Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

Security

« Older Entries
Newer Entries »

Dangerous phishing scam disguised as a University salary increase notice

Thursday, May 18th, 2017

With the criminals first partly successful spear-phishing attack in April with an email about a salary raise and directing their victims to go to a forged webpage that looks EXACTLY like the e-HR website, they are at it again with a few variations: 

The subject is now “URGENT: Your May Salary Issue” and says the following: 

Hello,

In accordance with the Fiscal Year 2017 Salary Allocation Guidelines, this is to inform you that your monthly salary starting May 31st, 2017 will reflect a 13.98% (percent) merit increase.

Your new salary is as analyzed herewith. The documents are attached below: (attached link to the forged website)

This is an EXTREMELY dangerous e-mail, because its earlier version fooled a number of university personnel into giving the scammers their login details and passwords. 

Clicking on the link will take you to a forged version of the SUN e-HR site. If you enter your username and password (because the site looks like the SUN e-HR site), the criminals will have been given access to your personal details on SUN e-HR. 

Here is what the forged site looks like:

Note the forged address marked in yellow at the top. IT blacklisted and blocked access to that site from within the university, but please support them by following the procedures on the following page: http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

[ARTICLE BY DAVID WILES]

 

Email

Tags:
Posted in E-mail, Security | Comments Off on Dangerous phishing scam disguised as a University salary increase notice

Critical ransomware attack targeted Windows computers

Saturday, May 13th, 2017
A serious virulent ransomware threat known as WannaCrypt0r/WannaCry has been affecting Windows computers on shared networks in at least 150 countries worldwide. Once one computer on a network is affected, the infection easily spreads to other Windows computers on the same network, easily shutting down entire government agencies and national infrastructure companies. More information on this attack

Ransomware is a malicious script or software that installs itself on your computer without you knowing. Once it’s installed and running, it will lock down your system and won’t allow you to access any files or programs on that computer. To unlock your system and regain access to the computer being held hostage, the lock screen informs you that you must pay for an unlock tool or decryption key from the hacker.

If your Windows computer is connected to a shared network, such as those at the University, Information Technology will automatically keep your Windows up-to-date so you don’t have to.

If you are running Windows and automatic updates are enabled you should be okay. If you don’t and haven’t updated recently you should update to the most recently released version immediately. Information Technology does manage automatic updates on many of our computers, but users also have to check their computers, especially with laptops that are taken home, in hostels and connect to other less well-managed networks. 

Keep an eye open for phishing e-mails requesting that you click on links and fill in your username and password. Beware sites that you visit that have suspicious popups that ask you to install software or “inform” you that your computer is infected with viruses.

Just because the mail looks like it has been sent from a university address or the site that you visit looks like a university or Internet banking website, don’t be fooled. Check the address and what you are being asked to do. If in doubt ask Information Technology, or your local “computer nerd”. They will be able to help and advise you.

More articles on ransomware.

[ARTICLE BY DAVID WILES]

Email

Tags:
Posted in E-mail, Security | Comments Off on Critical ransomware attack targeted Windows computers

Compromised student account used for phishing

Tuesday, April 18th, 2017

Just because mail seems to come from a university address, doesn’t mean to say that it is legitimate.

The latest phishing scam making its rounds at the university is being sent from a compromised student account. The subject line is all in capital letters and is meant to frighten you into clicking on a link and filling in your details. This is probably how the student account that is now sending it was originally compromised.

This is a typical phishing scam. Do not respond or click on any of the links. Many thanks to all the observant students who picked it up and pointed it out to us.

Below is an example of the mail (with the dangerous bits removed)

 

From: Compromised, Student account <12345678@sun.ac.za>
Sent: Monday, 17 April 2017 12:19 PM
To: fake@email.address
Subject: YOUR EMAIL ACCOUNT HAS BEEN COMPROMISED

 

Certify Your email HERE

[ARTICLE BY DAVID WILES]

Email

Tags: , ,
Posted in Security | Comments Off on Compromised student account used for phishing

Don’t Be Fooled. Protect Yourself and Your Identity

Wednesday, April 5th, 2017

According to the US Department of Justice, more than 17 million Americans were victims of identity theft in 2014. EDUCAUSE research shows that 21 percent of respondents to the annual ECAR student study have had an online account hacked, and 14 percent have had a computer, tablet, or smartphone stolen. Online fraud is an ongoing risk. The following tips can help you prevent identity theft.

  • Read your credit card, bank, and pay statements carefully each month. Look for unusual or unexpected transactions. Remember also to review recurring bill charges and other important personal account information.
  • Review your health insurance plan statements and claims. Look for unusual or unexpected transactions.
  • Shred it! Shred any documents with personal, financial, or medical information before you throw them away.
  • Take advantage of free annual credit reports. In South Africa TransUnion, Experian and CompuShare can provide these reports.
  • If a request for your personal info doesn’t feel right, do not feel obligated to respond! Legitimate companies won’t ask for personal information such as your ID number, password, or account number in a pop-up ad, e-mail, SMS, or unsolicited phone call.
  • Limit the personal information you share on social media. Also, check your privacy settings every time you update an application or operating system (or at least every few months).
  • Put a password on it. Protect your online accounts and mobile devices with strong, unique passwords or passphrases.
  • Limit use of public Wi-Fi. Be careful when using free Wi-Fi, which may not be secure. Do not access online banking information or other sensitive accounts from public Wi-Fi.
  • Secure your devices. Encrypt your hard drive, use a VPN, and ensure that your systems, apps, antivirus software, and plug-ins are up-to-date.

 

Email

Tags: , ,
Posted in Security | Comments Off on Don’t Be Fooled. Protect Yourself and Your Identity

Salary increase e-mail not quite good news

Tuesday, April 4th, 2017

Several of our observant personnel have picked up that a very suspicious e-mail is making the rounds at the moment.

The subject is “NOTIFICATION: Your 13.69% Salary Increase”. 

This is a very dangerous e-mail. Clicking on the link will take you to a forged version of the SUN e-HR site. If you enter your username and password (because the site looks like the SUN e-HR site), the criminals will have been given access to your personal details on SUN e-HR. The ramifications of this will mean that the scammers will potentially be able to get details such as your banking details, ID number, place of residence, that are all stored on the SUN e-HR system. They will potentially then be able to steal your salary.

The e-mail contains the following message:

Hello,

Attached herewith are two (2) documents summarizing your April salary as reviewed for a 13.69% merit increase in Financial Year 2017.

This review is with immediate effect starting Friday April 28th Paycheque.

Deductions and bonuses are advised therein

The documents are attached below:

 

Below is what the forged site looks like. The address is not a university server BUT very few people notice such details and tend to skim over them.

 

[ARTICLE BY David Wiles]

Email

Tags: ,
Posted in E-mail, Security | Comments Off on Salary increase e-mail not quite good news

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.