%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> /XObject << /I1 16 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text /ImageC ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20250725102900+00'00') /ModDate (D:20250725102900+00'00') /Title (Report 07-2025) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 12 0 R 14 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 9179 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 174.779 521.469 571.955 re f 0.773 0.773 0.773 RG 0.75 w 0 J [ ] 0 d 45.641 175.154 520.719 571.205 re S 0.773 0.773 0.773 rg 61.016 190.529 m 550.984 190.529 l 550.984 191.279 l 61.016 191.279 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(CYBERSECURITY AWARENESS MONTH: CREATING STRONG )] TJ ET BT 61.016 676.134 Td /F1 14.4 Tf [(PASSWORDS)] TJ ET 0.400 0.400 0.400 rg BT 61.016 647.326 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 647.326 Td /F3 9.0 Tf [(May 10,2021)] TJ ET BT 156.578 647.326 Td /F2 9.0 Tf [( by )] TJ ET BT 171.086 647.326 Td /F3 9.0 Tf [(David Wiles)] TJ ET 0.373 0.169 0.255 rg BT 61.016 619.837 Td 1.096 Tw /F4 9.0 Tf [(Before)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 61.016 618.686 m 87.530 618.686 l S 0.153 0.153 0.153 rg BT 87.530 619.837 Td 1.096 Tw /F4 9.0 Tf [(we pointed out that most people underestimate the importance of having a secure password, and still make the )] TJ ET BT 61.016 608.848 Td 0.000 Tw /F4 9.0 Tf [(mistake of using simple words and numbers as a password.)] TJ ET BT 61.016 588.859 Td 0.566 Tw /F4 9.0 Tf [(Keep in mind that your email and social network accounts contain very personal information about you. You must have a )] TJ ET BT 61.016 577.870 Td 0.000 Tw /F4 9.0 Tf [(strong password to keep your personal life personal, and not become a victim of identity theft.)] TJ ET 0.153 0.153 0.153 RG 85.866 560.697 m 85.866 561.110 85.696 561.520 85.404 561.811 c 85.113 562.103 84.703 562.272 84.291 562.272 c 83.878 562.272 83.469 562.103 83.177 561.811 c 82.885 561.520 82.716 561.110 82.716 560.697 c 82.716 560.285 82.885 559.875 83.177 559.584 c 83.469 559.292 83.878 559.122 84.291 559.122 c 84.703 559.122 85.113 559.292 85.404 559.584 c 85.696 559.875 85.866 560.285 85.866 560.697 c f BT 91.016 557.881 Td 1.403 Tw /F4 9.0 Tf [(Using email or your profile on Facebook, Whatsapp or Google, hackers can and do, extract a huge amount of )] TJ ET BT 91.016 546.892 Td 0.000 Tw /F4 9.0 Tf [(personal data of your personal "online" life.)] TJ ET 85.866 538.719 m 85.866 539.132 85.696 539.542 85.404 539.833 c 85.113 540.125 84.703 540.294 84.291 540.294 c 83.878 540.294 83.469 540.125 83.177 539.833 c 82.885 539.542 82.716 539.132 82.716 538.719 c 82.716 538.307 82.885 537.897 83.177 537.606 c 83.469 537.314 83.878 537.144 84.291 537.144 c 84.703 537.144 85.113 537.314 85.404 537.606 c 85.696 537.897 85.866 538.307 85.866 538.719 c f BT 91.016 535.903 Td 0.513 Tw /F4 9.0 Tf [(If you use the same password for multiple online accounts, you run the risk, if this password is hacked, of all your )] TJ ET BT 91.016 524.914 Td 0.000 Tw /F4 9.0 Tf [(online accounts being compromised.)] TJ ET 85.866 516.741 m 85.866 517.154 85.696 517.564 85.404 517.855 c 85.113 518.147 84.703 518.316 84.291 518.316 c 83.878 518.316 83.469 518.147 83.177 517.855 c 82.885 517.564 82.716 517.154 82.716 516.741 c 82.716 516.329 82.885 515.919 83.177 515.628 c 83.469 515.336 83.878 515.166 84.291 515.166 c 84.703 515.166 85.113 515.336 85.404 515.628 c 85.696 515.919 85.866 516.329 85.866 516.741 c f BT 91.016 513.925 Td 0.739 Tw /F4 9.0 Tf [(Using a personal name for an online account, the name of the city that you live in, the names of your children or )] TJ ET BT 91.016 502.936 Td 0.000 Tw /F4 9.0 Tf [(your date of birth, give hackers vital clues for attempting to access your personal data.)] TJ ET 85.866 494.763 m 85.866 495.176 85.696 495.586 85.404 495.877 c 85.113 496.169 84.703 496.338 84.291 496.338 c 83.878 496.338 83.469 496.169 83.177 495.877 c 82.885 495.586 82.716 495.176 82.716 494.763 c 82.716 494.351 82.885 493.941 83.177 493.650 c 83.469 493.358 83.878 493.188 84.291 493.188 c 84.703 493.188 85.113 493.358 85.404 493.650 c 85.696 493.941 85.866 494.351 85.866 494.763 c f BT 91.016 491.947 Td 1.239 Tw /F4 9.0 Tf [(For an average expert hacker, it is always easy to find passwords that are made up of words from the English )] TJ ET BT 91.016 480.958 Td 0.000 Tw /F4 9.0 Tf [(vocabulary or other languages, using a basic technique called "brute force" or "dictionary" attacks.)] TJ ET BT 61.016 457.999 Td /F1 9.0 Tf [(What makes a password safe?)] TJ ET BT 78.360 438.026 Td /F4 9.0 Tf [(1.)] TJ ET BT 91.016 438.010 Td /F4 9.0 Tf [(A password at least 8 characters long.)] TJ ET BT 78.360 427.037 Td /F4 9.0 Tf [(2.)] TJ ET BT 91.016 427.021 Td /F4 9.0 Tf [(The password does not contain information that is easy to find online, such as the date of birth, the telephone )] TJ ET BT 91.016 416.032 Td /F4 9.0 Tf [(number, your spouses name, the name of a pet, or a childs name.)] TJ ET BT 78.360 405.059 Td /F4 9.0 Tf [(3.)] TJ ET BT 91.016 405.043 Td /F4 9.0 Tf [(The password does not contain words found in the dictionary.)] TJ ET BT 78.360 394.070 Td /F4 9.0 Tf [(4.)] TJ ET BT 91.016 394.054 Td /F4 9.0 Tf [(The password contains special characters like @ # $% ^ &, and numbers.)] TJ ET BT 78.360 383.081 Td /F4 9.0 Tf [(5.)] TJ ET BT 91.016 383.065 Td /F4 9.0 Tf [(The password uses a combination of uppercase and lowercase letters.)] TJ ET BT 61.016 360.106 Td /F1 9.0 Tf [(A trick that the experts use to create secure passwords:)] TJ ET BT 61.016 340.117 Td /F4 9.0 Tf [(Think of a phrase and use the first letters of the words in the phrase.)] TJ ET 85.866 322.944 m 85.866 323.357 85.696 323.767 85.404 324.058 c 85.113 324.350 84.703 324.519 84.291 324.519 c 83.878 324.519 83.469 324.350 83.177 324.058 c 82.885 323.767 82.716 323.357 82.716 322.944 c 82.716 322.532 82.885 322.122 83.177 321.831 c 83.469 321.539 83.878 321.369 84.291 321.369 c 84.703 321.369 85.113 321.539 85.404 321.831 c 85.696 322.122 85.866 322.532 85.866 322.944 c f BT 91.016 320.128 Td /F4 9.0 Tf [(For example: )] TJ ET BT 146.033 320.128 Td /F2 9.0 Tf [("In South Africa, a barbecue is called a Braai!")] TJ ET 85.866 311.955 m 85.866 312.368 85.696 312.778 85.404 313.069 c 85.113 313.361 84.703 313.530 84.291 313.530 c 83.878 313.530 83.469 313.361 83.177 313.069 c 82.885 312.778 82.716 312.368 82.716 311.955 c 82.716 311.543 82.885 311.133 83.177 310.842 c 83.469 310.550 83.878 310.380 84.291 310.380 c 84.703 310.380 85.113 310.550 85.404 310.842 c 85.696 311.133 85.866 311.543 85.866 311.955 c f BT 91.016 309.139 Td /F4 9.0 Tf [(Take the first letters of each word and the password that is created is )] TJ ET BT 368.144 309.139 Td /F3 9.0 Tf [(ISAabicaB!)] TJ ET 85.866 300.966 m 85.866 301.379 85.696 301.789 85.404 302.080 c 85.113 302.372 84.703 302.541 84.291 302.541 c 83.878 302.541 83.469 302.372 83.177 302.080 c 82.885 301.789 82.716 301.379 82.716 300.966 c 82.716 300.554 82.885 300.144 83.177 299.853 c 83.469 299.561 83.878 299.391 84.291 299.391 c 84.703 299.391 85.113 299.561 85.404 299.853 c 85.696 300.144 85.866 300.554 85.866 300.966 c f BT 91.016 298.150 Td /F4 9.0 Tf [(This will be very difficult to guess, but easy to remember.)] TJ ET 85.866 289.977 m 85.866 290.390 85.696 290.800 85.404 291.091 c 85.113 291.383 84.703 291.552 84.291 291.552 c 83.878 291.552 83.469 291.383 83.177 291.091 c 82.885 290.800 82.716 290.390 82.716 289.977 c 82.716 289.565 82.885 289.155 83.177 288.864 c 83.469 288.572 83.878 288.402 84.291 288.402 c 84.703 288.402 85.113 288.572 85.404 288.864 c 85.696 289.155 85.866 289.565 85.866 289.977 c f BT 91.016 287.161 Td /F4 9.0 Tf [(At this point, you can decide to make your the Google password is )] TJ ET BT 357.146 287.161 Td /F3 9.0 Tf [(ISAabicaB!-G)] TJ ET BT 414.656 287.161 Td /F4 9.0 Tf [(, and Facebook )] TJ ET BT 481.697 287.161 Td /F3 9.0 Tf [(ISAabicaB!-F)] TJ ET BT 91.016 276.172 Td /F4 9.0 Tf [(and your university account )] TJ ET BT 205.568 276.172 Td /F3 9.0 Tf [(ISAabicaB!-U)] TJ ET BT 262.574 276.172 Td /F4 9.0 Tf [(S and so on.)] TJ ET 85.866 267.999 m 85.866 268.412 85.696 268.822 85.404 269.113 c 85.113 269.405 84.703 269.574 84.291 269.574 c 83.878 269.574 83.469 269.405 83.177 269.113 c 82.885 268.822 82.716 268.412 82.716 267.999 c 82.716 267.587 82.885 267.177 83.177 266.886 c 83.469 266.594 83.878 266.424 84.291 266.424 c 84.703 266.424 85.113 266.594 85.404 266.886 c 85.696 267.177 85.866 267.587 85.866 267.999 c f BT 91.016 265.183 Td /F4 9.0 Tf [(There is already a capital letter and a special character )] TJ ET BT 312.110 265.183 Td /F3 9.0 Tf [(\(!\))] TJ ET BT 321.101 265.183 Td /F4 9.0 Tf [(, so you just need to add a number to finish off a good )] TJ ET BT 91.016 254.194 Td /F4 9.0 Tf [(password like )] TJ ET BT 148.031 254.194 Td /F3 9.0 Tf [(9-ISAabicaB!-US)] TJ ET BT 221.543 254.194 Td /F2 9.0 Tf [(\(9 could be the month you created the password in - for example\))] TJ ET BT 61.016 234.205 Td /F4 9.0 Tf [(You will have already made your password a lot more difficult to hack, and it can be a lot of fun to create.)] TJ ET 0.400 0.400 0.400 rg BT 61.016 215.716 Td /F2 9.0 Tf [(Posted in:News,Phishing,Security,Tips | Tagged:Cyberaware,Cybersecurity,Password,Passwords,Phishing | With 0 )] TJ ET BT 61.016 204.727 Td /F2 9.0 Tf [(comments)] TJ ET q 225.000 0 0 135.000 61.016 493.628 cm /I1 Do Q endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Annot /Subtype /Link /A 13 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 493.6285 286.0157 628.6285 ] >> endobj 13 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/en/2018/10/cyber-aware-month-common-passwords/) >> endobj 14 0 obj << /Type /Annot /Subtype /Link /A 15 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 619.0048 87.5297 628.1623 ] >> endobj 15 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/en/2018/10/cyber-aware-month-common-passwords/) >> endobj 16 0 obj << /Type /XObject /Subtype /Image /Width 300 /Height 180 /ColorSpace /DeviceRGB /Filter /DCTDecode /BitsPerComponent 8 /Length 4011>> stream JFIF``;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82 C    !'"#%%%),($+!$%$C   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$," }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?(< ( ( ( ( ( (Q@((((((((((((((((((((((((((((((((((((((((((+!e:!6Y.9ۻλqT#%s?#klf@D.|m{9HrKՂ(QEQEQEQEQEQEQEQEQEQEQEs$okK 4zbb$1Gő Jq֍'Vj һn_xn 9|AFpב7_ ɣlUQkO]~ZG]at"FZ9<6qުQšC-j-̌e0O(9}~INOt ⺚_Mc2h]/ kön]\=bQ]$rnPiOҿ?Y\#Ͽ5 7Q dѿ6?*?JHD=@+# Q`HM|/C&Tk4o AOҿ??JH0{$y&F:oii7ݎ+vo5'_ U=[,<=4r e-TIQ`HàG5jZMͣ_ϧ9yf3]5y 2j(AEPEPEPEPEPEP0(QEQEQEQEWM?O]6vQȮҹ_ZڃjW]ʎ]ƏBG .ZڭԶȞSm,NN3YڷZ*ڿ3g܏C?s7H9jO[Vz*xr?BG .G!#o?o?:?[Ww3GH9h$5'GQy={j} 33]Ƥռ ӧ{`HJWb}Gum̞B>Vc>>׊5qWgY6[QXQEQEQE ( (Q@Š(AEPEPEPwB]B M"wZ]O8'l2 \vNg]CQ]'<҃ck c@~kPJYUsyvhAԩ4V`< yx[`w5}ax#.j 9}F/.[P{H)өP9`fΕn伔Op?C]jmvv[͕$NY9 ;'~{qF A#wZ+mxvVo͸qdqQєQEHQEQEQE ((QE (Q@Q@Q@Q@r!?KW+#KZRQ: iVdQQ@ QVn%5;"0 ݆g>_x}7vZ\,QWX>da})W( yyv 4 VvPQ%g 9f* 1$IMlCGQǐsG~/i}!ټDQM3:UXz/{ll2THG\tp54ނPIjZO}G1 [U;VC xp+Pu[)o㸶CHWS^Ik ىyZ%^OsqT,{R=N((((((((((((QExׄ p P} ʺ'@Kmq=?~ W^zj)j W=j dg*8ďxW_CQ\~?F?G eE}cmX{$s¿Ug!`jiO dmv-n?׬_C@^ԝ'ϳK}U5=2^=_Pv&I:tzzܥ2Ăf^7湛U]{I^KoYT@Ĩm8 +(tܛwV +A3^^/Eh?ok4"WEW`QEQEQEQEQEQEQEQEQEQEQE (Q@Q@W,QOV(;OH.Lּ3]\ưNI Qs)8R8=j-oQ~ 㴴WJjb߶O;G-oQ~ 㴴Sթ=+_|\DҼ#5)Ŋ8U+#`Mf7FBmb d㓎98+d2aEW!EPEPEPEPEPEPEPEPEPEPEP0(QEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQE (QEQEQEQEQEQEQEQEQEQEQEQE?`4lQTPll(=M6SFh ލފ(==袀 ލފ(==MPz6SElE`4Q@h=MPz6SElE`4Q@FElފ(==MP{Ѱz( endstream endobj xref 0 17 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000332 00000 n 0000000369 00000 n 0000000507 00000 n 0000000596 00000 n 0000009827 00000 n 0000009939 00000 n 0000010054 00000 n 0000010174 00000 n 0000010282 00000 n 0000010409 00000 n 0000010533 00000 n 0000010659 00000 n 0000010783 00000 n trailer << /Size 17 /Root 1 0 R /Info 5 0 R >> startxref 14962 %%EOF Security « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

Security

« Older Entries
Newer Entries »

PHISHING: “Invoice” from a colleague

Wednesday, September 20th, 2017

Today’s phishing attack takes the form of an invoice apparently sent by a “colleague”. Because this comes from a “Doctor” and the e-mail message tone is not formally worded, it can often be misconstrued as legitimate and can be trusted.

This is a common phishing scam. The attachment is a fake invoice that, when opened, will infect your computer with malware, which gives the criminals access to your personal information, but primarily to steal online banking details.

Some departments within the university are particularly vulnerable because they may receive invoices regularly from a number of sources.

The email may appear as if it was sent by a well-known supplier or other trusted source. (in this case a so-called “Doctor” with a uniquely South African surname) Often the email address of a legitimate supplier or a colleague or friend will be mimicked or “spoofed” in a bid to trick you into thinking the invoice is genuine.

The attached invoice will look like a standard document or spreadsheet, however, to view the file you must enable a “macro”, which is a set of pre-programmed instructions for a computer. This macro installs the malware, which can infect the university network.

In the case below, you are directed to a website which tries to open up an infected “Word” document that records your online banking details, along with other financial information, before sending it on to the criminals who then attempt to steal money from your accounts.

 

—–Original Message—–

From: Cornelissen

Sent: 18 September 2017 03:56 PM

To: University Address <Your e-mail address>

Subject: Invoice #66633 (This number random and will change)

 

Hello,

I’ve tried to call you but couldn’t get thought. Need to know the status of this invoice I’ve sent to you a while ago. provided a copy below.

Invoice #66633:

Phishing site address

(Your name will go here)

Kind Regards,

Cornelissen, LM, Dr

 

Here are some handy tips to detect and deal with this “fake invoice” phishing scam.

  • Be on the lookout for unexpected invoices or unusual payment requests.
  • Avoid enabling any macros on an untrusted document.
  • If you’re suspicious – don’t reply to the email but instead call your supplier on the number that you have on file to check the authenticity of the invoice.
  • Ensure you have the latest anti-virus and security updates installed on your computer and consider using high-level macro security settings in software applications.
  • Ensure strong firewalls are in place to help detect malware and prevent data leaving the network without permission.
  • Consider using a separate computer dedicated to making online payments to minimise security risks, especially if you use personal Facebook or other social media sites.

 

 

If you have received mail that looks like this please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to help@sun.ac.za

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

1. Start up a new mail addressed to help@sun.ac.za)

2. Use the Title “SPAM” (without quotes) in the Subject.

3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.

4. Send the mail.

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

[ARTICLE BY DAVID WILES]

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on PHISHING: “Invoice” from a colleague

PHISHING: “Important notice from IT”

Thursday, September 7th, 2017

A phishing attack on Stellenbosch University via an internal sun email address was launched again early this morning. See the example below with dangerous links removed.

Unfortunately, this email used our own template to lure you into trusting it. Take note that we will never ask you to update your information in this way.

Please do not click on this email, do not fill in your personal information and delete the email immediately. If you follow the link and supply your information, it will be used by phishing criminals to gain access to your personal information, including your bank details.

If you have any inquiries, please let us know by logging a request on ServiceNow or calling our Service Desk at 808 4367. For more information on this and other phishing attacks, refer to our blog and Twitter account.

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on PHISHING: “Important notice from IT”

MAILBOX FULL phishing message

Tuesday, August 15th, 2017

A phishing email with the subject MAILBOX FULL has been sent from an internal SU staff member’s account. (See below for example with links removed)

Remember that spear-phishing email always appears to come from a trusted source like a university address and because it might seem to come from someone we know personally, there is a greater potential danger. Note that even if it says Microsoft, there’s no indication of branding. Official communication from IT will always be branded and look the same. Also, note the multiple spelling errors and suspiciously bad language. 

Do NOT click on any of the included links in the email or enter your username or password. You should never do this at any time. If you follow the link and supply your information, it will be used by phishing criminals to gain access to your bank details. 

If you have any inquiries, please let us know by logging a request on ServiceNow or calling our Service Desk at 808 4367. For more information on this and other phishing attacks, refer to our blog and Twitter account.

From: SU Staff, Mev <mevsustaff@sun.ac.za>
Sent: Tuesday, 15 August 2017 12:18 PM
Subject: Mailbox Full

Your mailbox is full and you have 3 mails pending. kindly increase the storage capacity of your mailbox account. Increase the storage capacity by clicking below

             storage increase

Fill out the instruction in order to increase the storage capacity to continue using your email account inorder to avoid being disconnected.

©Copyright 2017 Microsoft

All Right Reserved.

Email

Tags: ,
Posted in E-mail, Security | Comments Off on MAILBOX FULL phishing message

More information on current phishing attack

Monday, August 7th, 2017

The university is in the middle of a serious spear-phishing attack and is the direct target of a group of criminals who have registered and set up a South African website to fool university users into providing their e-mail addresses, usernames and passwords. 

Undoubtedly the same criminal cartel is now using e-mail accounts that were compromised in the last attack. (This time a senior lecturer at Stellenbosch Campus) The registered a South African domain name and have disguised the website to look like the university’s WebMail Login page.

Spear phishing is an email-spoofing attack that targets a specific organization or individual like the university and is not typically initiated by random hackers, but by perpetrators out for financial gain. As with emails used in regular phishing expeditions, spear-phishing messages appear to come from a trusted source. This case a sun.ac.za address. The apparent source of the email is likely to be an individual within the recipient’s own company — generally, someone in a position of authority — or from someone the target knows personally, thus its potential danger.

It is important that you do NOT click on any of the included links in the mail or enter your username or password. You should never do this at any time, as Information Technology would never ask you to do so!

Just because the mail looks legitimate and the web page *looks* like it is genuine, does not make it so.

If you have received mail that looks like this please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to help@sun.ac.za

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private email accounts (especially if you use the same passwords on these accounts.)

Please be careful out there. These criminals are now targeting the university, no doubt based on their past successes. Keep alert and on the lookout.

[Article by David Wiles]

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on More information on current phishing attack

PHISHING: “IT HelpDesk”

Monday, August 7th, 2017

A phishing attack on Stellenbosch University via an internal sun email address was launched this morning. See the example below. (links have been removed)

Please do not click on this email, do not fill in your personal information and delete the email immediately. If follow the link and supply your information, it will be used by phishing criminals to gain access to your bank details. See the example below.

If you have any inquiries, please let us know by logging a request on ServiceNow or calling our Service Desk at 808 4367. For more information on this and other phishing attacks, refer to our blog and Twitter account.

From:SU staff member <fakesustaffaddress@sun.ac.za>
Sent: Monday, 07 August 2017 07:24
Subject: IT HelpDesk With the strengthening off our security system and improving your mailing experience, We have detected your mail settings are out of date. To enhance computer system security and comply with federal audit requirements, ITS requires all Sever Users to update their account , kindly click ITS to update your account to the latest Outlook Web App. Sign in and automatically update your mailbox by filling out the requirements correctly.

With the strengthening off our security system and improving your mailing experience, We have detected your mail settings are out of date. To enhance computer system security and comply with federal audit requirements, ITS requires all Sever Users to update their account , kindly click ITS to update your account to the latest Outlook Web App. Sign in and automatically update your mailbox by filling out the requirements correctly.
___________________
Thanks
Sincerely,
ITS Service Desk
Click Here To Upadate with your correct Login Details.

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on PHISHING: “IT HelpDesk”

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.