%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> /XObject << /I1 16 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text /ImageC ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20240519080954+00'00') /ModDate (D:20240519080954+00'00') /Title (IT-artikels) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 12 0 R 14 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 9132 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 113.393 521.469 633.341 re f 0.773 0.773 0.773 RG 0.75 w 0 J [ ] 0 d 45.641 113.768 520.719 632.591 re S 0.773 0.773 0.773 rg 61.016 617.359 m 550.984 617.359 l 550.984 618.109 l 61.016 618.109 l f 1.000 1.000 1.000 rg BT 278.868 698.693 Td /F1 10.5 Tf [(POST LIST)] TJ ET 0.200 0.200 0.200 rg BT 212.789 670.111 Td /F1 14.4 Tf [(INFORMASIETEGNOLOGIE)] TJ ET BT 221.824 643.466 Td /F1 11.7 Tf [(INFORMATION TECHNOLOGY)] TJ ET BT 61.016 583.841 Td /F1 14.4 Tf [(CYBERSECURITY AWARENESS MONTH: CREATING STRONG )] TJ ET BT 61.016 566.258 Td /F1 14.4 Tf [(PASSWORDS)] TJ ET 0.373 0.169 0.255 rg BT 61.016 546.451 Td 1.096 Tw /F3 9.0 Tf [(Before)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 61.016 545.300 m 87.530 545.300 l S 0.400 0.400 0.400 rg BT 87.530 546.451 Td 1.096 Tw /F3 9.0 Tf [(we pointed out that most people underestimate the importance of having a secure password, and still make the )] TJ ET BT 61.016 535.462 Td 0.000 Tw /F3 9.0 Tf [(mistake of using simple words and numbers as a password.)] TJ ET BT 61.016 515.473 Td 0.566 Tw /F3 9.0 Tf [(Keep in mind that your email and social network accounts contain very personal information about you. You must have a )] TJ ET BT 61.016 504.484 Td 0.000 Tw /F3 9.0 Tf [(strong password to keep your personal life personal, and not become a victim of identity theft.)] TJ ET 0.400 0.400 0.400 RG 85.866 487.311 m 85.866 487.723 85.696 488.133 85.404 488.425 c 85.113 488.716 84.703 488.886 84.291 488.886 c 83.878 488.886 83.469 488.716 83.177 488.425 c 82.885 488.133 82.716 487.723 82.716 487.311 c 82.716 486.899 82.885 486.489 83.177 486.197 c 83.469 485.906 83.878 485.736 84.291 485.736 c 84.703 485.736 85.113 485.906 85.404 486.197 c 85.696 486.489 85.866 486.899 85.866 487.311 c f BT 91.016 484.495 Td 1.403 Tw /F3 9.0 Tf [(Using email or your profile on Facebook, Whatsapp or Google, hackers can and do, extract a huge amount of )] TJ ET BT 91.016 473.506 Td 0.000 Tw /F3 9.0 Tf [(personal data of your personal "online" life.)] TJ ET 85.866 465.333 m 85.866 465.745 85.696 466.155 85.404 466.447 c 85.113 466.738 84.703 466.908 84.291 466.908 c 83.878 466.908 83.469 466.738 83.177 466.447 c 82.885 466.155 82.716 465.745 82.716 465.333 c 82.716 464.921 82.885 464.511 83.177 464.219 c 83.469 463.928 83.878 463.758 84.291 463.758 c 84.703 463.758 85.113 463.928 85.404 464.219 c 85.696 464.511 85.866 464.921 85.866 465.333 c f BT 91.016 462.517 Td 0.513 Tw /F3 9.0 Tf [(If you use the same password for multiple online accounts, you run the risk, if this password is hacked, of all your )] TJ ET BT 91.016 451.528 Td 0.000 Tw /F3 9.0 Tf [(online accounts being compromised.)] TJ ET 85.866 443.355 m 85.866 443.767 85.696 444.177 85.404 444.469 c 85.113 444.760 84.703 444.930 84.291 444.930 c 83.878 444.930 83.469 444.760 83.177 444.469 c 82.885 444.177 82.716 443.767 82.716 443.355 c 82.716 442.943 82.885 442.533 83.177 442.241 c 83.469 441.950 83.878 441.780 84.291 441.780 c 84.703 441.780 85.113 441.950 85.404 442.241 c 85.696 442.533 85.866 442.943 85.866 443.355 c f BT 91.016 440.539 Td 0.739 Tw /F3 9.0 Tf [(Using a personal name for an online account, the name of the city that you live in, the names of your children or )] TJ ET BT 91.016 429.550 Td 0.000 Tw /F3 9.0 Tf [(your date of birth, give hackers vital clues for attempting to access your personal data.)] TJ ET 85.866 421.377 m 85.866 421.789 85.696 422.199 85.404 422.491 c 85.113 422.782 84.703 422.952 84.291 422.952 c 83.878 422.952 83.469 422.782 83.177 422.491 c 82.885 422.199 82.716 421.789 82.716 421.377 c 82.716 420.965 82.885 420.555 83.177 420.263 c 83.469 419.972 83.878 419.802 84.291 419.802 c 84.703 419.802 85.113 419.972 85.404 420.263 c 85.696 420.555 85.866 420.965 85.866 421.377 c f BT 91.016 418.561 Td 1.239 Tw /F3 9.0 Tf [(For an average expert hacker, it is always easy to find passwords that are made up of words from the English )] TJ ET BT 91.016 407.572 Td 0.000 Tw /F3 9.0 Tf [(vocabulary or other languages, using a basic technique called "brute force" or "dictionary" attacks.)] TJ ET BT 61.016 384.613 Td /F4 9.0 Tf [(What makes a password safe?)] TJ ET BT 78.360 364.640 Td /F3 9.0 Tf [(1.)] TJ ET BT 91.016 364.624 Td /F3 9.0 Tf [(A password at least 8 characters long.)] TJ ET BT 78.360 353.651 Td /F3 9.0 Tf [(2.)] TJ ET BT 91.016 353.635 Td /F3 9.0 Tf [(The password does not contain information that is easy to find online, such as the date of birth, the telephone )] TJ ET BT 91.016 342.646 Td /F3 9.0 Tf [(number, your spouses name, the name of a pet, or a childs name.)] TJ ET BT 78.360 331.673 Td /F3 9.0 Tf [(3.)] TJ ET BT 91.016 331.657 Td /F3 9.0 Tf [(The password does not contain words found in the dictionary.)] TJ ET BT 78.360 320.684 Td /F3 9.0 Tf [(4.)] TJ ET BT 91.016 320.668 Td /F3 9.0 Tf [(The password contains special characters like @ # $% ^ &, and numbers.)] TJ ET BT 78.360 309.695 Td /F3 9.0 Tf [(5.)] TJ ET BT 91.016 309.679 Td /F3 9.0 Tf [(The password uses a combination of uppercase and lowercase letters.)] TJ ET BT 61.016 286.720 Td /F4 9.0 Tf [(A trick that the experts use to create secure passwords:)] TJ ET BT 61.016 266.731 Td /F3 9.0 Tf [(Think of a phrase and use the first letters of the words in the phrase.)] TJ ET 85.866 249.558 m 85.866 249.970 85.696 250.380 85.404 250.672 c 85.113 250.963 84.703 251.133 84.291 251.133 c 83.878 251.133 83.469 250.963 83.177 250.672 c 82.885 250.380 82.716 249.970 82.716 249.558 c 82.716 249.146 82.885 248.736 83.177 248.444 c 83.469 248.153 83.878 247.983 84.291 247.983 c 84.703 247.983 85.113 248.153 85.404 248.444 c 85.696 248.736 85.866 249.146 85.866 249.558 c f BT 91.016 246.742 Td /F3 9.0 Tf [(For example: )] TJ ET BT 146.033 246.742 Td /F3 9.0 Tf [("In South Africa, a barbecue is called a Braai!")] TJ ET 85.866 238.569 m 85.866 238.981 85.696 239.391 85.404 239.683 c 85.113 239.974 84.703 240.144 84.291 240.144 c 83.878 240.144 83.469 239.974 83.177 239.683 c 82.885 239.391 82.716 238.981 82.716 238.569 c 82.716 238.157 82.885 237.747 83.177 237.455 c 83.469 237.164 83.878 236.994 84.291 236.994 c 84.703 236.994 85.113 237.164 85.404 237.455 c 85.696 237.747 85.866 238.157 85.866 238.569 c f BT 91.016 235.753 Td /F3 9.0 Tf [(Take the first letters of each word and the password that is created is )] TJ ET BT 368.144 235.753 Td /F4 9.0 Tf [(ISAabicaB!)] TJ ET 85.866 227.580 m 85.866 227.992 85.696 228.402 85.404 228.694 c 85.113 228.985 84.703 229.155 84.291 229.155 c 83.878 229.155 83.469 228.985 83.177 228.694 c 82.885 228.402 82.716 227.992 82.716 227.580 c 82.716 227.168 82.885 226.758 83.177 226.466 c 83.469 226.175 83.878 226.005 84.291 226.005 c 84.703 226.005 85.113 226.175 85.404 226.466 c 85.696 226.758 85.866 227.168 85.866 227.580 c f BT 91.016 224.764 Td /F3 9.0 Tf [(This will be very difficult to guess, but easy to remember.)] TJ ET 85.866 216.591 m 85.866 217.003 85.696 217.413 85.404 217.705 c 85.113 217.996 84.703 218.166 84.291 218.166 c 83.878 218.166 83.469 217.996 83.177 217.705 c 82.885 217.413 82.716 217.003 82.716 216.591 c 82.716 216.179 82.885 215.769 83.177 215.477 c 83.469 215.186 83.878 215.016 84.291 215.016 c 84.703 215.016 85.113 215.186 85.404 215.477 c 85.696 215.769 85.866 216.179 85.866 216.591 c f BT 91.016 213.775 Td /F3 9.0 Tf [(At this point, you can decide to make your the Google password is )] TJ ET BT 357.146 213.775 Td /F4 9.0 Tf [(ISAabicaB!-G)] TJ ET BT 414.656 213.775 Td /F3 9.0 Tf [(, and Facebook )] TJ ET BT 481.697 213.775 Td /F4 9.0 Tf [(ISAabicaB!-F)] TJ ET BT 91.016 202.786 Td /F3 9.0 Tf [(and your university account )] TJ ET BT 205.568 202.786 Td /F4 9.0 Tf [(ISAabicaB!-U)] TJ ET BT 262.574 202.786 Td /F3 9.0 Tf [(S and so on.)] TJ ET 85.866 194.613 m 85.866 195.025 85.696 195.435 85.404 195.727 c 85.113 196.018 84.703 196.188 84.291 196.188 c 83.878 196.188 83.469 196.018 83.177 195.727 c 82.885 195.435 82.716 195.025 82.716 194.613 c 82.716 194.201 82.885 193.791 83.177 193.499 c 83.469 193.208 83.878 193.038 84.291 193.038 c 84.703 193.038 85.113 193.208 85.404 193.499 c 85.696 193.791 85.866 194.201 85.866 194.613 c f BT 91.016 191.797 Td /F3 9.0 Tf [(There is already a capital letter and a special character )] TJ ET BT 312.110 191.797 Td /F4 9.0 Tf [(\(!\))] TJ ET BT 321.101 191.797 Td /F3 9.0 Tf [(, so you just need to add a number to finish off a good )] TJ ET BT 91.016 180.808 Td /F3 9.0 Tf [(password like )] TJ ET BT 148.031 180.808 Td /F4 9.0 Tf [(9-ISAabicaB!-US)] TJ ET BT 221.543 180.808 Td /F3 9.0 Tf [(\(9 could be the month you created the password in - for example\))] TJ ET BT 61.016 160.819 Td /F3 9.0 Tf [(You will have already made your password a lot more difficult to hack, and it can be a lot of fun to create.)] TJ ET BT 61.016 142.330 Td /F3 9.0 Tf [(Posted in:News,Phishing,Security,Tips | Tagged:Cyberaware,Cybersecurity,Password,Passwords,Phishing | With 0 )] TJ ET BT 61.016 131.341 Td /F3 9.0 Tf [(comments)] TJ ET q 225.000 0 0 135.000 61.016 420.242 cm /I1 Do Q endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Annot /Subtype /Link /A 13 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 420.2419 286.0157 555.2419 ] >> endobj 13 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/en/2018/10/cyber-aware-month-common-passwords/) >> endobj 14 0 obj << /Type /Annot /Subtype /Link /A 15 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 545.6182 87.5297 554.7757 ] >> endobj 15 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/en/2018/10/cyber-aware-month-common-passwords/) >> endobj 16 0 obj << /Type /XObject /Subtype /Image /Width 300 /Height 180 /ColorSpace /DeviceRGB /Filter /DCTDecode /BitsPerComponent 8 /Length 4011>> stream JFIF``;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82 C    !'"#%%%),($+!$%$C   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$," }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?(< ( ( ( ( ( (Q@((((((((((((((((((((((((((((((((((((((((((+!e:!6Y.9ۻλqT#%s?#klf@D.|m{9HrKՂ(QEQEQEQEQEQEQEQEQEQEQEs$okK 4zbb$1Gő Jq֍'Vj һn_xn 9|AFpב7_ ɣlUQkO]~ZG]at"FZ9<6qުQšC-j-̌e0O(9}~INOt ⺚_Mc2h]/ kön]\=bQ]$rnPiOҿ?Y\#Ͽ5 7Q dѿ6?*?JHD=@+# Q`HM|/C&Tk4o AOҿ??JH0{$y&F:oii7ݎ+vo5'_ U=[,<=4r e-TIQ`HàG5jZMͣ_ϧ9yf3]5y 2j(AEPEPEPEPEPEP0(QEQEQEQEWM?O]6vQȮҹ_ZڃjW]ʎ]ƏBG .ZڭԶȞSm,NN3YڷZ*ڿ3g܏C?s7H9jO[Vz*xr?BG .G!#o?o?:?[Ww3GH9h$5'GQy={j} 33]Ƥռ ӧ{`HJWb}Gum̞B>Vc>>׊5qWgY6[QXQEQEQE ( (Q@Š(AEPEPEPwB]B M"wZ]O8'l2 \vNg]CQ]'<҃ck c@~kPJYUsyvhAԩ4V`< yx[`w5}ax#.j 9}F/.[P{H)өP9`fΕn伔Op?C]jmvv[͕$NY9 ;'~{qF A#wZ+mxvVo͸qdqQєQEHQEQEQE ((QE (Q@Q@Q@Q@r!?KW+#KZRQ: iVdQQ@ QVn%5;"0 ݆g>_x}7vZ\,QWX>da})W( yyv 4 VvPQ%g 9f* 1$IMlCGQǐsG~/i}!ټDQM3:UXz/{ll2THG\tp54ނPIjZO}G1 [U;VC xp+Pu[)o㸶CHWS^Ik ىyZ%^OsqT,{R=N((((((((((((QExׄ p P} ʺ'@Kmq=?~ W^zj)j W=j dg*8ďxW_CQ\~?F?G eE}cmX{$s¿Ug!`jiO dmv-n?׬_C@^ԝ'ϳK}U5=2^=_Pv&I:tzzܥ2Ăf^7湛U]{I^KoYT@Ĩm8 +(tܛwV +A3^^/Eh?ok4"WEW`QEQEQEQEQEQEQEQEQEQEQE (Q@Q@W,QOV(;OH.Lּ3]\ưNI Qs)8R8=j-oQ~ 㴴WJjb߶O;G-oQ~ 㴴Sթ=+_|\DҼ#5)Ŋ8U+#`Mf7FBmb d㓎98+d2aEW!EPEPEPEPEPEPEPEPEPEPEP0(QEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQE (QEQEQEQEQEQEQEQEQEQEQEQE?`4lQTPll(=M6SFh ލފ(==袀 ލފ(==MPz6SElE`4Q@h=MPz6SElE`4Q@FElފ(==MP{Ѱz( endstream endobj xref 0 17 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000332 00000 n 0000000369 00000 n 0000000504 00000 n 0000000593 00000 n 0000009777 00000 n 0000009889 00000 n 0000009996 00000 n 0000010112 00000 n 0000010232 00000 n 0000010359 00000 n 0000010483 00000 n 0000010609 00000 n 0000010733 00000 n trailer << /Size 17 /Root 1 0 R /Info 5 0 R >> startxref 14912 %%EOF Security « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

Security

« Older Entries
Newer Entries »

Cybersecurity Awareness Month: Creating strong passwords

Tuesday, October 5th, 2021

Before we pointed out that most people underestimate the importance of having a secure password, and still make the mistake of using simple words and numbers as a password.

Keep in mind that your email and social network accounts contain very personal information about you. You must have a strong password to keep your personal life personal, and not become a victim of identity theft. 

  • Using email or your profile on Facebook, Whatsapp or Google, hackers can and do, extract a huge amount of personal data of your personal “online” life.
  • If you use the same password for multiple online accounts, you run the risk, if this password is hacked, of all your online accounts being compromised.
  • Using a personal name for an online account, the name of the city that you live in, the names of your children or your date of birth, give hackers vital clues for attempting to access your personal data.
  • For an average expert hacker, it is always easy to find passwords that are made up of words from the English vocabulary or other languages, using a basic technique called “brute force” or “dictionary” attacks.

What makes a password safe?

  1. A password at least 8 characters long.
  2. The password does not contain information that is easy to find online, such as the date of birth, the telephone number, your spouse’s name, the name of a pet, or a child’s name.
  3. The password does not contain words found in the dictionary.
  4. The password contains special characters like @ # $% ^ &, and numbers.
  5. The password uses a combination of uppercase and lowercase letters.

A trick that the experts use to create secure passwords:

Think of a phrase and use the first letters of the words in the phrase.

  • For example: “In South Africa, a barbecue is called a Braai!”
  • Take the first letters of each word and the password that is created is ISAabicaB!
  • This will be very difficult to guess, but easy to remember.
  • At this point, you can decide to make your the Google password is ISAabicaB!-G,  and Facebook ISAabicaB!-F and your university account  ISAabicaB!-US and so on.
  • There is already a capital letter and a special character (!), so you just need to add a number to finish off a good password like 9-ISAabicaB!-US (9 could be the month you created the password in – for example)

You will have already made your password a lot more difficult to hack, and it can be a lot of fun to create. 

Email

Tags: , , , ,
Posted in News, phishing, Security, Tips | Comments Off on Cybersecurity Awareness Month: Creating strong passwords

How to recognise a phishing e-mail

Tuesday, October 5th, 2021

We can’t warn you against every phishing e-mail– there’s a new variation every day. You are the only person who can protect yourself from phishing scams and identity theft. The only way to do this is to learn to recognise a harmful e-mail by paying attention and keeping an eye out for a few tell-tale signs.

phishme_how_to_spot_a_phishTypical characteristics

1. Well-known companies used as bait
These e-mails are sent out to thousands of different e-mail addresses and often the person sending them has no idea who you are. If you have no affiliation with the company the e-mail address is supposedly coming from, it’s fake. For example, if the e-mail is sent by ABSA, but you are a Standard Bank client. Also, see a list of types of companies generally used in phishing e-mails below.

2. Spelling and grammar
Improper spelling and grammar is a dead giveaway. Look for obvious errors. 

3. Lack of client information
Phishers use a generic greeting. For example, the e-mail greets you as “ABSA customer” or “Dear user”, etc. If the company was sending you information regarding your faulty account, they would mention your account details or name in the e-mail.  A company would go through the trouble to address a client by name and won’t ask you for your information. Banks have your information on their system.

4. Deadlines/Sense of urgency
Phishing e-mails demand an immediate response or stipulate a specific deadline, creating a sense of urgency and prompting you to respond before you’ve looked at the e-mail properly. For example,  demanding that you log in and change your account information within 24 hours or your account will be closed.

5. Malicious links
Although many phishing e-mails are getting better at hiding the true URL you are visiting, often these e-mails will show a URL that is unrelated to the company. Move your mouse over the link and look at the display address. Is this the website address of the company who seems to be sending the e-mail? If not, it’s clearly a phishing e-mail.

6. Attachments
Phishing e-mails occasionally include an attachment which contains malware. When opened, it will run and install a small programme on your PC, which hackers use to gain access to your PC and information. 

Typical phishing topics

• Account issues, such as accounts or passwords expiring, accounts being hacked, out-of-date accounts, or account information has to be changed.
• Credit cards expiring or being stolen, a duplicate credit card, credit card transactions, etc. 
• Confirming orders, requesting that you log in to confirm recent orders or transactions before a delivery can be made.
• Winning a prize or getting something for free. Both Woolworths and Pick ‘n Pay’s have been used in fake campaigns to lure people into providing personal details.

Company names phishers generally use

• Any major bank. ABSA and Standard Bank are both popular choices in South Africa.
• Insurance companies, for example, Outsurance.
• Internet service providers
Apple or Microsoft claiming your account has been suspended.
• E-mail providers, e.g. Gmail or Yahoo
• SARS. Especially at this time of year. (We’ve had a few of these.)
DHL or any delivery company claiming they have a package for you.
• Your company’s medical aid, for example, Discovery
• Your company’s IT department
• Casinos and lotteries
• Online dating websites
• Popular websites such as Amazon, Facebook, MySpace, PayPal, eBay, Microsoft, Apple, Hotmail, YouTube, etc.

A few tips to keep you safe

Never follow links in an e-mail you’re uncertain of. Rather visit the page by typing the address of the company in your browser. For example,  instead of clicking on the “ABSA URL” in the e-mail, type http://www.absa.co.za in your web browser and log in at their official website.
Never send personal information by e-mail. If a company is asking for your personal account information or claiming your account is invalid, visit the website and log in to the account as you normally would. If everything seems in order and there aren’t any urgent notifications from your bank, you should be fine.
• If you are still not sure about the status of your account or are concerned about your personal information, contact the company directly, either through an e-mail address provided on their website, over the phone or visit your local branch.
• Delete the e-mail and don’t click on links or fill in any information.
• If you’ve already divulged your information, immediately change your password or PIN and contact the institution to inform them of the breach.
• To report spam or phishing e-mails send an e-mail to sysadm@sun.ac.za with the subject SPAM with the suspect e-mail attached. IT system administrators will then be able to block the e-mail to protect other users.

[SOURCE: www.computerhope.com]

 

Email

Tags: , ,
Posted in E-mail, Security, Tips | Comments Off on How to recognise a phishing e-mail

How do I report phishing?

Tuesday, October 5th, 2021

You’ve received a suspicious email, what should you do with it? Firstly, don’t click on any links. But just as important, send it to us so we can prevent more staff and students falling prey to the scam. We encourage our customers to submit potential phishing examples for review. Using these submissions, the Cyber Security Incident Response Team (CSIRT) can learn from the analysis of these messages. This collectively helps to improve the level of virus and spam detection.

What is phishing?

Phishing attacks are designed to steal a person’s login and password details so that the cyber criminal can assume control of the victim’s social network, email, and online bank accounts. Seventy percent of internet users choose the same password for almost every web service they use. This is why phishing is so effective, as the criminal, by using the same login details, can access multiple private accounts and manipulate them for their own good. 

More on how to recognise a phishing email. 

Report phishing

On the ICT Partner Portal:

*Spam or phishing examples must be sent in either.EML or .MSG format as an attachment and must not be forwarded. This ensures the original email can be analysed with its full Internet message headers intact. Alternatively, use the mail application to save the email (usually located under File | Save As) as an .EML or .MSG format to a folder location, and attach the saved file to a new email.

Email

Tags: , , , ,
Posted in phishing, Security, Tips | Comments Off on How do I report phishing?

Step Up to Stronger Passwords

Tuesday, October 5th, 2021

Weak and reused passwords continue to be a common entry point for account or identity takeover and network intrusions. Simple steps and tools exist to help you achieve unique, strong passwords for your accounts.

 A password is often all that stands between you and sensitive data. It’s also often all that stands between a cyber criminal and your account. Below are tips to help you create stronger passwords, manage them more easily, and take one further step to protect against account theft.

  • Always: Use a unique password for each account so one compromised password does not put all of your accounts at risk of takeover.
  • Good: A good password is 10 or more characters in length, with a combination of uppercase and lowercase letters, plus numbers and/or symbols — such as pAMPh$3let. Complex passwords can be challenging to remember for even one site, let alone using multiple passwords for multiple sites; strong passwords are also difficult to type on a smartphone keyboard (for an easy password management option, see “best” below).
  • Better: A passphrase uses a combination of words to achieve a length of 20 or more characters. That additional length makes it’s exponentially harder for hackers to crack, yet a passphrase is easier for you to remember and more natural to type. To create a passphrase, generate four or more random words from a dictionary, mix in uppercase letters, and add a number or symbol to make it even stronger — such as rubbishconsiderGREENSwim$3. You’ll still find it challenging to remember multiple passphrases, though, so read on.
  • Best: The strongest passwords are created by password managers — software that generates and keeps track of complex and unique passwords for all of your accounts. All you need to remember is one complex password or passphrase to access your password manager. With a password manager, you can look up passwords when you need them, copy and paste from the vault, or use functionality within the software to log you in automatically. Best practice is to add two-step verification to your password manager account. Keep reading!
  • Step it up! When you use two-step verification (a.k.a., two-factor authentication or login approval), a stolen password doesn’t result in a stolen account. Anytime your account is logged into from a new device, you receive an authorization check on your smartphone or another registered device. Without that second piece, a password thief can’t get into your account. It’s the single best way to protect your account from cyber criminals.

Resources

 

Email

Tags: ,
Posted in E-mail, Security | Comments Off on Step Up to Stronger Passwords

Spear phishing attack using a staff email

Monday, September 20th, 2021

If you receive an e-mail from Prof. Wolfgang Preiser – Head of the Department of Virology asking about a “PAYMENT”, you might be tempted to quickly answer and offer your assistance.

However, this was a spear-phishing scam designed to fool its victims into thinking the mail was sent out by someone like Prof Preiser.

We are getting several reports from personnel within his department saying that they are getting e-mail from Prof. Preiser and were concerned if his e-mail account has been compromised and if this is a phishing attack.

Here is what the phishing scam looks like.

An example of the spear phishing email using Prof Preiser's details

Click for a larger image.

Please note that the name, has been forged and that a “throwaway” execs.com e-mail address has been used with forged details inserted. The Professor’s account has not been compromised. 

The message below also serves as a warning and should give you an indication that this is not an email from an @sun address. Do not click links or open attachments unless you recognise the sender and know the content is safe.

CAUTION: This email originated from outside of the University. 

Additionally there is a standard warning from Microsoft to also warn you.

This is a spear-phishing attack where an institution is attacked by impersonating prominent or public figures within the enterprise to gain access to the enterprise. The targets in this method of attack are usually subordinates of high-ranking personnel, to fool them into sending money or obtaining personal details of these personnel members.

Keep an eye open for this scam, and please report it to IT Cyber Security if you find it in your inbox by logging it on the ICT Partner Portal. Fill in your information and add the email as an attachment. Your request will automatically be logged on the system.​​

If you accidentally clicked on the link and already gave any personal details to the scammers it is vitally important that you immediately go to the USERADM page (either http://www.sun.ac.za/password or www.sun.ac.za/useradm) and change your password immediately.

Make sure the new password is completely different and a strong password that will not be easily guessed. Also change the passwords on your social media and private e-mail accounts, especially if you use the same passwords on these accounts.

Contact the IT Service Desk if you are still unsure.

[ARTICLE BY DAVID WILES]

Email

Tags: ,
Posted in News, phishing, Security | Comments Off on Spear phishing attack using a staff email

« Older Entries
Newer Entries »
 

© 2013-2024 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.