%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R 32 0 R ] /Count 2 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20250725102909+00'00') /ModDate (D:20250725102909+00'00') /Title (Report 07-2025) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 12 0 R 14 0 R 16 0 R 18 0 R 20 0 R 22 0 R 24 0 R 26 0 R 28 0 R 30 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 6707 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 69.563 521.469 677.171 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 45.266 746.734 m 566.734 746.734 l 565.984 745.984 l 46.016 745.984 l f 566.734 746.734 m 566.734 69.563 l 565.984 69.563 l 565.984 745.984 l f 45.266 746.734 m 45.266 69.563 l 46.016 69.563 l 46.016 745.984 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(MULTI-FACTOR AUTHENTICATION \(MFA\) FAQS)] TJ ET 0.400 0.400 0.400 rg BT 61.016 664.909 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 664.909 Td /F3 9.0 Tf [(June 08,2020)] TJ ET BT 160.079 664.909 Td /F2 9.0 Tf [( by )] TJ ET BT 174.587 664.909 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 637.420 Td /F4 9.0 Tf [(Information Technology recently)] TJ ET BT 189.068 637.420 Td /F4 9.0 Tf [( enabled MFA for our staff and students. Soon?all staff and students?will be required to )] TJ ET BT 61.016 626.431 Td /F4 9.0 Tf [(use multi factor authentication to secure their information and the university)] TJ ET BT 360.149 626.431 Td /F4 9.0 Tf [(’s)] TJ ET BT 366.647 626.431 Td /F4 9.0 Tf [( network.)] TJ ET BT 403.160 626.431 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 606.442 Td /F1 9.0 Tf [(FREQUENTLY ASKED QUESTIONS)] TJ ET BT 211.532 606.442 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 586.453 Td /F1 9.0 Tf [(What is MFA?? )] TJ ET BT 61.016 566.464 Td /F4 9.0 Tf [(Multi-Factor Authentication adds a second layer of security to your account to ensure that your account stays safe, even if )] TJ ET BT 61.016 555.475 Td /F4 9.0 Tf [(someone else knows your password. This will mean that, for certain services, including Microsoft Outlook, Teams, etc. you )] TJ ET BT 61.016 544.486 Td /F4 9.0 Tf [(will be prompted to provide more information in order to authenticate your identity as a Stellenbosch University student or )] TJ ET BT 61.016 533.497 Td /F4 9.0 Tf [(staff member. )] TJ ET 0.373 0.169 0.255 rg BT 118.535 533.497 Td /F4 9.0 Tf [(More about MFA here.)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 118.535 532.346 m 208.571 532.346 l S 0.153 0.153 0.153 rg BT 208.571 533.497 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 513.508 Td /F1 9.0 Tf [(Why is it so important that I enrol for MFA?  )] TJ ET BT 61.016 493.519 Td /F4 9.0 Tf [(By enrolling for MFA)] TJ ET BT 142.538 493.519 Td /F4 9.0 Tf [(,)] TJ ET BT 145.040 493.519 Td /F4 9.0 Tf [( you ensure that your account is )] TJ ET BT 275.108 493.519 Td /F4 9.0 Tf [(more )] TJ ET BT 298.112 493.519 Td /F4 9.0 Tf [(secure.)] TJ ET BT 327.623 493.519 Td /F4 9.0 Tf [(  You are protecting your own data \(including your HR, )] TJ ET BT 61.016 482.530 Td /F4 9.0 Tf [(payment details, etc.\), your colleagues and the university.)] TJ ET BT 61.016 462.541 Td /F1 9.0 Tf [(How do I enrol for MFA?)] TJ ET BT 165.020 462.541 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 442.552 Td /F4 9.0 Tf [(By following the steps set out in the )] TJ ET 0.373 0.169 0.255 rg BT 204.593 442.552 Td /F4 9.0 Tf [(.pdf document.)] TJ ET 0.18 w 0 J [ ] 0 d 204.593 441.401 m 264.128 441.401 l S 0.153 0.153 0.153 rg BT 264.128 442.552 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 422.563 Td /F1 9.0 Tf [(What must I do if the document does not open? )] TJ ET BT 61.016 402.574 Td /F4 9.0 Tf [(If the document does not open, it could be due to a slow internet connection or you do not have a PDF reader \(e.g. Adobe )] TJ ET BT 61.016 391.585 Td /F4 9.0 Tf [(Acrobat\) installed. Please also clear your browser history or try to open the link in a different browser.?)] TJ ET BT 468.176 391.585 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 371.596 Td /F1 9.0 Tf [(How can a PDF reader be installed? )] TJ ET BT 61.016 351.607 Td /F4 9.0 Tf [(Please raise a request on the ICT Partner Portal that is available at)] TJ ET BT 327.641 351.607 Td /F4 9.0 Tf [( )] TJ ET 0.373 0.169 0.255 rg BT 330.143 351.607 Td /F4 9.0 Tf [(https://servicedesk.sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 330.143 350.456 m 445.694 350.456 l S 0.153 0.153 0.153 rg BT 445.694 351.607 Td /F4 9.0 Tf [( )] TJ ET BT 448.196 351.607 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 331.618 Td /F1 9.0 Tf [(What can I do if I have problems to enrol for MFA? )] TJ ET BT 61.016 311.629 Td /F4 9.0 Tf [(If you are struggling to )] TJ ET BT 152.564 311.629 Td /F4 9.0 Tf [(enrol)] TJ ET BT 172.571 311.629 Td /F4 9.0 Tf [( for)] TJ ET BT 185.576 311.629 Td /F4 9.0 Tf [( MFA, please )] TJ ET BT 241.097 311.629 Td /F4 9.0 Tf [(log a)] TJ ET BT 260.609 311.629 Td /F4 9.0 Tf [( request on )] TJ ET BT 308.138 311.629 Td /F4 9.0 Tf [(the)] TJ ET BT 320.648 311.629 Td /F4 9.0 Tf [( )] TJ ET 0.373 0.169 0.255 rg BT 323.150 311.629 Td /F4 9.0 Tf [(ICT Partner Portal)] TJ ET 0.18 w 0 J [ ] 0 d 323.150 310.478 m 395.672 310.478 l S 0.153 0.153 0.153 rg BT 395.672 311.629 Td /F4 9.0 Tf [( and a technician will contact you.?)] TJ ET BT 534.740 311.629 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 291.640 Td /F1 9.0 Tf [(When do I have to enrol for MFA? )] TJ ET BT 61.016 271.651 Td /F4 9.0 Tf [(Please )] TJ ET BT 91.031 271.651 Td /F4 9.0 Tf [(enrol)] TJ ET BT 111.038 271.651 Td /F4 9.0 Tf [( for MFA as soon as possible. It is critical that all our staff and students use two-factor authentication. )] TJ ET BT 61.016 251.662 Td /F1 9.0 Tf [(How will I know that I have successfully enrolled for MFA? )] TJ ET BT 61.016 231.673 Td /F4 9.0 Tf [(A confirmation message will be displayed on the last screen of the )] TJ ET BT 326.633 231.673 Td /F4 9.0 Tf [(enrolment)] TJ ET BT 366.647 231.673 Td /F4 9.0 Tf [( process.)] TJ ET BT 403.160 231.673 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 220.684 Td /F4 9.0 Tf [(You are now enrolled for Multi Factor Authentication.)] TJ ET BT 61.016 200.695 Td /F1 9.0 Tf [(What must I do if I don't see the  screens as indicated on the enrolment document? )] TJ ET BT 61.016 180.706 Td /F4 9.0 Tf [(Raise a request on the ICT Partner Portal at)] TJ ET BT 236.597 180.706 Td /F4 9.0 Tf [( )] TJ ET 0.373 0.169 0.255 rg BT 239.099 180.706 Td /F4 9.0 Tf [(https://servicedesk.sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 239.099 179.555 m 354.650 179.555 l S 0.153 0.153 0.153 rg BT 354.650 180.706 Td /F4 9.0 Tf [( )] TJ ET BT 357.152 180.706 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 160.717 Td /F1 9.0 Tf [(Will I be charged for the MFA authentication SMS's? )] TJ ET BT 61.016 140.728 Td /F4 9.0 Tf [(No, the SMS's are at the cost of the University.)] TJ ET BT 247.316 140.728 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 120.739 Td /F1 9.0 Tf [(Can I enrol for MFA if I stay in an area without cell phone signal? )] TJ ET BT 61.016 100.750 Td /F4 9.0 Tf [(No, you need a cellphone with reception to enrol for MFA.)] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Annot /Subtype /Link /A 13 0 R /Border [0 0 0] /H /I /Rect [ 118.5347 542.2879 118.5347 542.2879 ] >> endobj 13 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/en/2020/05/what-is-mfa/) >> endobj 14 0 obj << /Type /Annot /Subtype /Link /A 15 0 R /Border [0 0 0] /H /I /Rect [ 118.5347 532.6642 208.5707 541.8217 ] >> endobj 15 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/en/2020/05/what-is-mfa/) >> endobj 16 0 obj << /Type /Annot /Subtype /Link /A 17 0 R /Border [0 0 0] /H /I /Rect [ 204.5927 451.3429 204.5927 451.3429 ] >> endobj 17 0 obj << /Type /Action /S /URI /URI (http://admin.sun.ac.za/infoteg/dokumente/MFA_guide.pdf) >> endobj 18 0 obj << /Type /Annot /Subtype /Link /A 19 0 R /Border [0 0 0] /H /I /Rect [ 204.5927 441.7192 264.1277 450.8767 ] >> endobj 19 0 obj << /Type /Action /S /URI /URI (http://admin.sun.ac.za/infoteg/dokumente/MFA_guide.pdf) >> endobj 20 0 obj << /Type /Annot /Subtype /Link /A 21 0 R /Border [0 0 0] /H /I /Rect [ 330.1427 360.3979 330.1427 360.3979 ] >> endobj 21 0 obj << /Type /Action /S /URI /URI (https://servicedesk.sun.ac.za/) >> endobj 22 0 obj << /Type /Annot /Subtype /Link /A 23 0 R /Border [0 0 0] /H /I /Rect [ 330.1427 350.7742 445.6937 359.9317 ] >> endobj 23 0 obj << /Type /Action /S /URI /URI (https://servicedesk.sun.ac.za/) >> endobj 24 0 obj << /Type /Annot /Subtype /Link /A 25 0 R /Border [0 0 0] /H /I /Rect [ 323.1497 320.4199 323.1497 320.4199 ] >> endobj 25 0 obj << /Type /Action /S /URI /URI (https://servicedesk.sun.ac.za/) >> endobj 26 0 obj << /Type /Annot /Subtype /Link /A 27 0 R /Border [0 0 0] /H /I /Rect [ 323.1497 310.7962 395.6717 319.9537 ] >> endobj 27 0 obj << /Type /Action /S /URI /URI (https://servicedesk.sun.ac.za/) >> endobj 28 0 obj << /Type /Annot /Subtype /Link /A 29 0 R /Border [0 0 0] /H /I /Rect [ 239.0987 189.4969 239.0987 189.4969 ] >> endobj 29 0 obj << /Type /Action /S /URI /URI (https://servicedesk.sun.ac.za/) >> endobj 30 0 obj << /Type /Annot /Subtype /Link /A 31 0 R /Border [0 0 0] /H /I /Rect [ 239.0987 179.8732 354.6497 189.0307 ] >> endobj 31 0 obj << /Type /Action /S /URI /URI (https://servicedesk.sun.ac.za/) >> endobj 32 0 obj << /Type /Page /Parent 3 0 R /Contents 33 0 R >> endobj 33 0 obj << /Length 1873 >> stream 0.153 0.153 0.153 rg 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 587.833 521.469 170.151 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 45.266 587.833 m 566.734 587.833 l 565.984 588.583 l 46.016 588.583 l f 566.734 757.984 m 566.734 587.833 l 565.984 588.583 l 565.984 757.984 l f 45.266 757.984 m 45.266 587.833 l 46.016 588.583 l 46.016 757.984 l f 61.016 603.583 m 550.984 603.583 l 550.984 604.333 l 61.016 604.333 l f 0.153 0.153 0.153 rg BT 61.016 740.193 Td /F1 9.0 Tf [(Which IT services will be activated for MFA? )] TJ ET BT 61.016 720.204 Td /F4 9.0 Tf [(For the first phase all Microsoft365 \(Outlook, Sharepoint Online, OneDrive for Business, etc.\) applications will require MFA )] TJ ET BT 61.016 709.215 Td /F4 9.0 Tf [(authentication. )] TJ ET BT 61.016 689.226 Td /F1 9.0 Tf [(What will happen if a service is activated for MFA?)] TJ ET BT 277.079 689.226 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 669.237 Td /F4 9.0 Tf [(Before you can access the )] TJ ET BT 169.574 669.237 Td /F4 9.0 Tf [(service)] TJ ET BT 198.077 669.237 Td /F4 9.0 Tf [( y)] TJ ET BT 205.079 669.237 Td /F4 9.0 Tf [(ou will be requested to enter the one-time pin number)] TJ ET BT 418.181 669.237 Td /F4 9.0 Tf [( that will be sent to the cell )] TJ ET BT 61.016 658.248 Td /F4 9.0 Tf [(phone number that you have indicated during the enrolment process.)] TJ ET BT 335.660 658.248 Td /F4 9.0 Tf [( Or if you chose to use the Authenticator App a )] TJ ET BT 61.016 647.259 Td /F4 9.0 Tf [(message will be sent to your phone via the app which request that you approve and in some cases it might also ask for a )] TJ ET BT 61.016 636.270 Td /F4 9.0 Tf [(scan of your thumbprint. )] TJ ET 0.400 0.400 0.400 rg BT 61.016 617.781 Td /F2 9.0 Tf [(Posted in:Security | | With 0 comments)] TJ ET endstream endobj xref 0 34 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000312 00000 n 0000000341 00000 n 0000000479 00000 n 0000000624 00000 n 0000007383 00000 n 0000007495 00000 n 0000007610 00000 n 0000007730 00000 n 0000007838 00000 n 0000007966 00000 n 0000008067 00000 n 0000008195 00000 n 0000008296 00000 n 0000008424 00000 n 0000008530 00000 n 0000008658 00000 n 0000008764 00000 n 0000008892 00000 n 0000008974 00000 n 0000009102 00000 n 0000009184 00000 n 0000009312 00000 n 0000009394 00000 n 0000009522 00000 n 0000009604 00000 n 0000009732 00000 n 0000009814 00000 n 0000009942 00000 n 0000010024 00000 n 0000010089 00000 n trailer << /Size 34 /Root 1 0 R /Info 5 0 R >> startxref 12015 %%EOF Security « Informasietegnologie
Language:
SEARCH
  • Recent Posts

  • Categories

  • Archives

Security

Phishing attack with subject: “Re-Validate”

Saturday, December 2nd, 2017

With the graduation just around the corner and most students already on holiday, and many of our colleagues already taking a well-deserved break, and collectively we all tend to be a little less vigilant.

The end of the year vacation period is generally a time when phishing attacks on our email accounts drop, and it is speculated that the phishers know there are significantly fewer employees working during the holidays, so there are fewer opportunities for targeted users to actually open malicious attachments.

However spear-phishing attacks increase when the Information technology and “cyber-security”  centres of large enterprises like the university security operations are lightly staffed or understaffed. The scammers know that there is a greater chance for them to gain access to accounts via spear-phishing as the “watchdogs” are fewer.

What is spear-phishing?

Spear-phishing is a targeted form of phishing in which fraudulent emails are sent to specific individuals at an institution like the university in an effort to gain access to confidential information. Often a trustworthy entity is impersonated that uses “urgent” language to requesting sensitive information or actions.

[In August this year the MacEwan University in Canada was targeted when a series of fraudulent emails convinced MacEwan University staff to change electronic banking information for one of the university’s major vendors, resulting in $11.8 million being transferred to criminals.]

The following spear-phishing e-mail is appearing in some student and personnel accounts and it seems to be targeting university accounts specifically as the salutation is a personal name: (in this case your e-mail address, or in some cases your display name in e-mail e.g Wiles, David <dw@sun.ac.za>

The mail will look like this:

~~~

From: Zimbra <infog@adm.orel.ru>
Sent: 01 December 2017 22:15
To: Your Own name <your-e-mail@sun.ac.za>
Subject: Re-Validate

 
Dear your-e-mail@sun.ac.za , 
Your account has exceeded it quota limit as set by Administrator, and you may not be able to send or receive new mails until you Re-Validate your your-e-mail@sun.ac.za account. 
To Re-Validate account@sun.ac.za account, Please CLICK: Re-Validate your-e-mail@sun.ac.za Account
 
~~~
 
If you click on the link you will be taken to a website that will show the following login window where you will be asked to fill in your personal details and password. Once this happen the spear-phishers will have gained control over your email account and will proceed to locate more sensitive information like other e-mail addresses and bank account details, for example. Your e-mail account will then be used to attack other university accounts.


Please be aware of this spear-phishing scam. No university department or division will ever ask you for passwords via e-mail.

[ARTICLE BY DAVID WILES]

Nigerian 419 Advance Fee scam

Wednesday, November 29th, 2017

A scam in the form of a well-known “Nigerian 419 Advance Fee” mail is appearing in some of our colleagues and students mailboxes this morning.

The mail is rather simple:

Subject is: “Kindly view attach and forward your reply to <a gmail address>”

The mail’s content simply states the same and the attachment is an image of a letter and states that the sender has a large amount of money that they would like to send you.

This is a typical “Nigerian 411 Advance Fee” scam.

Here is how it works:

You receive an unsolicited message that masquerades as some manner of business proposition, request for assistance, notice of a potential inheritance, or opportunity to help a charity but all of the scam messages share a common theme.

The messages all claim that your help is needed to access a very large sum of money and promise that you will receive a significant portion of this money in exchange for your help.

The scammers use a variety of stories to explain why they need your help to access the funds.

  • They may claim that political climate or legal issues preclude them from accessing funds in a foreign bank account and request your help to gain such access.
  • They may claim that your last name is the same as that of the deceased person who owned an account and suggests that you act as the next of kin of this person in order to gain access to the account’s funds.
  • They may claim that a rich businessman, who has a terminal illness, needs your help to distribute his wealth to charity.
  • They may claim that a soldier stationed overseas has discovered a cache of hidden cash left by a fleeing dictator and needs your help to get the money out of the country.

All these scams promise to let you keep a significant percentage of the funds in exchange for your assistance. This is the bait that is used to pull potential victims deeper into the scam. Once a recipient has taken the bait, and initiated a dialogue with the scammers, he or she will soon receive requests for “fees” that the scammer claims are necessary for processing costs, tax and legal fees, bribes to local officials, or other – totally imaginary – fees.

In reality, the supposed funds do not exist and the main purpose of these scam messages is to trick recipients into parting with their money in the form of these advance fees. Fraudulent requests for fees will usually continue until the victim realises he or she is being conned and stops sending money. In some cases, the scammers may gather enough information to access the victim’s bank account directly or steal the victim’s identity.

Typically, advance fee scammers will send many thousands of identical scam messages to recipients all around the world. (as is today’s example) It only takes a few recipients to fall for the claims in the messages to make the operation pay off for the criminals.

What to do if you receive such an Advance Fee email:

It is important that you do not respond to it in any way. The scammers are likely to act upon any response from those they see as potential victims. The best thing to do with these scam messages is to simply delete them.

Send the spam/phishing mail to the following addresses

help@sun.ac.za and sysadm@sun.ac.za.

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

If you have fallen for the scam:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

IT have set up a website page with useful information on how to report and combat phishing and spam. The address is:

https://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

As you can see the address has a sun.ac.za at the end of the domain name, so it is legitimate. I suggest bookmarking this.

[ARTICLE BY DAVID WILES]

 

 

Phishing: Subject “Your Email Address Has Been Compromised”

Wednesday, November 15th, 2017

We’ve had a couple of reports from personnel and students about getting messages with a subject of “Your Email Address Has Been Compromised” (notice the capitalisation of every word, which is one of the signs of phishing)

The scammers have spoofed the recipient (your e-mail address to read info@verify.com) and the sender seems to come from a compromised university account in the USA (address end with an .edu)

The subject says: “Your Email Address Has Been Compromised” and a link Verify HERE is included which takes you to a website ending with a “weebly.com”. It looks already as if the website is offline or has already been blocked by Information Technology, but you should never click on links in mail if the sender is unknown.

Keep in mind, Information Technology will never send you such a mail, telling you that your e-mail address has been compromised. All IT’s communications are bilingual and will always address you personally.

If you get mail like this and you are not sure if it is legitimate or not, you should never click links or respond but rather contact IT telephonically at 808 4367 to verify. 

Information Technology will send you an automated mail IF you have changed your password on the network that is branded, is bilingual, and informs you of a password change, but it is always better to check and make sure especially if you HAVEN’T changed your password or don’t recall if you have changed your password.

Here is an example of the current phishing scam.

 

 

If you have received mail that looks like this please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to the following addresses

help@sun.ac.za

…and sysadm@sun.ac.za as well.

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

Phishing: Subject “Unusual Login Attempt”

Monday, October 30th, 2017

A new phishing attempt on staff and students of Stellenbosch University by means of a fake website was launched earlier this week. The website has been blocked by IT in the meantime so you will not be able to access it. 

The mail will be simple with a subject line of “Unusual Login Attempt”. 

The recipient field has been spoofed to hide the sender and recipient and the content of the mail is simply a link that says:

“For Details Verify” (with the Verify links to a website called “stellenboschuniversity.weebly.com”) (See example below)

If you suspect an email is a phishing attempt, please immediately report it to the Information Technology Security Team. With your help, we can block the malicious website as soon as possible and quarantine the compromised sun account from which the email is sent. If you are not sure how to recognise a phishing email, here are a few tips. Also have a look at examples of previous phishing attempts.

Instructions to report a phishing, spam or malware incident.

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

[ARTICLE BY DAVID WILES]

 

South Africa’s biggest data breach and what to do about it

Thursday, October 19th, 2017

In October South Africa was hit by the largest data breach in its history. The ID numbers, names, gender, ethnicity, home ownership, contact information & estimated income of an estimated 60 million South Africans were leaked online from a website belonging to a real estate company.

The fact that the actual breach occurred in April this year and was only announced in October, should not be of concern, but the fact that the personal information of 60 million of us South Africans is now in the “open” and can be exploited by criminal and scammers worldwide, should be a cause for worry as this is the type of information cybercriminals use for identity theft.

With enough personal information‚ criminals can do damage to a person by illegally opening credit accounts or make bookings using the information included in this database leak. It is an extremely big risk. The great risk is to the individual whose data has been breached.

The following measures have been suggested by experts in the IT security business:

  • Monitor your credit reports. Every time you buy on credit, your credit record is created at the National Credit Regulator (NCR). Credit providers and financial institutions always check credit records (with your permission) for various applications. Check your credit report as often as you can.
  • Do not be afraid to put a freeze on your credit information. A freeze means the credit bureaus can’t release your credit report or any other information in your file without your authorization. With no information, thieves will not be able to open any account in your name.
  • Consider an identity theft protection service. For a fee, some third-party services take credit monitoring a step further and notify you if someone has inquired about credit in your name.
  • Protect your email. Your email address and password, which are often compromised in a data breach, can be a treasure trove for identity thieves.  With these data points, thieves can potentially get access to your banking, and other personal information.
  • It’s also important to use secure passwords with a combination of letters, numbers, and symbols, change passwords often and use different passwords for each of your accounts.

In the wake of the breach, the website ThisIsMe has launched new tools and revealed practical steps that you can take to mitigate the prevalent risks resulting from this explosive breach.  Read more about it on MyBroadband.

[ARTICLE BY DAVID WILES]

 

 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.