Language:
SEARCH
  • Recent Posts

  • Categories

  • Archives

Security

Gmail account phishing

Wednesday, April 20th, 2016

A large number of phishing e-mails are arriving in university mailboxes from GMail accounts with subjects like “DOCS” or “PAYMENT”.

The e-mail reads “Hello, Please find attached, Thanks.” or something similar.

The attachment is usually a PDF. When you attempt to open it, it seems to be encrypted and asks you to enter personal details to access the document.

The PDF is in fact an executable file that installs malware on your computer to steal personal details, such as passwords etc. This way the scammers can get hold of personal details and defraud you.

Earlier this week a person at Tygerberg campus was defrauded of over R6000 when they sent an EFT payment to a catering supplier who was using a hijacked GMail account.

The scammer intercepted the victim’s mail and inserted their own bank account details into the attached invoice. The EFT was then paid to the scammer’s account instead of the supplier.

Compromised GMail, Yahoo!Mail and Hotmail accounts are often used by fraudsters, so it is imperative that you do not respond to mails such as these.  

If someone wants to send you a document, they should at least contact you and tell you that they are sending the mail before sending it, usually not unannounced.

It is far too easy for scammers to defraud people, because we are not alert enough and too trusting. Please be careful.

Also read more on phishing and other security risks on our blog.

[ARTICLE BY DAVID WILES]

 

Discovery phishing scam

Wednesday, April 6th, 2016

Please take note that a new phishing e-mail is being distributed to SU addresses. It seems to be from Discovery, coincidentally also SU staff medical aid, but is in fact a phishing e-mail.

 

Do not be tempted by the promise of R1700. If Discovery owed you money, they would probably deposit the outstanding amount in your bank account directly. They wouldn’t ask you to do anything from your side.

 

Ignore and delete the e-mail. Do not click on the links and do not enter any personal information on the site if you do click on the link. If you’ve already done so, immediately change the relevant password to prevent your accounts from being hacked. 

 


 

 

 

Hello Valued Customer,

 

Your Discovery Card was credited with 17000 Miles (R1700) as a reward for been a loyal customer last  2 weeks today ( Final notice) , but you did not claim it, we are giving you another chance. Follow the instructions below:- 

1. Click this link http://www.discovery.co.za/portal/individual/login  

2. Then enter your www.discovery.co.za Username and Password and click login 

3.  Update your Discovery Credit Card  details and click update after you have completed it( Note:-Do not fail to enter the full details correctly).

 

Regards,

Discovery Miles Team

The history of malware,Trojans and worms (part 3)

Thursday, March 17th, 2016

Two weeks ago we explored lesser known malware, Trojans and worms, after 1985. This time around, we look at more recent threats, starting with zombies…

2003 Zombie, Phishing
The Sobig worm gave control of the PC to hackers, so that it became a “zombie,” which could be used to send spam. The Mimail worm posed as an email from Paypal, asking users to confirm credit card information.

2004 IRC bots
Malicious IRC (Internet Relay Chat) bots were developed. Trojans could place the bot on a computer, where it would connect to an IRC channel without the user’s knowledge and give control of the computer to hackers.

2005 Rootkits
Sony’s DRM copy protection system, included on music CDs, installed a “rootkit” on users’ PCs, hiding files so that they could not be duplicated. Hackers wrote Trojans to exploit this security weakness and installed a hidden “back door.”

2006 Share price scams
Spam mail hyping shares in small companies (“pump-and-dump” spam) became common.

2006 Ransomware
The Zippo and Archiveus Trojan horse programs, which encrypted users’ files and demanded payment in exchange for the password, were early examples of ransomware.

2006 First advanced persistent threat (APT) identified 
First coined by the U.S. Air Force in 2006 and functionally defined by Alexandria, Virginia security firm Mandiant in 2008 as a group of sophisticated, determined and coordinated attackers. APTs are equipped with both the capability and the intent to persistently and effectively target a specific entity. Recognized attack vectors include infected media, supply chain compromise and social engineering.

2008 Fake antivirus software
Scaremongering tactics encourage people to hand over credit card details for fake antivirus products like AntiVirus 2008.

2008 First iPhone malware
The US Computer Emergency Response Team (US-CERT) issues a warning that a fraudulent iPhone upgrade, “iPhone firmware 1.1.3 prep,” is making its way around the Internet and users should not be fooled into installing it. When a user installs the Trojan, other application components are altered. If the Trojan is uninstalled, the affected applications may also be removed.

2009 Conficker hits the headlines
Conficker, a worm that initially infects via unpatched machines, creates a media storm across the world.

2009 Polymorphic viruses rise again
Complex viruses return with a vengeance, including Scribble, a virus which mutates its appearance on each infection and used multiple vectors of attack.

2009 First Android malware
Android FakePlayerAndroid/FakePlayer.A is a Trojan that sends SMS messages to premium rate phone numbers. The Trojan penetrates Android-based smartphones disguised as an ordinary application. Users are prompted to install a small file of around 13 KB that has the standard Android extension .APK. But once the “app” is installed on the device, the Trojan bundled with it begins texting premium rate phone numbers (those that charge). The criminals are the ones operating these numbers, so they end up collecting charges to the victims’ accounts.

2010 Stuxnet
Discovered in June 2010 the Stuxnet worm initially spreads indiscriminately, but is later found to contain a highly specialized malware payload that is designed to target only Siemens supervisory control and data acquisition (SCADA) systems configured to control and monitor specific industrial processes. Stuxnet’s most prominent target is widely believed to be uranium enrichment infrastructure in Iran.

2012 First drive-by Android malware
The first Android drive-by malware is discovered, a Trojan called NotCompatible that poses as a system update but acts as a proxy redirect. The site checks the victim’s browser’s user-agent string to confirm that it is an Android visiting, then automatically installs the Trojan. A device infected with NotCompatible could potentially be used to gain access to normally protected information or systems, such as those maintained by enterprise or government.

2013 Ransomware is back
Ransomware emerges as one of the top malware threats. With some variants using advanced encryption that makes recovering locked files nearly impossible, ransomware replaces fake antivirus as malicious actors’ money-soliciting threat of choice.

Take note that information below is an extract from the Sophos Threatsaurus, compiled by Sophos, a security software and hardware company.

How to avoid spam

Thursday, March 17th, 2016

Spam is unsolicited and often profitable bulk email. Spammers can send millions of emails in a single campaign for very little money. If even one recipient out of 10,000 makes a purchase, the spammer can turn a profit. Unfortunately spam is more than a mere nuisance. It is also used to distribute malware. 

Here are a few tips to prevent your mailbox from being flooded with unwanted, dubious e-mails.

Never make a purchase from an unsolicited email.
By making a purchase, you are funding future spam. Spammers may add your email address to lists to sell to other spammers and you will receive even more junk email. Worse still, you could be the victim of a fraud.

If you do not know the sender of an unsolicited email, delete it.
Spam can contain malware that damages or compromises the computer when the email is opened.

Don’t use the preview mode in your email viewer.
Spammers can track when a message is viewed, even if you don’t click on it. The preview setting effectively opens the email and lets spammers know that you receive their messages. When you check your email, try to decide whether a message is spam on the basis of the subject line only.

Don’t overexpose your email address.
How much online exposure you give your email address is the biggest factor in how much spam you receive. Here are some bad habits that expose your email address to spammers:
– Posting to mailing lists that are archived online
– Submitting your address to online services with questionable privacy practices
– Exposing your address publicly on social networks (Facebook, LinkedIn, etc.)
– Using an easily guessable address based on first name, last name and company
– Not keeping your work and personal email separate

Use the bcc field if you email many people at once.
The bcc or blind carbon copy field hides the list of recipients from other users. If you put the addresses in the To field, spammers may harvest them and add them to mailing lists.

Use one or two secondary email addresses.
If you fill out web registration forms or surveys on sites from which you don’t want further information, use a secondary email address. 

Opt out of further information or offers.
When you fill out forms on websites, look for the checkbox that lets you choose whether to accept further information or offers. Uncheck if you don’t want to receive any more correspondence.

Take note that information below is an extract from the Sophos Threatsaurus, compiled by Sophos, a security software and hardware company.

First ransomware targeting Apple Mac users

Tuesday, March 8th, 2016

Ransomware, one of the fastest-growing cyber threats, encrypts data on infected machines, then asks users to pay ransoms in hard-to-trace digital currencies to get an electronic key so they can retrieve their data (more previous ramsomware articles on our blog).

The “KeRanger” ransomware, which appeared last week, was the first functioning ransomware attacking Apple’s Mac computers.

Read more on the new Mac ransomware.

If you have any enquiries or need assistance, please contact us at helpinfo@sun.ac.za.

 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.