%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R 32 0 R ] /Count 2 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20250727202723+00'00') /ModDate (D:20250727202723+00'00') /Title (Report 07-2025) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 12 0 R 14 0 R 16 0 R 18 0 R 20 0 R 22 0 R 24 0 R 26 0 R 28 0 R 30 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 6707 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 69.563 521.469 677.171 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 45.266 746.734 m 566.734 746.734 l 565.984 745.984 l 46.016 745.984 l f 566.734 746.734 m 566.734 69.563 l 565.984 69.563 l 565.984 745.984 l f 45.266 746.734 m 45.266 69.563 l 46.016 69.563 l 46.016 745.984 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(MULTI-FACTOR AUTHENTICATION \(MFA\) FAQS)] TJ ET 0.400 0.400 0.400 rg BT 61.016 664.909 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 664.909 Td /F3 9.0 Tf [(June 08,2020)] TJ ET BT 160.079 664.909 Td /F2 9.0 Tf [( by )] TJ ET BT 174.587 664.909 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 637.420 Td /F4 9.0 Tf [(Information Technology recently)] TJ ET BT 189.068 637.420 Td /F4 9.0 Tf [( enabled MFA for our staff and students. Soon?all staff and students?will be required to )] TJ ET BT 61.016 626.431 Td /F4 9.0 Tf [(use multi factor authentication to secure their information and the university)] TJ ET BT 360.149 626.431 Td /F4 9.0 Tf [(’s)] TJ ET BT 366.647 626.431 Td /F4 9.0 Tf [( network.)] TJ ET BT 403.160 626.431 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 606.442 Td /F1 9.0 Tf [(FREQUENTLY ASKED QUESTIONS)] TJ ET BT 211.532 606.442 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 586.453 Td /F1 9.0 Tf [(What is MFA?? )] TJ ET BT 61.016 566.464 Td /F4 9.0 Tf [(Multi-Factor Authentication adds a second layer of security to your account to ensure that your account stays safe, even if )] TJ ET BT 61.016 555.475 Td /F4 9.0 Tf [(someone else knows your password. This will mean that, for certain services, including Microsoft Outlook, Teams, etc. you )] TJ ET BT 61.016 544.486 Td /F4 9.0 Tf [(will be prompted to provide more information in order to authenticate your identity as a Stellenbosch University student or )] TJ ET BT 61.016 533.497 Td /F4 9.0 Tf [(staff member. )] TJ ET 0.373 0.169 0.255 rg BT 118.535 533.497 Td /F4 9.0 Tf [(More about MFA here.)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 118.535 532.346 m 208.571 532.346 l S 0.153 0.153 0.153 rg BT 208.571 533.497 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 513.508 Td /F1 9.0 Tf [(Why is it so important that I enrol for MFA?  )] TJ ET BT 61.016 493.519 Td /F4 9.0 Tf [(By enrolling for MFA)] TJ ET BT 142.538 493.519 Td /F4 9.0 Tf [(,)] TJ ET BT 145.040 493.519 Td /F4 9.0 Tf [( you ensure that your account is )] TJ ET BT 275.108 493.519 Td /F4 9.0 Tf [(more )] TJ ET BT 298.112 493.519 Td /F4 9.0 Tf [(secure.)] TJ ET BT 327.623 493.519 Td /F4 9.0 Tf [(  You are protecting your own data \(including your HR, )] TJ ET BT 61.016 482.530 Td /F4 9.0 Tf [(payment details, etc.\), your colleagues and the university.)] TJ ET BT 61.016 462.541 Td /F1 9.0 Tf [(How do I enrol for MFA?)] TJ ET BT 165.020 462.541 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 442.552 Td /F4 9.0 Tf [(By following the steps set out in the )] TJ ET 0.373 0.169 0.255 rg BT 204.593 442.552 Td /F4 9.0 Tf [(.pdf document.)] TJ ET 0.18 w 0 J [ ] 0 d 204.593 441.401 m 264.128 441.401 l S 0.153 0.153 0.153 rg BT 264.128 442.552 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 422.563 Td /F1 9.0 Tf [(What must I do if the document does not open? )] TJ ET BT 61.016 402.574 Td /F4 9.0 Tf [(If the document does not open, it could be due to a slow internet connection or you do not have a PDF reader \(e.g. Adobe )] TJ ET BT 61.016 391.585 Td /F4 9.0 Tf [(Acrobat\) installed. Please also clear your browser history or try to open the link in a different browser.?)] TJ ET BT 468.176 391.585 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 371.596 Td /F1 9.0 Tf [(How can a PDF reader be installed? )] TJ ET BT 61.016 351.607 Td /F4 9.0 Tf [(Please raise a request on the ICT Partner Portal that is available at)] TJ ET BT 327.641 351.607 Td /F4 9.0 Tf [( )] TJ ET 0.373 0.169 0.255 rg BT 330.143 351.607 Td /F4 9.0 Tf [(https://servicedesk.sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 330.143 350.456 m 445.694 350.456 l S 0.153 0.153 0.153 rg BT 445.694 351.607 Td /F4 9.0 Tf [( )] TJ ET BT 448.196 351.607 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 331.618 Td /F1 9.0 Tf [(What can I do if I have problems to enrol for MFA? )] TJ ET BT 61.016 311.629 Td /F4 9.0 Tf [(If you are struggling to )] TJ ET BT 152.564 311.629 Td /F4 9.0 Tf [(enrol)] TJ ET BT 172.571 311.629 Td /F4 9.0 Tf [( for)] TJ ET BT 185.576 311.629 Td /F4 9.0 Tf [( MFA, please )] TJ ET BT 241.097 311.629 Td /F4 9.0 Tf [(log a)] TJ ET BT 260.609 311.629 Td /F4 9.0 Tf [( request on )] TJ ET BT 308.138 311.629 Td /F4 9.0 Tf [(the)] TJ ET BT 320.648 311.629 Td /F4 9.0 Tf [( )] TJ ET 0.373 0.169 0.255 rg BT 323.150 311.629 Td /F4 9.0 Tf [(ICT Partner Portal)] TJ ET 0.18 w 0 J [ ] 0 d 323.150 310.478 m 395.672 310.478 l S 0.153 0.153 0.153 rg BT 395.672 311.629 Td /F4 9.0 Tf [( and a technician will contact you.?)] TJ ET BT 534.740 311.629 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 291.640 Td /F1 9.0 Tf [(When do I have to enrol for MFA? )] TJ ET BT 61.016 271.651 Td /F4 9.0 Tf [(Please )] TJ ET BT 91.031 271.651 Td /F4 9.0 Tf [(enrol)] TJ ET BT 111.038 271.651 Td /F4 9.0 Tf [( for MFA as soon as possible. It is critical that all our staff and students use two-factor authentication. )] TJ ET BT 61.016 251.662 Td /F1 9.0 Tf [(How will I know that I have successfully enrolled for MFA? )] TJ ET BT 61.016 231.673 Td /F4 9.0 Tf [(A confirmation message will be displayed on the last screen of the )] TJ ET BT 326.633 231.673 Td /F4 9.0 Tf [(enrolment)] TJ ET BT 366.647 231.673 Td /F4 9.0 Tf [( process.)] TJ ET BT 403.160 231.673 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 220.684 Td /F4 9.0 Tf [(You are now enrolled for Multi Factor Authentication.)] TJ ET BT 61.016 200.695 Td /F1 9.0 Tf [(What must I do if I don't see the  screens as indicated on the enrolment document? )] TJ ET BT 61.016 180.706 Td /F4 9.0 Tf [(Raise a request on the ICT Partner Portal at)] TJ ET BT 236.597 180.706 Td /F4 9.0 Tf [( )] TJ ET 0.373 0.169 0.255 rg BT 239.099 180.706 Td /F4 9.0 Tf [(https://servicedesk.sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 239.099 179.555 m 354.650 179.555 l S 0.153 0.153 0.153 rg BT 354.650 180.706 Td /F4 9.0 Tf [( )] TJ ET BT 357.152 180.706 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 160.717 Td /F1 9.0 Tf [(Will I be charged for the MFA authentication SMS's? )] TJ ET BT 61.016 140.728 Td /F4 9.0 Tf [(No, the SMS's are at the cost of the University.)] TJ ET BT 247.316 140.728 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 120.739 Td /F1 9.0 Tf [(Can I enrol for MFA if I stay in an area without cell phone signal? )] TJ ET BT 61.016 100.750 Td /F4 9.0 Tf [(No, you need a cellphone with reception to enrol for MFA.)] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Annot /Subtype /Link /A 13 0 R /Border [0 0 0] /H /I /Rect [ 118.5347 542.2879 118.5347 542.2879 ] >> endobj 13 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/en/2020/05/what-is-mfa/) >> endobj 14 0 obj << /Type /Annot /Subtype /Link /A 15 0 R /Border [0 0 0] /H /I /Rect [ 118.5347 532.6642 208.5707 541.8217 ] >> endobj 15 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/en/2020/05/what-is-mfa/) >> endobj 16 0 obj << /Type /Annot /Subtype /Link /A 17 0 R /Border [0 0 0] /H /I /Rect [ 204.5927 451.3429 204.5927 451.3429 ] >> endobj 17 0 obj << /Type /Action /S /URI /URI (http://admin.sun.ac.za/infoteg/dokumente/MFA_guide.pdf) >> endobj 18 0 obj << /Type /Annot /Subtype /Link /A 19 0 R /Border [0 0 0] /H /I /Rect [ 204.5927 441.7192 264.1277 450.8767 ] >> endobj 19 0 obj << /Type /Action /S /URI /URI (http://admin.sun.ac.za/infoteg/dokumente/MFA_guide.pdf) >> endobj 20 0 obj << /Type /Annot /Subtype /Link /A 21 0 R /Border [0 0 0] /H /I /Rect [ 330.1427 360.3979 330.1427 360.3979 ] >> endobj 21 0 obj << /Type /Action /S /URI /URI (https://servicedesk.sun.ac.za/) >> endobj 22 0 obj << /Type /Annot /Subtype /Link /A 23 0 R /Border [0 0 0] /H /I /Rect [ 330.1427 350.7742 445.6937 359.9317 ] >> endobj 23 0 obj << /Type /Action /S /URI /URI (https://servicedesk.sun.ac.za/) >> endobj 24 0 obj << /Type /Annot /Subtype /Link /A 25 0 R /Border [0 0 0] /H /I /Rect [ 323.1497 320.4199 323.1497 320.4199 ] >> endobj 25 0 obj << /Type /Action /S /URI /URI (https://servicedesk.sun.ac.za/) >> endobj 26 0 obj << /Type /Annot /Subtype /Link /A 27 0 R /Border [0 0 0] /H /I /Rect [ 323.1497 310.7962 395.6717 319.9537 ] >> endobj 27 0 obj << /Type /Action /S /URI /URI (https://servicedesk.sun.ac.za/) >> endobj 28 0 obj << /Type /Annot /Subtype /Link /A 29 0 R /Border [0 0 0] /H /I /Rect [ 239.0987 189.4969 239.0987 189.4969 ] >> endobj 29 0 obj << /Type /Action /S /URI /URI (https://servicedesk.sun.ac.za/) >> endobj 30 0 obj << /Type /Annot /Subtype /Link /A 31 0 R /Border [0 0 0] /H /I /Rect [ 239.0987 179.8732 354.6497 189.0307 ] >> endobj 31 0 obj << /Type /Action /S /URI /URI (https://servicedesk.sun.ac.za/) >> endobj 32 0 obj << /Type /Page /Parent 3 0 R /Contents 33 0 R >> endobj 33 0 obj << /Length 1873 >> stream 0.153 0.153 0.153 rg 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 587.833 521.469 170.151 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 45.266 587.833 m 566.734 587.833 l 565.984 588.583 l 46.016 588.583 l f 566.734 757.984 m 566.734 587.833 l 565.984 588.583 l 565.984 757.984 l f 45.266 757.984 m 45.266 587.833 l 46.016 588.583 l 46.016 757.984 l f 61.016 603.583 m 550.984 603.583 l 550.984 604.333 l 61.016 604.333 l f 0.153 0.153 0.153 rg BT 61.016 740.193 Td /F1 9.0 Tf [(Which IT services will be activated for MFA? )] TJ ET BT 61.016 720.204 Td /F4 9.0 Tf [(For the first phase all Microsoft365 \(Outlook, Sharepoint Online, OneDrive for Business, etc.\) applications will require MFA )] TJ ET BT 61.016 709.215 Td /F4 9.0 Tf [(authentication. )] TJ ET BT 61.016 689.226 Td /F1 9.0 Tf [(What will happen if a service is activated for MFA?)] TJ ET BT 277.079 689.226 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 669.237 Td /F4 9.0 Tf [(Before you can access the )] TJ ET BT 169.574 669.237 Td /F4 9.0 Tf [(service)] TJ ET BT 198.077 669.237 Td /F4 9.0 Tf [( y)] TJ ET BT 205.079 669.237 Td /F4 9.0 Tf [(ou will be requested to enter the one-time pin number)] TJ ET BT 418.181 669.237 Td /F4 9.0 Tf [( that will be sent to the cell )] TJ ET BT 61.016 658.248 Td /F4 9.0 Tf [(phone number that you have indicated during the enrolment process.)] TJ ET BT 335.660 658.248 Td /F4 9.0 Tf [( Or if you chose to use the Authenticator App a )] TJ ET BT 61.016 647.259 Td /F4 9.0 Tf [(message will be sent to your phone via the app which request that you approve and in some cases it might also ask for a )] TJ ET BT 61.016 636.270 Td /F4 9.0 Tf [(scan of your thumbprint. )] TJ ET 0.400 0.400 0.400 rg BT 61.016 617.781 Td /F2 9.0 Tf [(Posted in:Security | | With 0 comments)] TJ ET endstream endobj xref 0 34 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000312 00000 n 0000000341 00000 n 0000000479 00000 n 0000000624 00000 n 0000007383 00000 n 0000007495 00000 n 0000007610 00000 n 0000007730 00000 n 0000007838 00000 n 0000007966 00000 n 0000008067 00000 n 0000008195 00000 n 0000008296 00000 n 0000008424 00000 n 0000008530 00000 n 0000008658 00000 n 0000008764 00000 n 0000008892 00000 n 0000008974 00000 n 0000009102 00000 n 0000009184 00000 n 0000009312 00000 n 0000009394 00000 n 0000009522 00000 n 0000009604 00000 n 0000009732 00000 n 0000009814 00000 n 0000009942 00000 n 0000010024 00000 n 0000010089 00000 n trailer << /Size 34 /Root 1 0 R /Info 5 0 R >> startxref 12015 %%EOF Security « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

Security

« Older Entries
Newer Entries »

PHISHING: Absa Surecheck Profile App

Monday, October 16th, 2017

Over the weekend and as already reported by a number of Tygerberg colleagues & students, a variant of last week’s ABSA phishing scam has started flooding our email.

The tactics have changed slightly and the criminals are now using a South African domain name to launch their attack. Below is the example of the phishing email, with the forged “ABSA Bank” login page to attempt to convince you to give your bank details willingly to the scammers.

The subject of the email is “Absa Surecheck Profile App – Upgrade | FICA information” which is designed to say absolutely nothing. It is what is known in information technology circles as “techno-babble”

While the methods used to steal a your banking details may differ, the process followed by fraudsters to steal money from their victims in South Africa are nearly always the same:

  1. Get the person’s Internet banking details, typically through a phishing attack. (as shown below)
  2. Get a banking account/s to which money can be transferred to and withdrawn.
  3. Clone the SIM card used by the victim.
  4. Create beneficiaries (using the list of banking accounts) and transfer money to these beneficiaries.
  5. Withdraw the money from these accounts.

Here are the obvious warning signs:

  1. The sender is not an ABSA email account (in this case a “throwaway” German email account used to send millions of phishing e-mails)
  2. Vague and deceptive subject lines (Techno-babble)
  3. An attached file (.htm) that contains a web page that opens up in your browser and links in the background to the server in South Africa.
  4. Impersonal salutation. “Dear Valued Customer”. Banks will never address you like this. They have your money – so it stands to reason that they will know your name as well.
  5. “Online verification” has **** to convince you that the email is genuine, but university addresses end with ac.za, not co.za.

 

The web page that you are directed to is actually the .htm file based on your computer (as an attachment, but links directly to the phishing server in the background.)

In this case is iteron.co.za which is listed as “undergoing maintenance” but is fully functional in the background.

 

 

If you have received an email that looks like this please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing email to the following addresses

help@sun.ac.za

…and sysadm@sun.ac.za as well.

 Attach the phishing or suspicious email on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe): http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new email addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing email from your Inbox into the New Mail Window. It will attach the email as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the email.

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

[ARTICLE BY DAVID WILES]

Email

Tags: , ,
Posted in E-mail, phishing, Security | Comments Off on PHISHING: Absa Surecheck Profile App

PHISHING: “Confirm your email account”

Wednesday, October 11th, 2017

The latest phishing attempt uses a rather obtuse message about “confirming your email account” to prevent a shutdown of your account. It also used your email address in the salutation, which might fool some people, thinking it is genuine.

Information Technology would never send out an email like this, lacking personal salutations, direct contact via telephone, and threatening to close your account down. 

Here is the phishing e-mail example below with the dangerous parts removed. Do not click on the link or provide any personal information. Luckily the phishing email and the server comes from the Far East, so it should be rather obvious that it is a scam:

This is what the phishing website looks like. 

If you have received mail that looks like this please immediately report it to the Information Technology Security Team by sending an email to help@sun.ac.za.

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

[ARTICLE BY DAVID WILES]

 

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on PHISHING: “Confirm your email account”

PHISHING: ABSA account statement

Monday, October 9th, 2017

Please be wary of receiving so-called “Bank Account Statements” or alleged payment/transaction notifications that arrive in your mailbox from one of South Africa’s banks. In most cases, they are phishing scams designed to fool you into willingly giving the criminals your bank account details and password/PIN code.

The warning signs are obvious, but the amount of email that we all get every day and the day-to-day stress of the workday, often make us miss the warning signs. 

Below is a typical phishing scam some university accounts received this morning. It could just as well be FNB or Standard Bank, therefore it’s important that you note the warning signs:

  1. Do you have a bank account with the bank? If not why are they sending you an account statement?
  2. Unless you are directly responsible for your department’s finances and your department has a bank account with ABSA or your official university e-mail account is the contact address for your bank correspondence, you shouldn’t be getting emails from any bank.
  3. There is no personal salutation. Banks have your contact details and they will always address you personally, never as “Dear Customer”.
  4. The grammar and spelling are usually poor. This is because the scammers are often from countries where English isn’t the main language.
  5. There is always an attached file or link you should click on or open and type in your details including passwords to “verify” your identity. Email is NOT secure and revealing any details with this medium is very risky.
  6. Branding (e.g. logos and templates) of banks can easily be copied from the bank websites and forged. Just because the bank’s logo is in the e-mail it doesn’t make the mail is official.
  7. The website you are taken to will not be the official address. Often these are compromised websites which have been hacked by criminals and used for identity theft. See the example below. The address in the address bar is clearly not ABSA’s address.

The phishing website looks like this – very similar to the login page of the ABSA website:

[ARTICLE BY DAVID WILES]

 

 

 

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on PHISHING: ABSA account statement

PHISHING: “Server Message: Verify your email account”

Wednesday, September 27th, 2017

There is a phishing scam going around disguised as an “e-mail upgrade”. Please do not respond to any e-mail asking you to click on links and provide any sort of personal information, including usernames and passwords.

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

 

Here is an example of today’s phishing scam as reported by several colleagues and students already. (Links have been removed)

 

From: Mail Administrator [mailto:phishing@e-mail.address]
Sent: Saturday, 23 September 2017 3:37 AM
To: Your University E-Mail Address <somebody@sun.ac.za> <somebody@sun.ac.za>
Subject: Server Message:Verify your somebody@sun.ac.za email account.

 

Dear somebody@sun.ac.za

Access to your account will be temporarily limited for failing automated security server update.

Kindly upgrade your email with the link below to re-verify account ownership or your email account will be deactivated..
 
Click here to verify your details.

Thanks for taking this additional step to secure your account.

Email Administrator

 

[ARTICLE BY DAVID WILES]

 

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on PHISHING: “Server Message: Verify your email account”

How to recognise a phishing website

Friday, September 22nd, 2017

Over the past few years, as phishing started to gain a stronger foothold closer to home, we’ve tried to give you tips on how to recognise the typical phishing email. However, recognising the email is just the first step. The actual danger is in the website you reach after you’ve clicked the link. This is where your information is harvested to be used maliciously later. 

Considering Google is the expert on the internet, we’ve consulted their guide to recognising a phishing website. Here’s what they say:

1. What is phishing?

Phishing is a particularly popular scam in which a party creates an official-looking web page that asks you to provide your username and password, or other personal information such as your Social Security number, bank account number, PIN number, credit card number, or mother’s maiden name or birthday. 

In many cases, you’ll receive a link to this phishing page via an email which claims to come from an official-looking (but probably forged) address. You can also end up at these pages by following links that you find on the web or in IM messages.

2. How can I tell if a page is a fake?

The best thing to do is to check the page’s URL to make sure it’s actually controlled by the party it appears to be controlled by. The crucial part of the URL is the part between the HTTP:// and the next slash (‘/’). (If there’s no slash, start at the end of the URL.) This is the part of the URL that determines site ownership. Some popular domains, for instance, are amazon, google, and eBay: 

http://www.amazon.com 
http://www.google.com 
http://www.ebay.com 

In some cases, URLs will be a bit more complex; be sure to check the name listed immediately to the left of the top level domain (.com, .net, .co.uk, etc.). For instance, http://www.google.com, http://news.google.com and http://www.google.com/firefox/ are all part of the same site. However, google.com.fraudulentdomain.com/login.html is NOT! Neither is www.g00gle.com (note that in this URL, the letter o is replaced by the number 0). 

Tip: Since a forged URL can look very similar to a genuine one, it’s safer to use a bookmark you’ve created or to type the URL into the location bar by hand instead of following links from your email. This is important for any page where you’re asked to log in or provider private information.  Additional Resources: antiphishing.org

3. How does Google know a page is bogus?

We use several techniques to determine whether a page is genuine, including the use of a blacklist containing pages that have been identified as suspicious and/or misleading based on automated detection or user reports. Our software also examines pages’ content and structure in order to catch potentially misleading pages. Google Safe Browsing can’t offer perfect protection, so you should always be on the lookout for indications that a site isn’t what it appears to be. But Google Safe Browsing can help identify and protect you against many of the sites designed to trick users.

4. What does an alert look like?

When we suspect that a page is bogus, an alert will appear on the page. The appearance of the alert will depend on your browser, but they all look like this: 

5. How do I report a page that I think is phishing?

If you find a page that you believe is pretending to be another page in an attempt to steal users’ information, please report it to us.

6. You’re flagging a legitimate page as a potential phishing site. How do I get this fixed?

If you believe that Google Safe Browsing is incorrectly identifying a page as suspicious, please do report it to our team. We work hard to act quickly on all such reports.

7. Does this feature protect me against viruses, spyware, and all other evil things?

Sorry, but no “Google Safe Browsing” protects against phishing and malware attacks, but it can’t offer foolproof protection (although we’re working on it). You still need to watch out for all the other bad things that can happen on the wild, wild web.

Email

Tags:
Posted in E-mail, Security | Comments Off on How to recognise a phishing website

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.