Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

Security

« Older Entries
Newer Entries »

Phishing attack with subject: “Re-Validate”

Saturday, December 2nd, 2017

With the graduation just around the corner and most students already on holiday, and many of our colleagues already taking a well-deserved break, and collectively we all tend to be a little less vigilant.

The end of the year vacation period is generally a time when phishing attacks on our email accounts drop, and it is speculated that the phishers know there are significantly fewer employees working during the holidays, so there are fewer opportunities for targeted users to actually open malicious attachments.

However spear-phishing attacks increase when the Information technology and “cyber-security”  centres of large enterprises like the university security operations are lightly staffed or understaffed. The scammers know that there is a greater chance for them to gain access to accounts via spear-phishing as the “watchdogs” are fewer.

What is spear-phishing?

Spear-phishing is a targeted form of phishing in which fraudulent emails are sent to specific individuals at an institution like the university in an effort to gain access to confidential information. Often a trustworthy entity is impersonated that uses “urgent” language to requesting sensitive information or actions.

[In August this year the MacEwan University in Canada was targeted when a series of fraudulent emails convinced MacEwan University staff to change electronic banking information for one of the university’s major vendors, resulting in $11.8 million being transferred to criminals.]

The following spear-phishing e-mail is appearing in some student and personnel accounts and it seems to be targeting university accounts specifically as the salutation is a personal name: (in this case your e-mail address, or in some cases your display name in e-mail e.g Wiles, David <dw@sun.ac.za>

The mail will look like this:

~~~

From: Zimbra <infog@adm.orel.ru>
Sent: 01 December 2017 22:15
To: Your Own name <your-e-mail@sun.ac.za>
Subject: Re-Validate

 
Dear your-e-mail@sun.ac.za , 
Your account has exceeded it quota limit as set by Administrator, and you may not be able to send or receive new mails until you Re-Validate your your-e-mail@sun.ac.za account. 
To Re-Validate account@sun.ac.za account, Please CLICK: Re-Validate your-e-mail@sun.ac.za Account
 
~~~
 
If you click on the link you will be taken to a website that will show the following login window where you will be asked to fill in your personal details and password. Once this happen the spear-phishers will have gained control over your email account and will proceed to locate more sensitive information like other e-mail addresses and bank account details, for example. Your e-mail account will then be used to attack other university accounts.


Please be aware of this spear-phishing scam. No university department or division will ever ask you for passwords via e-mail.

[ARTICLE BY DAVID WILES]

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on Phishing attack with subject: “Re-Validate”

Nigerian 419 Advance Fee scam

Wednesday, November 29th, 2017

A scam in the form of a well-known “Nigerian 419 Advance Fee” mail is appearing in some of our colleagues and students mailboxes this morning.

The mail is rather simple:

Subject is: “Kindly view attach and forward your reply to <a gmail address>”

The mail’s content simply states the same and the attachment is an image of a letter and states that the sender has a large amount of money that they would like to send you.

This is a typical “Nigerian 411 Advance Fee” scam.

Here is how it works:

You receive an unsolicited message that masquerades as some manner of business proposition, request for assistance, notice of a potential inheritance, or opportunity to help a charity but all of the scam messages share a common theme.

The messages all claim that your help is needed to access a very large sum of money and promise that you will receive a significant portion of this money in exchange for your help.

The scammers use a variety of stories to explain why they need your help to access the funds.

  • They may claim that political climate or legal issues preclude them from accessing funds in a foreign bank account and request your help to gain such access.
  • They may claim that your last name is the same as that of the deceased person who owned an account and suggests that you act as the next of kin of this person in order to gain access to the account’s funds.
  • They may claim that a rich businessman, who has a terminal illness, needs your help to distribute his wealth to charity.
  • They may claim that a soldier stationed overseas has discovered a cache of hidden cash left by a fleeing dictator and needs your help to get the money out of the country.

All these scams promise to let you keep a significant percentage of the funds in exchange for your assistance. This is the bait that is used to pull potential victims deeper into the scam. Once a recipient has taken the bait, and initiated a dialogue with the scammers, he or she will soon receive requests for “fees” that the scammer claims are necessary for processing costs, tax and legal fees, bribes to local officials, or other – totally imaginary – fees.

In reality, the supposed funds do not exist and the main purpose of these scam messages is to trick recipients into parting with their money in the form of these advance fees. Fraudulent requests for fees will usually continue until the victim realises he or she is being conned and stops sending money. In some cases, the scammers may gather enough information to access the victim’s bank account directly or steal the victim’s identity.

Typically, advance fee scammers will send many thousands of identical scam messages to recipients all around the world. (as is today’s example) It only takes a few recipients to fall for the claims in the messages to make the operation pay off for the criminals.

What to do if you receive such an Advance Fee email:

It is important that you do not respond to it in any way. The scammers are likely to act upon any response from those they see as potential victims. The best thing to do with these scam messages is to simply delete them.

Send the spam/phishing mail to the following addresses

help@sun.ac.za and sysadm@sun.ac.za.

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

If you have fallen for the scam:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

IT have set up a website page with useful information on how to report and combat phishing and spam. The address is:

https://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

As you can see the address has a sun.ac.za at the end of the domain name, so it is legitimate. I suggest bookmarking this.

[ARTICLE BY DAVID WILES]

 

 

Email

Tags: ,
Posted in E-mail, phishing, Security | Comments Off on Nigerian 419 Advance Fee scam

Phishing: Subject “Your Email Address Has Been Compromised”

Wednesday, November 15th, 2017

We’ve had a couple of reports from personnel and students about getting messages with a subject of “Your Email Address Has Been Compromised” (notice the capitalisation of every word, which is one of the signs of phishing)

The scammers have spoofed the recipient (your e-mail address to read info@verify.com) and the sender seems to come from a compromised university account in the USA (address end with an .edu)

The subject says: “Your Email Address Has Been Compromised” and a link Verify HERE is included which takes you to a website ending with a “weebly.com”. It looks already as if the website is offline or has already been blocked by Information Technology, but you should never click on links in mail if the sender is unknown.

Keep in mind, Information Technology will never send you such a mail, telling you that your e-mail address has been compromised. All IT’s communications are bilingual and will always address you personally.

If you get mail like this and you are not sure if it is legitimate or not, you should never click links or respond but rather contact IT telephonically at 808 4367 to verify. 

Information Technology will send you an automated mail IF you have changed your password on the network that is branded, is bilingual, and informs you of a password change, but it is always better to check and make sure especially if you HAVEN’T changed your password or don’t recall if you have changed your password.

Here is an example of the current phishing scam.

 

 

If you have received mail that looks like this please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to the following addresses

help@sun.ac.za

…and sysadm@sun.ac.za as well.

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on Phishing: Subject “Your Email Address Has Been Compromised”

Phishing: Subject “Unusual Login Attempt”

Monday, October 30th, 2017

A new phishing attempt on staff and students of Stellenbosch University by means of a fake website was launched earlier this week. The website has been blocked by IT in the meantime so you will not be able to access it. 

The mail will be simple with a subject line of “Unusual Login Attempt”. 

The recipient field has been spoofed to hide the sender and recipient and the content of the mail is simply a link that says:

“For Details Verify” (with the Verify links to a website called “stellenboschuniversity.weebly.com”) (See example below)

If you suspect an email is a phishing attempt, please immediately report it to the Information Technology Security Team. With your help, we can block the malicious website as soon as possible and quarantine the compromised sun account from which the email is sent. If you are not sure how to recognise a phishing email, here are a few tips. Also have a look at examples of previous phishing attempts.

Instructions to report a phishing, spam or malware incident.

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

[ARTICLE BY DAVID WILES]

 

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on Phishing: Subject “Unusual Login Attempt”

South Africa’s biggest data breach and what to do about it

Thursday, October 19th, 2017

In October South Africa was hit by the largest data breach in its history. The ID numbers, names, gender, ethnicity, home ownership, contact information & estimated income of an estimated 60 million South Africans were leaked online from a website belonging to a real estate company.

The fact that the actual breach occurred in April this year and was only announced in October, should not be of concern, but the fact that the personal information of 60 million of us South Africans is now in the “open” and can be exploited by criminal and scammers worldwide, should be a cause for worry as this is the type of information cybercriminals use for identity theft.

With enough personal information‚ criminals can do damage to a person by illegally opening credit accounts or make bookings using the information included in this database leak. It is an extremely big risk. The great risk is to the individual whose data has been breached.

The following measures have been suggested by experts in the IT security business:

  • Monitor your credit reports. Every time you buy on credit, your credit record is created at the National Credit Regulator (NCR). Credit providers and financial institutions always check credit records (with your permission) for various applications. Check your credit report as often as you can.
  • Do not be afraid to put a freeze on your credit information. A freeze means the credit bureaus can’t release your credit report or any other information in your file without your authorization. With no information, thieves will not be able to open any account in your name.
  • Consider an identity theft protection service. For a fee, some third-party services take credit monitoring a step further and notify you if someone has inquired about credit in your name.
  • Protect your email. Your email address and password, which are often compromised in a data breach, can be a treasure trove for identity thieves.  With these data points, thieves can potentially get access to your banking, and other personal information.
  • It’s also important to use secure passwords with a combination of letters, numbers, and symbols, change passwords often and use different passwords for each of your accounts.

In the wake of the breach, the website ThisIsMe has launched new tools and revealed practical steps that you can take to mitigate the prevalent risks resulting from this explosive breach.  Read more about it on MyBroadband.

[ARTICLE BY DAVID WILES]

 

Email

Tags:
Posted in Security | Comments Off on South Africa’s biggest data breach and what to do about it

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.