Language:
SEARCH
  • Recent Posts

  • Categories

  • Archives

Security

SMiShing: Now on your phone

Tuesday, August 1st, 2017

According to McAfee SMiShing is:

“…  a version of phishing in which scammers send text messages rather than emails, which appear to have been sent by a legitimate, trusted organization and request that the recipient clicks on a link or provide credentials in a text message reply. The term is a condensed way of referring to “short message service phishing,” or “SMS phishing.””

Over the past few years, we’ve learnt not to trust emails, fearing we’ll become victims of phishing fraud. Most people by now know not to click on links in emails. With SMS’s you can’t preview links as in emails, which increases the possibility of clicking on it out of curiosity. Unfortunately, human behaviour is the greatest threat to cyber security and it’s something that cannot be controlled by IT security staff. 

Criminal hackers had to find another way to trick users into revealing personal information. As we start using more and more mobile devices, the potential for possible platforms increases. Additionally, if you use your devices at home and at work, you also put the university at risk when you are a victim of either phishing or smishing. At the university, there are thousands of staff and students using various devices, all at risk of being infected. 

How do they do it?

Hackers have access to software that generates cell phone numbers based on area codes, they then plug into a cell phone service provider’s extension and generate the remaining numbers with the software. By means of a mass email text message service, messages are distributed. Text messages will contain a link which installs keyloggers or link to malicious websites which harvests your personal information. Other text messages trick the receiver into calling numbers, leading to outrageous phone bills. (Also see the latest Wangiri scam) Yet another type will trick you into thinking you’ve subscribed to a service. When you try to unsubscribe, you’ll be billed for using the service.  Some text messages will download spyware which can see everything you do on your phone.

How to avoid it

  1. Know how this kind of scam works. You’ll be able to recognise it easier. 
  2. Don’t reply to text messages from numbers you don’t know, especially if it asks for personal information.
  3. Even if it’s a message from a friend, make sure it’s legitimate. Your friend could have been hacked. Check with them first.
  4. Install security on your phone, for example, a VPN, anti-virus and spyware.
  5. Never install apps from text messages. Rather go to the app store where you know the software has been tested and verified. (e.g. Google Play)
  6. If you’re unsure if a text message is safe, don’t open it.
  7. If you didn’t sign up for a service, ignore the message.

 

‘Smishing’ scams target your text messages. Here’s how to avoid them from CNBC.

[SOURCES: www.webopedia.com; CNBC; www.bbc.com; www.norton.com; www.consumeraffairs.com; www.mcafee.com]

 

Wangiri fraud on the rise

Monday, July 31st, 2017

According to MyBroadband Vodacom, MTN, and Cell C have seen an increase in Wangiri phone fraud in South Africa. South African mobile subscribers recently reported that they are receiving an increasing volume of missed calls from unknown international numbers. Calls originate from across Africa and Europe, including Guinea, France, and Belgium.

Wangiri is a form of phone fraud which originated in Japan. Wangiri translates to “one (ring) and cut”. The racketeers hire a premium rate number from a telecom service provider and call random phone numbers via an auto dialer function, letting it ring once and then disconnecting the call. An automatic dialer (auto dialer) is an electronic device or software that automatically dials telephone numbers. Once the call has been answered, the auto dialler either plays a recorded message or connects the call to a live person. (Wikipedia)

A missed call shows on the victim’s phone and he returns the call since he believes the call was intended for him. Subsequently, he ends up paying an exorbitant amount which goes into the account of the scammers.

Both CellC and MTN have sent their customers a warning not to return any missed calls. Do not call back a number you do not recognise. If it is a legitimate call, the caller will call you back or leave a voicemail. 

Wangiri is just one example of phone fraud. Read more on other variations on Wikipedia.

[SOURCES: https://readstudyshare.wordpress.com; www.wikipedia.com]

PHISHING: SABC TV Licence payment request

Wednesday, July 26th, 2017

The SABC slogan goes: “Pay your TV licence. It’s the right thing to do” or something to that effect. Falling for this phishing scam, will NOT be the right thing to do.

This phishing scam from the “SABC” about payment of your TV Licence, is very clever as it uses a so-called encrypted-PDF to capture data like the victim’s ID Number, Passport Number or Company Registration number. Once the data is captured, it asks you for banking account details etc. to do the “payment” for a TV Licence. The data is captured by the PDF, which is then sent to a server controlled by the criminals, who will use it to defraud them of their money.

This is what the phishing email looks like (with the dangerous parts removed):


From: forged_address@lettersonline.co.za [mailto:forged_address@lettersonline.co.za]
Sent: Monday, 24 July 2017 13:14
To: University, Address <noreply@sun.ac.za> <noreply@sun.ac.za>

Subject: SABC requires you to make payment on your TV license account

Hi,
Please find attached correspondence for your attention. The attachment is password protect.

The password for the attachment will be one of the following three options:
1. Your ID Number
2. Your Passport Number
3. Your Company Registration Number

Kind Regards
LettersOnline Team


The PDF attachment will ask you for a password if you open it.  Do not open or enter any details on this PDF. The SABC will never send you an email with a link or attached file to demand that you pay your licence. Neither will they send an unbranded mail or with no personalised salutation.

[Article by David Wiles]

PHISHING: Exceeded mailbox limit

Monday, July 24th, 2017

This week’s Monday morning phishing scam is in the form of a rather poorly worded “WARNING” about exceeding the limit of your email.

The three exclamation marks (!!!) in the Subject line should immediately be a warning. Just because it comes from “Stellenbosch University Upgrade Team 2017” doesn’t guarantee that it is genuine!

Here is what the phishing email looks like (With the dangerous parts removed):


From: Stellenbosch University Upgrade Team 2017 [mailto:forged_address@webmail.co.za]

Sent: Monday, 24 July 2017 10:49 AM

Subject: Urgent Notification !!!

Urgent notification ,

You have exceeded your mail limit , Your account will be blocked from sending and receiving messages if your account is not been upgraded, upgrade your account free now Via the weblink Below :

http://dont_click.on.this.link

If your account have been upgraded please ignore this, this is for all student and stafs please Thank you.

Webmail © 2017

Email: forged_address@webmail.co.za


Here are # tips below can help you spot a  phishing scam:

  1. Unofficial “From” address. Look out for a sender’s email address that is similar to, but not the same as, a company’s official email address. These email addresses are meant to fool you.
  2. Urgent action required. Fraudsters often include urgent “calls to action” to try to get you to react immediately. Be wary of emails containing phrases like “your account will be closed,” “your account has been compromised,” or “urgent action required.” The fraudster is taking advantage of your concern to trick you into providing confidential information.
  3. Generic salutation. Fraudsters often send thousands of phishing emails at one time. They may have your email address, but they seldom have your name. Be sceptical of an email sent with a generic greeting such as “Dear Customer” or “Dear Member”.
  4. Link to a fake web site. To trick you into disclosing your user name and password, fraudsters often include a link to a fake web site that looks like (sometimes exactly like) the sign-in page of a legitimate web site. Just because a site includes a company’s logo or looks like the real page doesn’t mean it is!
  5. Spelling errors, poor grammar, or inferior graphics.
  6. Requests for personal information such as your password, user name, or bank account or credit card number. Legitimate companies will never ask you to verify or provide confidential information in an unsolicited email.
  7. Attachments (which usually contain viruses, malware or ransomware).

If you have received mail that looks like this please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to the following addresses

help@sun.ac.za and sysadm@sun.ac.za as well.

Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe): http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new email addressed to sysadm@sun.ac.za (CC: csirt@sun.ac.za and help@sun.ac.za
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the email as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the email.

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private email accounts (especially if you use the same passwords on these accounts.)

[Article by David Wiles]

 

PHISHING: “Re: betaling aan jou rekening”

Wednesday, July 19th, 2017

About a year ago a new version of the ABSA Bank phishing email hit the university email server. What was new about this version was that the email was in Afrikaans. Although the Afrikaans was not perfect with some spelling and grammar mistakes, it still could have fooled many people, because of the “familiarity” component.

Stellenbosch University still uses a lot of Afrikaans as its primary official communications medium, and many automated systems like the Financial system use Afrikaans to inform users of payments etc. While there is nothing wrong with this, phishing scammers have latched onto this and are now attempting to fool people into divulging their personal details using Afrikaans in their phishing e-mails.

We were warned early this morning about an email that was originating from UCT with dangerous content, and almost immediately the UCT phishing emails started arriving.

Here is what to look out for:

Mail will arrive from a forged or compromised “UCT address” that will look like this:


From: Anna Huang [mailto:forged_address@myuct.ac.za]
Sent: 19 July 2017 10:53 AM
To: Recipients <forged_address@myuct.ac.za>
Subject: Re: betaling aan jou rekening

Goeiemore,

Vind aangehegte betalingsbewys.

Dankie

Disclaimer – University of Cape Town This e-mail is subject to UCT policies and e-mail disclaimer published on our website at http://www.uct.ac.za/about/policies/emaildisclaimer/ or obtainable from +27 21 650 9111. If this e-mail is not related to the business of UCT, it is sent by the sender in an individual capacity. Please report security incidents or abuse via csirt@uct.ac.za


The disclaimer from the University and the Afrikaans could fool some people if they are not careful.

The dangerous part is actually an attached html files (sometimes it might look like a PDF) that will present you with a login page where you will be asked to give your e-mail address and your password to “view this payment”

The login page will look like this, in this version:

The actual server’s address is also hidden by encoding it, so to the untrained eye, nothing will look suspicious. This is a typical phishing scam, but with the “sender” coming from a neighbouring academic institution, and the language being Afrikaans, we need to be even more alert.

[Article by David Wiles]

 

 

 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.