Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

Security

« Older Entries
Newer Entries »

Phishing with subject “Email Expired”

Thursday, February 1st, 2018

Several students and personnel have informed us of a “new” mail making its rounds on our campuses.

The sender is “Postmaster” with the subject of “Email Expired”. This phishing scam tells you that your e-mail account will shortly expire and uses scare tactics to convince you to “click” on a link to activate your email.

Information Technology will never send you this type of email, ask you to click on a link or provide your username or password. Do not respond to these emails or click on links.

If you have received mail that looks like this please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to the following addresses

help@sun.ac.za and sysadm@sun.ac.za.

Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

IT has set up a website page with useful information on how to report and combat phishing and spam. The address is: https://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

 

[Article by David Wiles]

 

Email

Tags: ,
Posted in Security | Comments Off on Phishing with subject “Email Expired”

PHISHING: “Your Email Account Has Been Compromise”

Monday, January 29th, 2018

Please be aware that there are e-mails being sent from an outside e-mail address (@lasell.edu) with the subject  “Your Email Account Has Been Compromise” (including capitalisation of every word and a spelling mistake at the end)

The mail contains only the following:

Verify HERE

This is a phishing scam. Information Technology will never send an email like this, ask you to provide your username or password or require you to click on a link in an e-mail.

Here is an example of the phishing mail:


Many people, including students and staff can be easily fooled and manipulated by the social engineering tricks of the phishing scammers.

Once they fall victim to this phishing scam and the scammers have control of an university account, they will stop using the outside e-mail address.

Don’t become one of these victims. If you receive and e-mail with the subject “Your Email Account Has Been Compromise” and it seems that comes from a university account (like a student number, or even a known university colleague), do not respond to it, forward it or click on the link.

Report it to Information Technology’s Cyber-Security Team (details below) and then delete or move it in your Junk E-mail folder. You can use the Rules function in Outlook and Office365 Mail to delete all mail with those subject lines or senders.

Here are the instructions again:

If you have received mail that looks like this please immediately report it to Information Technology using the following method:

Send the spam/phishing mail to help@sun.ac.za and sysadm@sun.ac.za.

Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe): http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)

2. Use the Title “SPAM” (without quotes) in the Subject.

3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.

4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

IT have set up a website page with useful information on how to report and combat phishing and spam. The address is: https://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

 

[ARTICLE by David Wiles]

Email

Tags:
Posted in phishing, Security | Comments Off on PHISHING: “Your Email Account Has Been Compromise”

Protect your personal information

Monday, January 29th, 2018

Data Privacy Day, occurring every year on 28 January, is an international effort to empower individuals and business to respect privacy, safeguard data and enable trust. 

Over the past year the world saw many extensive data breaches across the world. This has accentuated the necessity for creating a greater awareness of protecting information. 

But why should we care about our information?

We are entering the next generation of technological advancement like the Internet of Things, which will connect devices in our schools, home and workplaces. This provides many opportunities, but consumers will have to learn to protect and secure their information. Your devices make it easy to connect to the world around you, but they can also track a lot of information about you and your family. 

How much information do you share online daily? We spend most of our day on the internet where all our actions are tracked and collected by the devices we use. This data is stored indefinitely and can be used at any time. 

The National Cyber Security Alliance in the United States have the following tips:

  1. Personal info is like money: value it, protect it. 
    Be thoughtful about who gets your information and how it’s collected through apps and websites. Delete unused apps, update others and review your app permissions.
  2. Share with care.
    Think before posting about yourself and others online. Review your social network friends and contact lists regularly.
  3. Own your online presence.
    Set the privacy and security settings on websites and apps. You can share information with only friends and family.
  4. Lock down your login.
    Make sure your accounts are secure. Don’t use a password only for bank accounts, email and social media. Use two-step authentication, bio-metrics or security keys.
  5. Keep a clean machine.
    Keep your software, operating systems (mobile and PC), anti-virus and apps updated to prevent data loss, infections and malware.
  6. Apply the golden rule. 
    Post only about others as you would have them post about you.
  7. Secure your devices.
    Every device should be secured with a password or strong authentication – finger swipe, facial recognition, etc. Imagine what someone could do with the information on your device if it got lost?
  8. Think before you app.
    Information about you, such as the games you like to play, your contact lists, where you shop and your location has tremendous value. Apps collect this information. A recent example is activity-tracking app, Strava’s privacy issue. 

FACT AND STATISTICS

  • 41% of Americans have been personally subjected to harassing behaviour online and one in five (18%) has been subjected to particularly severe forms of harassment online. 
  • 82% of cyber-stalkers use social media to find out where their potential victims live, where they go to school, etc.
  • Four in five US physicians have had cyber-attacks in their practices. Keep in mind that medical and health information is among the most sensitive and personal information about people. 

 

[SOURCE: https://staysafeonline.org and www.wikipedia.org]

Email

Tags:
Posted in Security, Tips | Comments Off on Protect your personal information

OneDrive for Business: Anonymous file sharing

Monday, January 22nd, 2018

Information Technology recently assessed our OneDrive for Business platform to ensure that no security risks exist for our users and network. During this assessment we identified a number of users who are currently using the anonymous sharing function (“Anyone with the link can view and edit”) on OneDrive.

With anonymous file sharing there is no control or record of who has access to the shared files. Anybody who has the link can access and/or edit the files. This poses a security risk for the University and our users. For this reason we are compelled to switch off anonymous usage.

From Thursday, 1 February 2018 you will no longer be able to share files anonymously on OneDrive. Sharing will still be possible with internal and external users, but at a higher security level.

Guides on best practices for sharing files on OneDrive is available www.sun.ac.za/itselfhelp under the Office365 section or directly on this page. If you are have any enquiries, please contact the IT Service Desk by emailing help@sun.ac.za or calling our Service Desk at 808 4367.

Email

Tags:
Posted in Connectivity, General, Internet, Security | Comments Off on OneDrive for Business: Anonymous file sharing

Phishing: PSG “Your profile details will expire”

Monday, January 22nd, 2018

There is currently a phishing email making the rounds claiming to be from PSG Wealth.

Be on the lookout for an email requesting you to update your personal information, as your PSG online “profile details will expire”. The link redirects users to a page that looks like the PSG securities trading website, but is a clever forgery.

PSG have assured us that they will never send you an email asking to provide sensitive information online. So it is important to check the validity of any such emails before you respond to requests like these.

Below is an example of one such mail:

There are 3 obvious signs that this mail is fraudulent:

  • The sender´s email address (`from´ address) is disguised to look like it comes from PSG Wealth. The message is actually sent from a different address that does not match our PSG email addresses (using an @psg.com.sa address instead of an @psg.co.za address).
  • The recipient is not specified.
  • The website link provided is not to a PSG domain address and the website is not indicated as being secure. (no little padlock icon or https: in the URL)

What should you do if you have already provided your details in responding to this phishing scam?

If you responded to such an email, login to your account by typing psg.co.za into your browser window and reset your password immediately.

Continue to monitor your account for any unauthorised transactions and alert PSG immediately if you note any suspicious transactions.

Avoid becoming a victim in future: (This applies to all phishing scams, not just this fraudulent scam)

  • Type in website addresses – do not follow links embedded in emails.
  • Do not reuse passwords, especially for financial sites. 
  • Do not click on attachments, unless you know who they are from and are expecting the document in question.
  • Never part with your login details.

If you are not sure that a request for information is legitimate, rather contact the company to verify its authenticity.

~~~

Report the spam/phishing mail to the following addresses:
help@sun.ac.za and sysadm@sun.ac.za. 

Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx
1. Start up a new mail addressed to sysadm@sun.ac.za  (CC: help@sun.ac.za)
2. Use the Title “SPAM” (without quotes) in the Subject.
3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
4. Send the mail.

[Article by David Wiles]

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on Phishing: PSG “Your profile details will expire”

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.