Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

Security

« Older Entries
Newer Entries »

Credit card fraud increasing

Friday, October 23rd, 2015

It’s Friday afternoon and you are looking forward to an effortless evening of movies and take-aways. You drop in at the closest pizza place on your way home. In your rush to silence your growling stomach, you forgot to draw cash. The closest ATM is 5 kilometres away, but at least you have a credit card.

Paying is no problem and the transaction is safe. You can see the card machine the shop assistant uses and you discreetly type in your PIN number. Besides, card cloning only takes place when someone takes your card out of sight. So they say.

But did you notice that the machine swallowed a little bit more of your card than other times. Usually you can still fit your thumb on the card while you complete the transaction, but now it’s hardly visible.

Coincidence. Actually no. Your card was just skimmed.

Last year R450 million was lost to credit card scams, 23% more than in 2013. The increase was particularly sharp at take-away outlets. But even handheld devices in restaurants can be tampered with. Between 2005 and 2015 1377 compromised devices were confiscated.

Card cloning is just one form of credit card fraud. When you use your card on the internet, whether it’s for banking or online shopping, there’s always some risk involved.

According to Kaspersky Lab, one of the leaders in internet security, 5000 websites are compromised daily. Malware and phishing through e-mails are still one of the biggest problems at Stellenbosch University.

How do you avoid becoming a victim?

Keep an eye on your card at all times.

  • Place your credit card in the machine yourself so you can feel if it goes in easily. With a chip card, you should still be able to comfortably fit your thumb on the card, even when it’s in the machine.
  • Never send your banking details with e-mail.
  • Also never click on a link asking these details – even if it looks like you bank’s branding.
  • Install spam blocking software to eliminate phishing e-mails.
  • Ensure that your antivirus software is up to date and regularly updated.
  • When you purchase online with your credit card, only use official, safe websites. Even then, see if the address starts with “https:”, otherwise it’s not secure.
  • Don’t use public wi-fi for any personal transactions or purchases. (read more here)

[SOURCE: www.mybroadband.co.za]

 

Email

Tags:
Posted in Security | Comments Off on Credit card fraud increasing

E-mails with a hidden agenda

Wednesday, October 14th, 2015

Two e-mails trying to scam staff out of their information, and potentially money, materialised in our mailboxes last week.

The first is a familiar one attempting to get you to reactivate to increase your webmail quota.

The source of the scam is Russia, and  it uses a man-in-the-middle method to send out the mail. This method takes the e-mail credentials from a staff member who has inadvertently given their e-mail details to the scammers. It typically occurs when you respond to a “you have won/inherited X-amount of money in a lucky draw/online survey/death of a unknown relative/government official” e-mail or click on an advert on a compromised website.

The scammers use your e-mail address and, if it is also infected with malware or a virus, your PC, to send an e-mail to all accounts within the same organisation.

The use of a university e-mail as the alleged sender often lulls us into thinking it is legitimate and we respond. We forget that “senders” and most mail details in an e-mail can be forged by these scammers.

The mail below is an example of one such scam. It might be useful to remember that personnel currently have 1Gb of mailbox storage, and students have 50Gb through Office365. The dangerous links have been removed.

The second e-mail targets Pick & Pay clients with an e-mail on Smart Shopper credits. (see example below with active links removed)

Take note of the following:

1. The e-mail is never addressed to you personally – it’s just a generic heading.
2. It asks the receiver to divulge personal information, e.g, Smartshopper number and ID number.
3. The wording is somewhat threatening –  “make sure” and “must”.

With the information sourced by the e-mail, Smartshopper cards can be duplicated. Since your ID number is also joined with your Smartshopper card, not only your credits are at risk, but also the possibility of identity theft.

Never respond to this sort of mail. Information Technology will never send such a mail about your mailbox size and Pick & Pay also won’t communicate with its clients in this way. If in doubt phone the IT Service Desk.

 

From: University, Personnel, Address <faultyaddress@sun.ac.za>

Sent: Wednesday, 14 October 2015 08:24
Subject: 500MB

Dear E-mail User,

Your webmail quota has exceeded the set quota which is 500MB. you are currently running on 1.3GB. To re-activate and increase your webmail quota please verify and update your webmail Account In order to  re-activate and increase your webmail quota click linkhttp://phishing.site.in.russia/   LOGON WITH YOUR LOGIN DETAILS TO COMPLETE UPGRADE.

Failure to do so may result in the cancellation of your webmail account. You may not be able to send or receive new mail until you re-validate your mailbox.

Thanks, and sorry for the inconvenience.

Admin/ Webmaster/ Local host

 

From: Pick N Pay [mailto:faultyaddress@pnp.co.za]

Sent: Tuesday, 20 October 2015 05:42
Subject: Your R700 Pick N Pay (PNP) Shopping Voucher ready for claim

Attention PNP Smart Card Owner,

You have qualified to receive a shopping voucher of R700 to shop for groceries at any “PNP” outlet near you. Make sure you have your SMART SHOPPER CARD with you before you can proceed.

CLICK HERE TO PROCEED

Regards,

PNP

 [INFORMATION SUPPLIED BY DAVID WILES]

Email

Tags: ,
Posted in E-mail, Security | Comments Off on E-mails with a hidden agenda

Phishing scam: Ibanking confirmation

Monday, September 28th, 2015

Scammers never give up, and this latest iteration tries to disguise itself as a message from Capitec Bank. It is poorly executed with some glaring mistakes, but nevertheless they still catch people in South Africa. (Did you know that according to a report from the South African Banking Risk Information Centre (SABRIC), South African were scammed out of R2.2 billion by phishing scams in 2013 alone.)

Below is a e-mail that is making its rounds again, this time from Capitec.

Note several tell-tale signs that this is a phishing scam:

  • The email has improper spelling or grammar
  • The hyperlinked URL is different from the one shown (this one comes from a hijacked domain based in the USA)
  • The email urges you to take immediate action
  • The email requests for personal information
  • …and for the technically-inclined the most obvious mistake is the IP address.

[IP addresses are a unique string of numbers separated by full stops that identifies each computer using the Internet Protocol to communicate over a network. These addresses are 4 sets of numbers each between 0 and 255 (256 unique values) The university’s IP address ALWAYS begins with 146.232…]

In this case the IP address is fake. There will never be an IP with a value of 362…

—————————————————————————————————

From: Capitec. [mailto:capitec@cnserv.co.za]
Sent: 25 September 2015 12:57 PM
To: Victim, IAMA, Mej <iamavictim@sun.ac.za>
Subject: Ibanking confirmation

 

Dear valued Client

An ip address 82.128.362.135 made some incorrect logon attempts
with your remote pin.

Please respond to this by following the reference below and you
will be guided through the secure restore process.

Restore ebanking access (this link has been cleaned up and is no longer a danger)

You may experience future problems with your
online access by failing to attend to this matter.

Ebanking Service

 

—————————————————————————————————–

[ARTICLE BY DAVID WILES]

 

Email

Tags:
Posted in E-mail, Security | Comments Off on Phishing scam: Ibanking confirmation

Warning: Latest Flash update corrupts Powerpoint presentations

Monday, September 28th, 2015

The latest Adobe Flash updates are causing .ppt files with embedded Flash (SCORM Packages – Articulate & iSpring users) to not function correctly, thus affecting the students and their ability to complete certain module activities.

Notice below:

 

 

Warning: Latest Flash Update Corrupts Presentations

Greetings from iSpring!

This is a notice for all iSpring users who use Flash in their presentations.

The latest Flash Player security update (version 19.0.0.185) contains an issue that corrupts any PowerPoint presentation with embedded Flash when you save it.

We recommend all iSpring clients refrain from updating Flash Player until Adobe resolves the issue.

For detailed information and recommendations, read this post on the iSpring Blog.

If you have any questions, please feel free to contact us anytime.

 

  Best regards,
iSpring Customer Care.		  
 
Email

Posted in Security | Comments Off on Warning: Latest Flash update corrupts Powerpoint presentations

New html phishing scam

Wednesday, August 26th, 2015

There are a number of e-mails arriving in student and personnel accounts that have malware/virus infected attachments, usually *disguised* as .html files.

The e-mails have subject lines like “UCount reward confirmation” and “Confirmation of epayment” and have .html attachments.  After clicking the link on the webpage that appear, you will be sent to a fraudulent site, which looks just like the institution’s web site and you will be asked for various sensitive information. Although the Trojan attachment does not install anything into the system, it utilizes the “social engineering” technique to force users fill in their personal data on a fraudulent web site.

  • Always beware when asked for private information.
  • Do not click on links in e-mail and do not copy-paste them into your browser.
  • Open a new browser window and type in the company’s correct address.
  • Make sure such requests are genuine by, for example, calling a known company’s phone number.
  • Do not send sensitive information by e-mail. Legitimate companies do not ask you to send important data by e-mail.

Be careful out there. The reason why scammers are so successful is because they catch people regularly!

[ARTICLE BY DAVID WILES]

Email

Posted in E-mail, Security | Comments Off on New html phishing scam

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.