%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20240519074120+00'00') /ModDate (D:20240519074120+00'00') /Title (IT-artikels) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 12 0 R 14 0 R 16 0 R 18 0 R 20 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 10847 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 110.959 521.469 635.775 re f 0.773 0.773 0.773 RG 0.75 w 0 J [ ] 0 d 45.641 111.334 520.719 635.025 re S 0.773 0.773 0.773 rg 61.016 617.359 m 550.984 617.359 l 550.984 618.109 l 61.016 618.109 l f 1.000 1.000 1.000 rg BT 278.868 698.693 Td /F1 10.5 Tf [(POST LIST)] TJ ET 0.200 0.200 0.200 rg BT 212.789 670.111 Td /F1 14.4 Tf [(INFORMASIETEGNOLOGIE)] TJ ET BT 221.824 643.466 Td /F1 11.7 Tf [(INFORMATION TECHNOLOGY)] TJ ET BT 61.016 583.841 Td /F1 14.4 Tf [(STEP UP TO STRONGER PASSWORDS)] TJ ET 0.400 0.400 0.400 rg BT 61.016 564.033 Td /F3 9.0 Tf [(Weak and reused passwords continue to be a common entry point for account or identity takeover and network )] TJ ET BT 61.016 553.044 Td /F3 9.0 Tf [(intrusions. Simple steps and tools exist to help you achieve unique, strong passwords for your accounts.)] TJ ET BT 61.016 533.055 Td /F4 9.0 Tf [( A password is often all that stands between you and sensitive data. It’s also often all that stands between a cyber criminal )] TJ ET BT 61.016 522.066 Td /F4 9.0 Tf [(and your account. Below are tips to help you create stronger passwords, manage them more easily, and take one further )] TJ ET BT 61.016 511.077 Td /F4 9.0 Tf [(step to protect against account theft.)] TJ ET 0.400 0.400 0.400 RG 85.866 493.904 m 85.866 494.317 85.696 494.726 85.404 495.018 c 85.113 495.310 84.703 495.479 84.291 495.479 c 83.878 495.479 83.469 495.310 83.177 495.018 c 82.885 494.726 82.716 494.317 82.716 493.904 c 82.716 493.492 82.885 493.082 83.177 492.791 c 83.469 492.499 83.878 492.329 84.291 492.329 c 84.703 492.329 85.113 492.499 85.404 492.791 c 85.696 493.082 85.866 493.492 85.866 493.904 c f BT 91.016 491.088 Td /F3 9.0 Tf [(Always:)] TJ ET BT 125.027 491.088 Td /F4 9.0 Tf [( Use a unique password for each account so )] TJ ET BT 305.117 491.088 Td /F4 9.0 Tf [(one)] TJ ET BT 320.129 491.088 Td /F4 9.0 Tf [( compromised password does not put )] TJ ET BT 472.193 491.088 Td /F4 9.0 Tf [(all)] TJ ET BT 481.193 491.088 Td /F4 9.0 Tf [( of your )] TJ ET BT 91.016 480.099 Td /F4 9.0 Tf [(accounts at risk of takeover.)] TJ ET 85.866 471.926 m 85.866 472.339 85.696 472.748 85.404 473.040 c 85.113 473.332 84.703 473.501 84.291 473.501 c 83.878 473.501 83.469 473.332 83.177 473.040 c 82.885 472.748 82.716 472.339 82.716 471.926 c 82.716 471.514 82.885 471.104 83.177 470.813 c 83.469 470.521 83.878 470.351 84.291 470.351 c 84.703 470.351 85.113 470.521 85.404 470.813 c 85.696 471.104 85.866 471.514 85.866 471.926 c f BT 91.016 469.110 Td /F3 9.0 Tf [(Good:)] TJ ET BT 117.512 469.110 Td /F4 9.0 Tf [( A good password is 10 or more characters in length, with a combination of uppercase and lowercase )] TJ ET BT 91.016 458.121 Td /F4 9.0 Tf [(letters, plus numbers and/or symbols — such as )] TJ ET BT 285.587 458.121 Td /F4 9.0 Tf [(pAMPh$3let)] TJ ET BT 334.610 458.121 Td /F4 9.0 Tf [(. Complex passwords can be challenging to )] TJ ET BT 91.016 447.132 Td /F4 9.0 Tf [(remember for even one site, let alone using multiple passwords for multiple sites; strong passwords are also )] TJ ET BT 91.016 436.143 Td /F4 9.0 Tf [(difficult to type on a smartphone keyboard \(for an easy password management option, see “best” below\).)] TJ ET 85.866 427.970 m 85.866 428.383 85.696 428.792 85.404 429.084 c 85.113 429.376 84.703 429.545 84.291 429.545 c 83.878 429.545 83.469 429.376 83.177 429.084 c 82.885 428.792 82.716 428.383 82.716 427.970 c 82.716 427.558 82.885 427.148 83.177 426.857 c 83.469 426.565 83.878 426.395 84.291 426.395 c 84.703 426.395 85.113 426.565 85.404 426.857 c 85.696 427.148 85.866 427.558 85.866 427.970 c f BT 91.016 425.154 Td /F3 9.0 Tf [(Better:)] TJ ET BT 120.014 425.154 Td /F4 9.0 Tf [( A passphrase uses a combination of words to achieve a length of 20 or more characters. That additional )] TJ ET BT 91.016 414.165 Td /F4 9.0 Tf [(length makes it's exponentially harder for hackers to crack, yet a passphrase is easier for you to remember and )] TJ ET BT 91.016 403.176 Td /F4 9.0 Tf [(more natural to type. To create a passphrase, generate four or more random words from a dictionary, mix in )] TJ ET BT 91.016 392.187 Td /F4 9.0 Tf [(uppercase letters, and add a number or symbol to make it even stronger — such as )] TJ ET BT 91.016 381.198 Td /F4 9.0 Tf [(rubbishconsiderGREENSwim$3. You’ll still find it challenging to remember multiple passphrases, though, so read )] TJ ET BT 91.016 370.209 Td /F4 9.0 Tf [(on.)] TJ ET 85.866 362.036 m 85.866 362.449 85.696 362.858 85.404 363.150 c 85.113 363.442 84.703 363.611 84.291 363.611 c 83.878 363.611 83.469 363.442 83.177 363.150 c 82.885 362.858 82.716 362.449 82.716 362.036 c 82.716 361.624 82.885 361.214 83.177 360.923 c 83.469 360.631 83.878 360.461 84.291 360.461 c 84.703 360.461 85.113 360.631 85.404 360.923 c 85.696 361.214 85.866 361.624 85.866 362.036 c f BT 91.016 359.220 Td /F3 9.0 Tf [(Best:)] TJ ET BT 113.516 359.220 Td /F4 9.0 Tf [( The strongest passwords are created by password managers — software that generates and keeps track of )] TJ ET BT 91.016 348.231 Td /F4 9.0 Tf [(complex and unique passwords for all of your accounts. All you need to remember is one complex password or )] TJ ET BT 91.016 337.242 Td /F4 9.0 Tf [(passphrase to access your password manager. With a password manager, you can look up passwords when you )] TJ ET BT 91.016 326.253 Td /F4 9.0 Tf [(need them, copy and paste from the vault, or use functionality within the software to log you in automatically. Best )] TJ ET BT 91.016 315.264 Td /F4 9.0 Tf [(practice is to add two-step verification to your password manager account. Keep reading!)] TJ ET 85.866 307.091 m 85.866 307.504 85.696 307.913 85.404 308.205 c 85.113 308.497 84.703 308.666 84.291 308.666 c 83.878 308.666 83.469 308.497 83.177 308.205 c 82.885 307.913 82.716 307.504 82.716 307.091 c 82.716 306.679 82.885 306.269 83.177 305.978 c 83.469 305.686 83.878 305.516 84.291 305.516 c 84.703 305.516 85.113 305.686 85.404 305.978 c 85.696 306.269 85.866 306.679 85.866 307.091 c f BT 91.016 304.275 Td /F3 9.0 Tf [(Step it up!)] TJ ET BT 135.017 304.275 Td /F4 9.0 Tf [( When you use two-step verification \(a.k.a., two-factor authentication or login approval\), a stolen )] TJ ET BT 91.016 293.286 Td /F4 9.0 Tf [(password doesn’t result in a stolen account. Anytime your account is logged into from a new device, you receive )] TJ ET BT 91.016 282.297 Td /F4 9.0 Tf [(an authorization check on your smartphone or another registered device. Without that second piece, a password )] TJ ET BT 91.016 271.308 Td /F4 9.0 Tf [(thief can’t get into your account. It’s the single best way to protect your account from cyber criminals.)] TJ ET BT 61.016 251.319 Td /F4 9.0 Tf [(https://youtu.be/pMPhBEoVulQ)] TJ ET 0.200 0.200 0.200 rg BT 61.016 231.330 Td /F3 9.0 Tf [(RESOURCES)] TJ ET 0.400 0.400 0.400 rg 85.866 214.157 m 85.866 214.570 85.696 214.979 85.404 215.271 c 85.113 215.563 84.703 215.732 84.291 215.732 c 83.878 215.732 83.469 215.563 83.177 215.271 c 82.885 214.979 82.716 214.570 82.716 214.157 c 82.716 213.745 82.885 213.335 83.177 213.044 c 83.469 212.752 83.878 212.582 84.291 212.582 c 84.703 212.582 85.113 212.752 85.404 213.044 c 85.696 213.335 85.866 213.745 85.866 214.157 c f BT 91.016 211.341 Td /F4 9.0 Tf [(Check out )] TJ ET 0.373 0.169 0.255 rg BT 134.036 211.341 Td /F4 9.0 Tf [(http://twofactorauth.org)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 134.036 210.190 m 226.088 210.190 l S 0.400 0.400 0.400 rg BT 226.088 211.341 Td /F4 9.0 Tf [( to see a list of services that offer two-step verification.)] TJ ET 0.400 0.400 0.400 RG 85.866 203.168 m 85.866 203.581 85.696 203.990 85.404 204.282 c 85.113 204.574 84.703 204.743 84.291 204.743 c 83.878 204.743 83.469 204.574 83.177 204.282 c 82.885 203.990 82.716 203.581 82.716 203.168 c 82.716 202.756 82.885 202.346 83.177 202.055 c 83.469 201.763 83.878 201.593 84.291 201.593 c 84.703 201.593 85.113 201.763 85.404 202.055 c 85.696 202.346 85.866 202.756 85.866 203.168 c f BT 91.016 200.352 Td /F4 9.0 Tf [(Learn more about )] TJ ET 0.373 0.169 0.255 rg BT 164.555 200.352 Td /F4 9.0 Tf [(passwords and securing your accounts)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 164.555 199.201 m 320.120 199.201 l S 0.400 0.400 0.400 rg BT 320.120 200.352 Td /F4 9.0 Tf [( from the National Cyber Security Alliance.)] TJ ET 0.400 0.400 0.400 RG 85.866 192.179 m 85.866 192.592 85.696 193.001 85.404 193.293 c 85.113 193.585 84.703 193.754 84.291 193.754 c 83.878 193.754 83.469 193.585 83.177 193.293 c 82.885 193.001 82.716 192.592 82.716 192.179 c 82.716 191.767 82.885 191.357 83.177 191.066 c 83.469 190.774 83.878 190.604 84.291 190.604 c 84.703 190.604 85.113 190.774 85.404 191.066 c 85.696 191.357 85.866 191.767 85.866 192.179 c f BT 91.016 189.363 Td /F4 9.0 Tf [(Consider whether a )] TJ ET 0.373 0.169 0.255 rg BT 171.548 189.363 Td /F4 9.0 Tf [(password manager)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 171.548 188.212 m 248.075 188.212 l S 0.400 0.400 0.400 rg BT 248.075 189.363 Td /F4 9.0 Tf [( is the right choice for you.)] TJ ET 0.400 0.400 0.400 RG 85.866 181.190 m 85.866 181.603 85.696 182.012 85.404 182.304 c 85.113 182.596 84.703 182.765 84.291 182.765 c 83.878 182.765 83.469 182.596 83.177 182.304 c 82.885 182.012 82.716 181.603 82.716 181.190 c 82.716 180.778 82.885 180.368 83.177 180.077 c 83.469 179.785 83.878 179.615 84.291 179.615 c 84.703 179.615 85.113 179.785 85.404 180.077 c 85.696 180.368 85.866 180.778 85.866 181.190 c f BT 91.016 178.374 Td /F4 9.0 Tf [(Explore )] TJ ET 0.373 0.169 0.255 rg BT 124.028 178.374 Td /F4 9.0 Tf [(Five Ways to Upgrade your Password this Password Day)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 124.028 177.223 m 352.097 177.223 l S 0.400 0.400 0.400 rg BT 352.097 178.374 Td /F4 9.0 Tf [(, which is observed in May each year.)] TJ ET 0.400 0.400 0.400 RG 85.866 170.201 m 85.866 170.614 85.696 171.023 85.404 171.315 c 85.113 171.607 84.703 171.776 84.291 171.776 c 83.878 171.776 83.469 171.607 83.177 171.315 c 82.885 171.023 82.716 170.614 82.716 170.201 c 82.716 169.789 82.885 169.379 83.177 169.088 c 83.469 168.796 83.878 168.626 84.291 168.626 c 84.703 168.626 85.113 168.796 85.404 169.088 c 85.696 169.379 85.866 169.789 85.866 170.201 c f BT 91.016 167.385 Td /F4 9.0 Tf [(Find more videos and a quiz at )] TJ ET 0.373 0.169 0.255 rg BT 216.575 167.385 Td /F4 9.0 Tf [(http://passwordday.org)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 216.575 166.234 m 307.619 166.234 l S 0.400 0.400 0.400 rg BT 307.619 167.385 Td /F4 9.0 Tf [(.)] TJ ET BT 61.016 147.396 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 128.907 Td /F4 9.0 Tf [(Posted in:E-mail,Security | Tagged:Password,Security | With 0 comments)] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Annot /Subtype /Link /A 13 0 R /Border [0 0 0] /H /I /Rect [ 134.0357 210.5086 226.0877 219.6661 ] >> endobj 13 0 obj << /Type /Action /S /URI /URI (http://twofactorauth.org/) >> endobj 14 0 obj << /Type /Annot /Subtype /Link /A 15 0 R /Border [0 0 0] /H /I /Rect [ 164.5547 199.5196 320.1197 208.6771 ] >> endobj 15 0 obj << /Type /Action /S /URI /URI (http://staysafeonline.org/stay-safe-online/protect-your-personal-information/passwords-and-securing-your-accounts) >> endobj 16 0 obj << /Type /Annot /Subtype /Link /A 17 0 R /Border [0 0 0] /H /I /Rect [ 171.5477 188.5306 248.0747 197.6881 ] >> endobj 17 0 obj << /Type /Action /S /URI /URI (http://library.educause.edu/resources/2015/7/password-managers) >> endobj 18 0 obj << /Type /Annot /Subtype /Link /A 19 0 R /Border [0 0 0] /H /I /Rect [ 124.0277 177.5416 352.0967 186.6991 ] >> endobj 19 0 obj << /Type /Action /S /URI /URI (http://nakedsecurity.sophos.com/2016/05/05/dont-do-it-5-ways-to-upgrade-your-passwords-this-passwordday/) >> endobj 20 0 obj << /Type /Annot /Subtype /Link /A 21 0 R /Border [0 0 0] /H /I /Rect [ 216.5747 166.5526 307.6187 175.7101 ] >> endobj 21 0 obj << /Type /Action /S /URI /URI (http://passwordday.org/) >> endobj xref 0 22 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000305 00000 n 0000000334 00000 n 0000000469 00000 n 0000000579 00000 n 0000011479 00000 n 0000011591 00000 n 0000011698 00000 n 0000011818 00000 n 0000011934 00000 n 0000012062 00000 n 0000012139 00000 n 0000012267 00000 n 0000012432 00000 n 0000012560 00000 n 0000012674 00000 n 0000012802 00000 n 0000012958 00000 n 0000013086 00000 n trailer << /Size 22 /Root 1 0 R /Info 5 0 R >> startxref 13161 %%EOF Security « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

Security

« Older Entries
Newer Entries »

Cybersecurity Awareness Month: Creating strong passwords

Tuesday, October 5th, 2021

Before we pointed out that most people underestimate the importance of having a secure password, and still make the mistake of using simple words and numbers as a password.

Keep in mind that your email and social network accounts contain very personal information about you. You must have a strong password to keep your personal life personal, and not become a victim of identity theft. 

  • Using email or your profile on Facebook, Whatsapp or Google, hackers can and do, extract a huge amount of personal data of your personal “online” life.
  • If you use the same password for multiple online accounts, you run the risk, if this password is hacked, of all your online accounts being compromised.
  • Using a personal name for an online account, the name of the city that you live in, the names of your children or your date of birth, give hackers vital clues for attempting to access your personal data.
  • For an average expert hacker, it is always easy to find passwords that are made up of words from the English vocabulary or other languages, using a basic technique called “brute force” or “dictionary” attacks.

What makes a password safe?

  1. A password at least 8 characters long.
  2. The password does not contain information that is easy to find online, such as the date of birth, the telephone number, your spouse’s name, the name of a pet, or a child’s name.
  3. The password does not contain words found in the dictionary.
  4. The password contains special characters like @ # $% ^ &, and numbers.
  5. The password uses a combination of uppercase and lowercase letters.

A trick that the experts use to create secure passwords:

Think of a phrase and use the first letters of the words in the phrase.

  • For example: “In South Africa, a barbecue is called a Braai!”
  • Take the first letters of each word and the password that is created is ISAabicaB!
  • This will be very difficult to guess, but easy to remember.
  • At this point, you can decide to make your the Google password is ISAabicaB!-G,  and Facebook ISAabicaB!-F and your university account  ISAabicaB!-US and so on.
  • There is already a capital letter and a special character (!), so you just need to add a number to finish off a good password like 9-ISAabicaB!-US (9 could be the month you created the password in – for example)

You will have already made your password a lot more difficult to hack, and it can be a lot of fun to create. 

Email

Tags: , , , ,
Posted in News, phishing, Security, Tips | Comments Off on Cybersecurity Awareness Month: Creating strong passwords

How to recognise a phishing e-mail

Tuesday, October 5th, 2021

We can’t warn you against every phishing e-mail– there’s a new variation every day. You are the only person who can protect yourself from phishing scams and identity theft. The only way to do this is to learn to recognise a harmful e-mail by paying attention and keeping an eye out for a few tell-tale signs.

phishme_how_to_spot_a_phishTypical characteristics

1. Well-known companies used as bait
These e-mails are sent out to thousands of different e-mail addresses and often the person sending them has no idea who you are. If you have no affiliation with the company the e-mail address is supposedly coming from, it’s fake. For example, if the e-mail is sent by ABSA, but you are a Standard Bank client. Also, see a list of types of companies generally used in phishing e-mails below.

2. Spelling and grammar
Improper spelling and grammar is a dead giveaway. Look for obvious errors. 

3. Lack of client information
Phishers use a generic greeting. For example, the e-mail greets you as “ABSA customer” or “Dear user”, etc. If the company was sending you information regarding your faulty account, they would mention your account details or name in the e-mail.  A company would go through the trouble to address a client by name and won’t ask you for your information. Banks have your information on their system.

4. Deadlines/Sense of urgency
Phishing e-mails demand an immediate response or stipulate a specific deadline, creating a sense of urgency and prompting you to respond before you’ve looked at the e-mail properly. For example,  demanding that you log in and change your account information within 24 hours or your account will be closed.

5. Malicious links
Although many phishing e-mails are getting better at hiding the true URL you are visiting, often these e-mails will show a URL that is unrelated to the company. Move your mouse over the link and look at the display address. Is this the website address of the company who seems to be sending the e-mail? If not, it’s clearly a phishing e-mail.

6. Attachments
Phishing e-mails occasionally include an attachment which contains malware. When opened, it will run and install a small programme on your PC, which hackers use to gain access to your PC and information. 

Typical phishing topics

• Account issues, such as accounts or passwords expiring, accounts being hacked, out-of-date accounts, or account information has to be changed.
• Credit cards expiring or being stolen, a duplicate credit card, credit card transactions, etc. 
• Confirming orders, requesting that you log in to confirm recent orders or transactions before a delivery can be made.
• Winning a prize or getting something for free. Both Woolworths and Pick ‘n Pay’s have been used in fake campaigns to lure people into providing personal details.

Company names phishers generally use

• Any major bank. ABSA and Standard Bank are both popular choices in South Africa.
• Insurance companies, for example, Outsurance.
• Internet service providers
• Apple or Microsoft claiming your account has been suspended.
• E-mail providers, e.g. Gmail or Yahoo
• SARS. Especially at this time of year. (We’ve had a few of these.)
• DHL or any delivery company claiming they have a package for you.
• Your company’s medical aid, for example, Discovery
• Your company’s IT department
• Casinos and lotteries
• Online dating websites
• Popular websites such as Amazon, Facebook, MySpace, PayPal, eBay, Microsoft, Apple, Hotmail, YouTube, etc.

A few tips to keep you safe

• Never follow links in an e-mail you’re uncertain of. Rather visit the page by typing the address of the company in your browser. For example,  instead of clicking on the “ABSA URL” in the e-mail, type http://www.absa.co.za in your web browser and log in at their official website.
• Never send personal information by e-mail. If a company is asking for your personal account information or claiming your account is invalid, visit the website and log in to the account as you normally would. If everything seems in order and there aren’t any urgent notifications from your bank, you should be fine.
• If you are still not sure about the status of your account or are concerned about your personal information, contact the company directly, either through an e-mail address provided on their website, over the phone or visit your local branch.
• Delete the e-mail and don’t click on links or fill in any information.
• If you’ve already divulged your information, immediately change your password or PIN and contact the institution to inform them of the breach.
• To report spam or phishing e-mails send an e-mail to sysadm@sun.ac.za with the subject SPAM with the suspect e-mail attached. IT system administrators will then be able to block the e-mail to protect other users.

[SOURCE: www.computerhope.com]

 

Email

Tags: , ,
Posted in E-mail, Security, Tips | Comments Off on How to recognise a phishing e-mail

How do I report phishing?

Tuesday, October 5th, 2021

You’ve received a suspicious email, what should you do with it? Firstly, don’t click on any links. But just as important, send it to us so we can prevent more staff and students falling prey to the scam. We encourage our customers to submit potential phishing examples for review. Using these submissions, the Cyber Security Incident Response Team (CSIRT) can learn from the analysis of these messages. This collectively helps to improve the level of virus and spam detection.

What is phishing?

Phishing attacks are designed to steal a person’s login and password details so that the cyber criminal can assume control of the victim’s social network, email, and online bank accounts. Seventy percent of internet users choose the same password for almost every web service they use. This is why phishing is so effective, as the criminal, by using the same login details, can access multiple private accounts and manipulate them for their own good. 

More on how to recognise a phishing email. 

Report phishing

On the ICT Partner Portal:

*Spam or phishing examples must be sent in either.EML or .MSG format as an attachment and must not be forwarded. This ensures the original email can be analysed with its full Internet message headers intact. Alternatively, use the mail application to save the email (usually located under File | Save As) as an .EML or .MSG format to a folder location, and attach the saved file to a new email.

Email

Tags: , , , ,
Posted in phishing, Security, Tips | Comments Off on How do I report phishing?

Step Up to Stronger Passwords

Tuesday, October 5th, 2021

Weak and reused passwords continue to be a common entry point for account or identity takeover and network intrusions. Simple steps and tools exist to help you achieve unique, strong passwords for your accounts.

 A password is often all that stands between you and sensitive data. It’s also often all that stands between a cyber criminal and your account. Below are tips to help you create stronger passwords, manage them more easily, and take one further step to protect against account theft.

  • Always: Use a unique password for each account so one compromised password does not put all of your accounts at risk of takeover.
  • Good: A good password is 10 or more characters in length, with a combination of uppercase and lowercase letters, plus numbers and/or symbols — such as pAMPh$3let. Complex passwords can be challenging to remember for even one site, let alone using multiple passwords for multiple sites; strong passwords are also difficult to type on a smartphone keyboard (for an easy password management option, see “best” below).
  • Better: A passphrase uses a combination of words to achieve a length of 20 or more characters. That additional length makes it’s exponentially harder for hackers to crack, yet a passphrase is easier for you to remember and more natural to type. To create a passphrase, generate four or more random words from a dictionary, mix in uppercase letters, and add a number or symbol to make it even stronger — such as rubbishconsiderGREENSwim$3. You’ll still find it challenging to remember multiple passphrases, though, so read on.
  • Best: The strongest passwords are created by password managers — software that generates and keeps track of complex and unique passwords for all of your accounts. All you need to remember is one complex password or passphrase to access your password manager. With a password manager, you can look up passwords when you need them, copy and paste from the vault, or use functionality within the software to log you in automatically. Best practice is to add two-step verification to your password manager account. Keep reading!
  • Step it up! When you use two-step verification (a.k.a., two-factor authentication or login approval), a stolen password doesn’t result in a stolen account. Anytime your account is logged into from a new device, you receive an authorization check on your smartphone or another registered device. Without that second piece, a password thief can’t get into your account. It’s the single best way to protect your account from cyber criminals.

Resources

 

Email

Tags: ,
Posted in E-mail, Security | Comments Off on Step Up to Stronger Passwords

Spear phishing attack using a staff email

Monday, September 20th, 2021

If you receive an e-mail from Prof. Wolfgang Preiser – Head of the Department of Virology asking about a “PAYMENT”, you might be tempted to quickly answer and offer your assistance.

However, this was a spear-phishing scam designed to fool its victims into thinking the mail was sent out by someone like Prof Preiser.

We are getting several reports from personnel within his department saying that they are getting e-mail from Prof. Preiser and were concerned if his e-mail account has been compromised and if this is a phishing attack.

Here is what the phishing scam looks like.

An example of the spear phishing email using Prof Preiser's details

Click for a larger image.

Please note that the name, has been forged and that a “throwaway” execs.com e-mail address has been used with forged details inserted. The Professor’s account has not been compromised. 

The message below also serves as a warning and should give you an indication that this is not an email from an @sun address. Do not click links or open attachments unless you recognise the sender and know the content is safe.

CAUTION: This email originated from outside of the University. 

Additionally there is a standard warning from Microsoft to also warn you.

This is a spear-phishing attack where an institution is attacked by impersonating prominent or public figures within the enterprise to gain access to the enterprise. The targets in this method of attack are usually subordinates of high-ranking personnel, to fool them into sending money or obtaining personal details of these personnel members.

Keep an eye open for this scam, and please report it to IT Cyber Security if you find it in your inbox by logging it on the ICT Partner Portal. Fill in your information and add the email as an attachment. Your request will automatically be logged on the system.​​

If you accidentally clicked on the link and already gave any personal details to the scammers it is vitally important that you immediately go to the USERADM page (either http://www.sun.ac.za/password or www.sun.ac.za/useradm) and change your password immediately.

Make sure the new password is completely different and a strong password that will not be easily guessed. Also change the passwords on your social media and private e-mail accounts, especially if you use the same passwords on these accounts.

Contact the IT Service Desk if you are still unsure.

[ARTICLE BY DAVID WILES]

Email

Tags: ,
Posted in News, phishing, Security | Comments Off on Spear phishing attack using a staff email

« Older Entries
Newer Entries »
 

© 2013-2024 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.