Contents 33 0 R >> endobj 33 0 obj << /Length 1873 >> stream 0.153 0.153 0.153 rg 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 587.833 521.469 170.151 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 45.266 587.833 m 566.734 587.833 l 565.984 588.583 l 46.016 588.583 l f 566.734 757.984 m 566.734 587.833 l 565.984 588.583 l 565.984 757.984 l f 45.266 757.984 m 45.266 587.833 l 46.016 588.583 l 46.016 757.984 l f 61.016 603.583 m 550.984 603.583 l 550.984 604.333 l 61.016 604.333 l f 0.153 0.153 0.153 rg BT 61.016 740.193 Td /F1 9.0 Tf [(Which IT services will be activated for MFA? )] TJ ET BT 61.016 720.204 Td /F4 9.0 Tf [(For the first phase all Microsoft365 \(Outlook, Sharepoint Online, OneDrive for Business, etc.\) applications will require MFA )] TJ ET BT 61.016 709.215 Td /F4 9.0 Tf [(authentication. )] TJ ET BT 61.016 689.226 Td /F1 9.0 Tf [(What will happen if a service is activated for MFA?)] TJ ET BT 277.079 689.226 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 669.237 Td /F4 9.0 Tf [(Before you can access the )] TJ ET BT 169.574 669.237 Td /F4 9.0 Tf [(service)] TJ ET BT 198.077 669.237 Td /F4 9.0 Tf [( y)] TJ ET BT 205.079 669.237 Td /F4 9.0 Tf [(ou will be requested to enter the one-time pin number)] TJ ET BT 418.181 669.237 Td /F4 9.0 Tf [( that will be sent to the cell )] TJ ET BT 61.016 658.248 Td /F4 9.0 Tf [(phone number that you have indicated during the enrolment process.)] TJ ET BT 335.660 658.248 Td /F4 9.0 Tf [( Or if you chose to use the Authenticator App a )] TJ ET BT 61.016 647.259 Td /F4 9.0 Tf [(message will be sent to your phone via the app which request that you approve and in some cases it might also ask for a )] TJ ET BT 61.016 636.270 Td /F4 9.0 Tf [(scan of your thumbprint. )] TJ ET 0.400 0.400 0.400 rg BT 61.016 617.781 Td /F2 9.0 Tf [(Posted in:Security | | With 0 comments)] TJ ET endstream endobj xref 0 34 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000312 00000 n 0000000341 00000 n 0000000479 00000 n 0000000624 00000 n 0000007383 00000 n 0000007495 00000 n 0000007610 00000 n 0000007730 00000 n 0000007838 00000 n 0000007966 00000 n 0000008067 00000 n 0000008195 00000 n 0000008296 00000 n 0000008424 00000 n 0000008530 00000 n 0000008658 00000 n 0000008764 00000 n 0000008892 00000 n 0000008974 00000 n 0000009102 00000 n 0000009184 00000 n 0000009312 00000 n 0000009394 00000 n 0000009522 00000 n 0000009604 00000 n 0000009732 00000 n 0000009814 00000 n 0000009942 00000 n 0000010024 00000 n 0000010089 00000 n trailer << /Size 34 /Root 1 0 R /Info 5 0 R >> startxref 12015 %%EOF Security « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

Security

« Older Entries
Newer Entries »

Phishing email with subject: “ DO NOT IGNORE THE WARNING”

Thursday, March 15th, 2018

Several staff are receiving a “threatening” e-mail with the subject “<your email address> DO NOT IGNORE THE WARNING”

Your e-mail address will be inserted at the begining of the message, and then proceeds to inform you about your account being used for “spam activities” and that it will be blacklisted and permanently suspended.

Here is an example of the mail (with all the dangerous stuff removed)

If you are fooled into clicking on the link, you will be taken to a website (based in Zimbabwe) and your e-mail address will be automatically inserted in the field, and you will be asked to type in your password, and then the scammers will have gained access to your network account!

This is a typical tactic employed by phishers targeting university e-mail accounts. They use your contact details and intimidating language to cause you to panic and “click on the link they provide.

When spotting phishing scams remember:

  1. Don’t trust the display name.
  2. Look but don’t click.
  3. Check for spelling mistakes.
  4. Analyse the salutation.
  5. Don’t give up personal information – ever.
  6. Beware of urgent or threatening language in the subject line.
  7. Review the signature (remember the university’s own centennial celebration and “water-wise” branding is being used in *some* external phishing attacks)
  8. Don’t click on attachments.
  9. Don’t trust the header from an email address.
  10. Don’t believe everything you see.

Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it’s legitimate. Be sceptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it.

If you have received mail that looks like this, please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to the following addresses: help@sun.ac.za and sysadm@sun.ac.za. 

Attach the phishing or suspicious mail on to the message if possible.  

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

[Article by David Wiles]

Email

Posted in E-mail, phishing, Security | Comments Off on Phishing email with subject: “ DO NOT IGNORE THE WARNING”

Phishing scam about reaching your mailbox storage limit

Tuesday, March 6th, 2018

Monday started with a phishing scam threatening to close your mailbox, and Monday is ending with another attack, using a similar intimidation tactic about your mailbox size.

The grammar and spelling is very poor on this one so it should be rather easy to spot. However the use of University branding and “STELLENBOSCH HELP DESK” might fool some people.

The Subject will be “We apologies” (sic)

Dear User,

You have reached the storage limit for your mailbox. Please visit the following link to complete your e-mail access restore.

Follow this link to complete the process: Click Restore

STELLENBOSCH HELP DESK

If you do click on the link (which does not go to a university website) …this webpage will appear. 

 

 

Many thanks to all of you who reported this.

Remember these 5 guidelines:

  1. Information Technology will never request sensitive information such as passwords.
  2. Phishing e-mails often appear as an important notice or urgent matter such as threats that your mailbox is over quota.
  3. Use of aggressive or intimidating language such as ‘immediately’ and threats of consequences of not verifying your account.
  4. Misspelled words and poor grammar that take away from the professional context of the e-mail. (this one is quite obvious)
  5. Use of an impersonal greeting. (Dear User)

If you have received mail that looks like this please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to help@sun.ac.za  and sysadm@sun.ac.za

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

IT have set up a website page with useful information on how to report and combat phishing and spam. The address is:https://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

[Article by David Wiles]

 

Email

Tags: ,
Posted in E-mail, Security | Comments Off on Phishing scam about reaching your mailbox storage limit

Windows updates: for your own safety

Monday, February 26th, 2018

Due to the increasing threat of cybercrime and in an attempt to strengthen the security of our campus devices and network, Information Technology will be performing regular scans of devices on the network to identify possible weaknesses. These scans will be done after hours and will have no impact on your work during the day.

If a device presenting a potential threat is identified, a request will be logged on ServiceNow, Information Technology’s call logging system. One of our IT representatives will then contact the user of the device to establish whether the device is up to date with the latest Windows updates, antivirus updates and if the software is up to date. 

Do not be alarmed when an IT representative calls you and asks to update your SU work device. This process is for your own benefit and will not only protect our network, but also your device and your data.

We would appreciate it if you could assist us with safeguarding our network by regularly installing Windows updates and restarting your device after the updates in order to apply the updates. 

We are also attempting to upgrade PCs with Windows 10 v1511 to the latest version – Windows 10 v1709. To find out which version of Windows 10 your PC is running, press Windows logo key + R, type winver, then select OK.

If you would like to upgrade your PC, please send an e-mail to the IT Service Desk at help@sun.ac.za to log a request.

Email

Tags: ,
Posted in General, Security | Comments Off on Windows updates: for your own safety

Dropbox phishing scam

Monday, February 5th, 2018

If you receive an email from your bank wanting to share a paper via Dropbox with you, be aware that it’s a phishing scam. 

If you hover your mouse (don’t click on the Dropbox link) over the link the originating server will appear and it is NOT DropBox, but the phisher’s server, currently based in Brazil. No bank would ever use DropBox to send you documents.

This e-mail has some obvious signs of a phishing scam. First, it does not address you personally, but uses your email address. Also, the email sounds urgent, (it from “your bank”) trying to get you to react quickly without thinking and click on the button. Finally, if you hover over the button, your browser will display the link destination (what is called the spammy URL) at the bottom of the window. The URL does not belong to the alleged sender, Dropbox.

Victims who are fooled into clicking on the link will get the following webpage:

 

(Notice the links to Outlook Mail and the name of the server that is not Dropbox’s servers but one based in Brazil.)

These criminals want you to divulge your personal details like usernames, passwords etc.

If you have received emails similar to this please  report it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to help@sun.ac.za and sysadm@sun.ac.za.

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

IT have set up a website page with useful information on how to report and combat phishing and spam. The address is: https://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

[Article by David Wiles]

Email

Posted in phishing, Security | Comments Off on Dropbox phishing scam

Virus warning

Monday, February 5th, 2018

If you receive an email with the subject: “URGENT – CCMA Final Reminder: Case GAJK0238819-18 (GAJK) is scheduled for ‘Arbitration’…” allegedly sent by the CCMA, and with an attachment with a .DOC.gz extension, DO NOT try to open it. The attachment is a rather nasty Trojan-variant of a Crypto virus.

This virus opens the “back door” of your computer to hackers once it infects your PC. The trojan is programmed to run at every start-up, giving the hackers, who originated the program, access to your hard drive. In addition, this trojan can re-create itself, making it hard to remove it completely.

If you received this email or any similar ones, please it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to help@sun.ac.za and sysadm@sun.ac.za

Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

IT have set up a website page with useful information on how to report and combat phishing and spam. The address is: https://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

 

[Article by David Wiles]

 

 

Email

Tags: ,
Posted in Security | Comments Off on Virus warning

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.