%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R 13 0 R ] /Count 2 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> /XObject << /I1 12 0 R /I2 15 0 R /I3 16 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text /ImageC ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20250714063149+00'00') /ModDate (D:20250714063149+00'00') /Title (Report 07-2025) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Contents 7 0 R >> endobj 7 0 obj << /Length 3306 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 78.170 521.469 668.564 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 45.266 746.734 m 566.734 746.734 l 565.984 745.984 l 46.016 745.984 l f 566.734 746.734 m 566.734 78.170 l 565.984 78.170 l 565.984 745.984 l f 45.266 746.734 m 45.266 78.170 l 46.016 78.170 l 46.016 745.984 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(EXTRA LAYER OF SECURITY ADDED TO CAMPUS COMPUTERS)] TJ ET 0.400 0.400 0.400 rg BT 61.016 664.909 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 664.909 Td /F3 9.0 Tf [(February 08,2021)] TJ ET BT 177.584 664.909 Td /F2 9.0 Tf [( by )] TJ ET BT 192.092 664.909 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 637.420 Td /F4 9.0 Tf [(Cyber crime is a constantly evolving field. Even though the majority of viruses were created as pranks, it's essential to stay )] TJ ET BT 61.016 626.431 Td /F4 9.0 Tf [(informed of the various risks that exist on the internet if you want to stay safe online. Here's a breakdown of the basics:)] TJ ET BT 61.016 606.442 Td /F1 9.0 Tf [(Malware)] TJ ET BT 96.530 606.442 Td /F4 9.0 Tf [(, or malicious software, is a catch-all term for any type of malicious computer program. Malware is the most )] TJ ET BT 61.016 595.453 Td /F4 9.0 Tf [(common type of online threat.)] TJ ET BT 61.016 575.464 Td /F1 9.0 Tf [(Ransomware)] TJ ET BT 117.032 575.464 Td /F4 9.0 Tf [( is an emerging form of malware that locks the user out of their files or their device, then demands an )] TJ ET BT 61.016 564.475 Td /F4 9.0 Tf [(anonymous online payment to restore access.)] TJ ET BT 61.016 544.486 Td /F1 9.0 Tf [(Adware)] TJ ET BT 93.524 544.486 Td /F4 9.0 Tf [( is a form of malware that hides on your device and serves you advertisements. Some adware also monitors your )] TJ ET BT 61.016 533.497 Td /F4 9.0 Tf [(behaviour online so it can target you with specific ads.)] TJ ET BT 61.016 513.508 Td /F1 9.0 Tf [(Spyware)] TJ ET BT 98.033 513.508 Td /F4 9.0 Tf [( is a form of malware that hides on your device, monitors your activity, and steals sensitive information like bank )] TJ ET BT 61.016 502.519 Td /F4 9.0 Tf [(details and passwords.)] TJ ET BT 61.016 482.530 Td /F4 9.0 Tf [(The world of cyber crime is very similar to that of technology. Every year, new trends, breakthroughs, and tools emerge.)] TJ ET BT 61.016 462.541 Td /F4 9.0 Tf [(You've probably noticed a Malwarebytes Threat Scan icon on your desktop or laptop \(Figure 1\). Don't worry, this isn't a )] TJ ET BT 61.016 451.552 Td /F4 9.0 Tf [(brand-new type of malware. Stellenbosch University's IT department has added an extra layer of security to campus )] TJ ET BT 61.016 440.563 Td /F4 9.0 Tf [(computers.)] TJ ET BT 61.016 420.574 Td /F4 9.0 Tf [(Figure 1)] TJ ET q 57.000 0 0 69.000 61.016 340.376 cm /I1 Do Q BT 61.016 322.585 Td /F4 9.0 Tf [(Malwarebytes Incident Response is the trusted standard in automated endpoint remediation. Unfortunately, with the )] TJ ET BT 61.016 311.596 Td /F4 9.0 Tf [(current environment, some malware will return after removal and Malwarebytes will prompt you to initiate a restart \(Figure )] TJ ET BT 61.016 300.607 Td /F4 9.0 Tf [(2\).)] TJ ET BT 61.016 280.618 Td /F4 9.0 Tf [(Figure 2)] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /XObject /Subtype /Image /Width 76 /Height 92 /Filter /FlateDecode /DecodeParms << /Predictor 15 /Colors 3 /Columns 76 /BitsPerComponent 8>> /ColorSpace /DeviceRGB /BitsPerComponent 8 /Length 5185>> stream x\ktSǵF/ےmɶdlW` !Y-)I [+5Y -mr聾N&8i5$-4ʦI'8i`2`C#[3[XG6v[gyIsf={{F&uI$ Pp䶒\5jWi@B*- tO oi0G&yb^:HP!1Ji2t49_\ `N-S7$ܨ&_BBB+/z5=%oo)$ @BX844$WBV ~63;Z#~IL %#-l+~BBEzNJT"MK$ݓa͕8^}ڝϪX*qGfDmA1]H;b9%8R(7g4{d4CGFud”rN#ҧʋ0ҲYgtag7,.LONە̒XR27Ǽ[H`F,}pм +Id D+ՊېKʒu0LxM$^z2BG _ b$ԗ 0ⳋi1%9)&NS3$gV/glJIʍSsf'4_LDZd}n?1gMXi"BI]-H_)wҢNK2'-AQRX~cK/ydFi+I'pVkO:6^v;thP:4(jzިڬ '~Q$BS2w o2zu,]-, kj;lK+#Eܼ! p,^̟| A њ4H} ~w֝ ]9a9KRuNX 9xo=hvh_dU9" zc+|cKK q._3;b夾Ǽd J˩p/g- 4n;pS Pb/[38c^i`CDJ3U{23.!B`Lÿ yhv`KBiO%Υ`Y/REfDH %äX!. v+Ҍa!yy Z*lqWw.Iі^Z=sftЃLU29< q,_'?zWD_]DB9T"_udB9TJ]ۋ̞ cg N;4aXF!^4g%Aʲl)eYJYJ)Rʲl\_韟CĜ^&.N`Ǚˑ|)0h5lIp¼3|1:sLӇ@PշGC vNR.\q>Bzn\.gGw={`;iꫣs҄ v8sYʔR<(,YէBǛ9[5J F%)FJA6kdHU_q3GF*BP6Ɏks1QM&'N?4V vZvyk7?FU9C A!)&d>u1> -T,JcC?zdy)U4IVeѣӯ;pC C))sPEʫ.&q sL^}˩<~Tyť3ڎAeN`BI eӆ%եޑA&7' !O?;)B)e6v-\Z}Wd.˻%ސB _JUa8$RRtΔ/~?xV&M&q*WO0n^KДLYeYR69lO3C-H_ ycqL/{K\A F;_IҌE=ۤV4` 9 q4*54P+W *J5=oF&샍?Ku mWe7wZa9a5n* Xhw'8RE ijaYmrw7@H^zZA{3_fcp?z0؁!\hC\;!k[*m-J lt*#lp9IE,R*ƞySVزIͨPjӁ^=Gu}O~a]ຮSljP-Zni.{n-O2-YmdfC۪K7ͥ[n5qql cݲnYDVwBqkGv]OYgCߺ\ԊzltF"}*ηAU$I4sJm)C'3*gmG0>孚x?q .R_G­f[|ӹ-ƭ9}W`5pY6 /, եc~GX-~kZ~!m=J $_Ye|4PiZcg`~4QjҼkJ歷6>ZE}We. 9T um tr)dejRJʬ1, Z(5pM+a~TNa <5G^:Iw%)ң5ͿL^@ NJ5؟7l贄mG[+:s a:Tgs*+PizGҷA ӡNftzCLsRO A듊h5 YHgK(%l_ͥ0C*5 9z4b[? Gw]k>ኚh 0:$q@C'2_.D0N0NIvR f@ErPKƫf00(c#_x>)J J5tz U dswI$gWҤRQ@*2MHxrKT/gzqIq%jt?n\$Pr-K/X?y^Q1)ܺS{Ɋ=MZr#_pvp⦲ڀvSJʲ_X_8|X;[7G)\]H8AN3K'J/;O⮏[o١2L9+w=ʍǁ"S XSR/0w,+yi0La ػ0e*@uӠ%CQN",=oXs>,Ӟmy~vli+?e}=s}sy~cVkOCI vzdӰY)t_f@48R ]); "@t0#4gd3&Ju$ WXNa:J5-$@$+DPJbDE*(Չ!JOB A@W\3u,8cU!9WMt"@^d IB̂aըo?0BS-6̓ )(⠗2$td Y c`&iLt endstream endobj 13 0 obj << /Type /Page /Parent 3 0 R /Annots [ 17 0 R ] /Contents 14 0 R >> endobj 14 0 obj << /Length 1413 >> stream 0.153 0.153 0.153 rg 0.773 0.773 0.773 RG 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 458.539 521.469 299.445 re f 0.773 0.773 0.773 rg 45.266 458.539 m 566.734 458.539 l 565.984 459.289 l 46.016 459.289 l f 566.734 757.984 m 566.734 458.539 l 565.984 459.289 l 565.984 757.984 l f 45.266 757.984 m 45.266 458.539 l 46.016 459.289 l 46.016 757.984 l f 61.016 474.289 m 550.984 474.289 l 550.984 475.039 l 61.016 475.039 l f q 225.000 0 0 182.250 61.016 566.734 cm /I3 Do Q 0.153 0.153 0.153 rg BT 61.016 548.943 Td /F4 9.0 Tf [(This is because the malware will sync to your browsers profile and will be synced back to your device after it has been )] TJ ET BT 61.016 537.954 Td /F4 9.0 Tf [(removed. If you are experiencing such daily prompts for restarts by Malwarebytes, we suggest that you log a request on )] TJ ET BT 61.016 526.965 Td /F4 9.0 Tf [(the )] TJ ET 0.373 0.169 0.255 rg BT 76.028 526.965 Td /F4 9.0 Tf [(ICT Partner Portal)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 76.028 525.814 m 148.550 525.814 l S 0.153 0.153 0.153 rg BT 148.550 526.965 Td /F4 9.0 Tf [( for a technician to assist with further remediation.)] TJ ET BT 367.438 506.976 Td /F4 9.0 Tf [([ARTICLE BY BRADLEY VAN DER VENTER])] TJ ET 0.400 0.400 0.400 rg BT 61.016 488.487 Td /F2 9.0 Tf [(Posted in:News,Notices,Phishing,Security,Tips,Training | | With 0 comments)] TJ ET endstream endobj 15 0 obj << /Type /XObject /Subtype /Image /Width 300 /Height 243 /Filter /FlateDecode /DecodeParms << /Predictor 15 /Colors 1 /Columns 300 /BitsPerComponent 8>> /ColorSpace /DeviceGray /BitsPerComponent 8 /Length 515>> stream xA 0 =fy9뀟\- endstream endobj 16 0 obj << /Type /XObject /Subtype /Image /Width 300 /Height 243 /SMask 15 0 R /Filter /FlateDecode /DecodeParms << /Predictor 15 /Colors 3 /Columns 300 /BitsPerComponent 8>> /ColorSpace /DeviceRGB /BitsPerComponent 8 /Length 31839>> stream xwt]ǙYU72^~D$, l===gwfgfsf{LmwOo-K,+ T(b3$2rjx EْaIwx$n}K}XU!Gbbių]Z*9B|W EKDb21:AQz.0뎩&&sgPB G1N侉pC۫~B]T}DkM=R#WjA-Yl0)j䗿P1낏>θDQ=kβ\Bay!SC]UKH;΍pJr﹗W QѹKsBHQa Mw.BmK1nKA SV$a yXA4}U=sPȶt^44ڗ.g7?d9_7[nWX!0&Kcdة!GR щMe*<BIJ|Md>" Db3jPoT~{FTd!ǂR8޶ݶlJ'Fl ޼־LfSv BB!HSQcPgMܗ˿8! EDAY7Bz .\y3Ô#,_B&*x@[[6OM‹8Ftx$B EAa.w₀MIIJt^;o2 Ҍ:߹~CiMZydX.L !`JC^" 9|aS'lKڃ? 2JcO0^ojGZ&=5S>] !_gRik}Aj"BDSٖ-O# V!hκE3T KN.Z#EAD3|u5i->8ξl9hHbK+cM+>I48־tu|Xz{`qQۢ|]=m6^ iڵ:,K6jsFh]z{M2  mKڱHSb̖<2K%$XVa^bY(eZ[5G.Z|z6GD N5n૪ђbW'xjc=id4U[,u%Dp s\e[h*F}en]R)bSs7Uqw7YhyHh+Ji-\F"\6@\ETEhh?F ùz evMYRZ[k7X!.\iiiQ}܇EbWq%@llV46i[KK{"+(Mv+傡AQQ}g c/a}bY``~^jLJZIJ'm[D*+mZ|smFDFKC.. yFg2|MMvO/9Ml\(z.A53 B_Yxk0\'{L@Q*w[lz\vFO$[XͯcVMĉ:Gs F6N+z.W:v:46CZ" ^:>wۃuGhTqmҲ[,Jg%EKhэĻoW,ͭB}(=o{m\2AbU[Z*#+Z"SC,g[DfǏ} ŬOt=#wS@R<00s\ (.hr3 e9׬BRo/qW NH=P%*쑃Ro!KwOt)R͹~Q,wbNJUz&8fH%Uk cGAz.D}:k'r9֮ffrWOis.e9; 5um CA5ײ@bg' ږ82+ie:h$h<$WƔhqHQ,ð-i{vnBX>iin>x߶l9+V:V2  C#)?ep7`UzTTFn4$ e"(--ƵzA\YQ(0.wyy_hlt-')dHe ^C!צ hXCxful`Rx`̸LEei`@RIv8 XHhT̾ݬcij47;:z+V&k8ζ=(Q}7FG ٷdȫ*hD KVU-NFvyxF_'茖`, +K=@uI; 禭|Mų]B:oJynJm0 .o;#uz*^zAOOڗnmRP`>56& W|N+Ů.RIz2ʉ?1 HѴӅ,X;o[[ZŲ "1 ıX>DGoY [[[ĖV)Zhh[v; iD! B7߰-^v˼56Ƹ+R;>*0!p˲cjd.Ay- 0q=6y-b{{ǝ;r_w}#Ӓ ->D;]ۗ-,%j$uߝw7]g_r7lFK%CR),K呰P?ϽiwLt`lj2%ݕxg.\7N.\ P}F> 3$۬[o'U55ep@OMÊ%T.\lm[iZM}]{sFXS^=K}=q<80;z.Ԓ-G~wW([Ƶ~ OF͔ڌ~<З?~lj X%P6;_Y%j,WWSV<88 cMC/vmKTjhU5cy+ _]CX `Y2)'Z!F WUM-Pq.\I[D 깜<4eC!C0JD7( !McE|n|~h  O|)Nyp"WUi22- ^@K&3:6|ef**z>Fl @Y,R_/4~X #T W"#( 4_UM;N3n7_]%IK&@q u, ) ERIFTۿ;u,I9 Y@g DiZE W`Y6J%Ţ<ЇU X@hR?ZΎ0;\?'l^`Οo_J/9aE,KY,F02T &fY"5#S|7[%l(d[z[S'G~/J4zYig0-*gN8gܿ!Ly .=3a\Po:k?(~ {%7)JxU2X*+?G;]RPSiL)c\+?mtwM1Ri}Ϛ+=Bp( k0gJe J 빜^('_"x=}z&2J)1t?@t=wPY,ˆ"ϵ8_;>gcg2z&D cK !Fd\qd8!D33V|-(Ǿ&&s\0d_B͓f&&s!EUiԳ&&&d̉9TB9TB9TB9TB9TB9TB9TB9TB9TB9TB9TB9TB9TB9TB9TB9TB9TB94l'F;!i{9IJu'!z> w$_g3z6KU. Xd~3}V+F5ulCә!V3{vR [h|}|B>+z*A.tG ;&3ec0rM:rB t\zK"`]W"#QC2{?a F9/sQ,|n/#Df3uʏjZ3gQ,I7<V.s9@ du'!xv,B^)ɗHK Ӟum] 2~5MlOY,SCv[ljSR|QcBuͦO?Ʌ+ gmKmcelTňaP i(~? DK1^i8`YƲ,#~tB IRGZ& !d<>.eJب@h hTK%`(tJjJdKSQa\Vh>?(-w_U2iyhqh%]8%S'$5LZFP6;7^ BX!E utZ..(#FUVbIŠ f,uexH/`HK$DZ @i@xY41 -P1( pJ-*>% zs' iCKʾDzS:6xDQ Y.RTI~&$McE){d**DK%++%ݿ\z1 L BW;Vݝٿ׺hqfn(׵ B=olS##0e?x={ú;rh_s]wķf[.pd]%>x/#G,k_*wp'|ryou&2wJk5+?GYm;ܑCJ4WV]%sCcq\l G; ?oRN鏝6xn5+Rig/]|[jl,5d[+nڊKVdKCc[=Z.sZ*yITO7SI}旎k+Cȯ}?7K/vo>ouOO}@ У₶sZ"=҅ssΝS>yXm CO| {v>sZB)a䗿p|1jB b!x?@yI5[[K)(]U~J ,+шקbI@~ W`̀ 6D}:rd޾T<}q{ACv|8o<@t 1^a`E%!rӖ%TĻo&67;XS;?JuuXUn%-[A ek;oGζݳb ڀR}ֹÏϟK}~❷@QTb-ԒC^yY~''?ܞxWbUQF)ŵZqA2g<4DV9X\kji:QE5=ʟ찵/.^R:=Y?hd7ovznնxJ~?`IkFǚF=ÕU)%'m =[o%nf낅ֶ6>4捏D%XSLXSȰ0oλKSڹC\FW/3UBiRυ}XQ(EL>)Jl]\^lmE?k e֧v~=|r]2jD-Ħ&yh({'pЭmBO|@41Db**BO|Ghht*o/| al8wضiƹ~gj"Q:%7_XFo(Pjbso^mrypt[&&6J܆$ٖsp™3+mK Np~?R;A 3YQ:Az.S"rWF 6 rM9VM@S0r9=@yxà6J`]R6kxLK$EaEGUXW>) ҌmRDi)`\nm ĦٳJdJkXU^|^KVٗd~JXX3wܰqj wY߱jsAli44k8yRvXWB\"ٌ\|=<΢X  yd>uBmEyK)Ҩ M: iiFa\刮cY,X<,wAz]F4CYD.A,] B BbU:%X!B(r!  :@,u1hln Yƺp}rЀPS HY,# d}~.z)ͶUp0_YyEz Pv;"5@@\ v=76<(KK i-ϣDQxHQȰ@㑔8ODŋgccw,vuN'4E& VkmY-z<ݙx7m}I3l\) :gW'xVY(rR.S1_u~M^(Jn[W).ӈ&?@眫^@HVq P]sicH4 1uB"DYbK+SQ,}r-(WW3yqA}J.\ȇD(պpPE[)b>u|eMf.׵yBi[N;\0d[cBy15. 4t3S\8 XgB3g X 9&&_M9@.\dHRљ,^pt<~zIypжxɬ;~U]'uHEP[[ӻvZ .b]vv5K}Ėl[#C'8NŮ.J-M!1՚DM 孭MZJtĹ.d%i.OkߐZ=[o{E'rbXmwB&U:z&|K7cE)>hL6sz۲ضW':B L[o>h?4/V?%$ٷ'5DR6g9ls?\>LY"+{gz.} c-Ւ VS\RC(k}D}:wи iv85Bq_U!4,y?]pp%Q|XG (EK!NjxL,SA<d~D@ CK&NQeҴQ*i8xaYRc1.O/] QCjeLEEy֚Jvir{Mٖ-gOEyyJbѐJ\ѹv4[SВ⹳\(l_;m pX깠g3|e"@sG{u-o=yZd,M#QܮFbsKT-"nJ"``ijRZ"ak_*kDѺgtqBᡟX?we E3?.tA,Wf-݈j\wwCc/$.i/=+^omK .8~jinr2ӿ45W_BI}nTDZ歈e&y[K& Bx<p1l])b>ǚ5Ȱ::fJY XI蹜Q(pMa$XKŌg0J纥Ǫ|l !RsGep<22l_x N^y|ADB0y5)mr?.h tjbƛł%iƒ (R_O˖o‡e!*Ѩ"3'1LhE3{Ķ8WW[.ٝxs}2£(VNΜ-eOЈEF`+^y5Z2!:7\#6;?ub낶̾^a}>6{EXq y9zs0 4)f!,5mг=\nٷ2.WGFKcO^OJz;#7=\6Hr)]QQWzT Wږ.㫪h!C[Q6+UU%69v%+h-3|qDU2{bF{nŹ~iߧe:׮/v3׆@??C5kt-]Ƈ+}}Y/1aq3 ) D&3 Cfh D*uwYZZy 7aC zA4h22x:>el Ů.5Fl]ÈX־4w} ki[hsedxW8yB-\SBmQ6F @ >?y()/\:ĸ\|u-8jcR<эq ȳ 0~!ɨ1 _C,kX\xKfָą+1_gVJt+ ŲXL)UxKK<1u$6rFhz`)x&ABpyF,O1mD ø\q>nm[ٿ/ֶB隿\(|yhrijj!=U|Oe!АWW_:5!?X !*q qi  IxϜ0\F&g&(,46UGkw{!wo7 (%d>y}R<{VFWN(䋝[.ljbJSBm]rcGېRp^*+`PϤ!M+CF.Gt]!S^LYL ݛEy*wpdXTRɲ7yhPv-2z:=t(W^G})BhJŢpz.¤!VU#òL۝ߏhs˭|0<iBsV_p:6j*_sͺbOZg)\< R0^gB-[.޽(hI ݵzBaOU>^ub{9- M6^ (*k'm+hWߞ病/J !8֮|..ܴպpQy-Yi} $B]= A)[OiwbXv(fc:vn sf\0&̫MͬW1!EsQ*-p0lA|U <(eɃbqn WY i{f-eyn}G[5P4P(: /& &W%AT` )jbXQ E]Η%QTx /vb&LHQ& 6L}V&.[^.3Eb3 ռ|G0# PW,G_Zhw>:޾_.>E S47/itvSUmhhDkZKR$)L2tf|J%):}Ξ;Dq^oo: G\WTjj*OjWq\YBH*I$S QVWYG⪢z<9ӽ}nXo[T&٬^_CӚ'L&+D:y5MD!O-T*L0&_fs޲ee~``v ZtT*c^\5 Jɴ(Z J4d|eMSu``0 nA bt4f.7l>O D^AJ%i,TcX,< YxWZk8l8NjD:4]dU;lD*6CQjX"_(lրߋ1%(f٬bF+KLvNU2B0ͻ+<Ǎ( |>6/.¥iz6(*XEiZXIX,^*.O!1Ǔ;v  MT&HZEccq@0h{>afz(!ehfY9]UM<ӝH$*C>pשS]{ 75}@UUɵ׬mkkٳgR8r'Nзw!eO>(⡃>z8ΛꪷoߕNgec?0[ʲslkyPxs{ & qSΟݻcBأi:dK:| NXppɒ;E"Q@@2xӖ͙ln۶t]iܹy3Xu&)zT煞}Z,ϱv(7A+Wϛ8Ƹ{TU[_'6oڰhQjǎ"3Ys[1o~""p\n׶mf29alq8DZ˖.fXzt4GS錦jskKsôBa8fb{k;i[ljj߿4M|oS'N(J6lXG{Eex8R[WT4cY*K/`q,[]DGMV\z}C_z*Lҝw<E /i7pX,~' $IV.s8xPȿrҎ{ljFco}֭Fmܾ}W6]׏?)Z-[nIJ qv~/P}@Twgfef*+7 ۶mq^}O8?ݯV+Gf}WƁ>?s[߶mcw /o=żwz[ɤ_?pl666 ]kmj5@xKZnܸU\fs^'do` \ _0̙K.57׎Nҳ6Y75^y9Nx2*XLG*-t$- 9zvVV::/]jrm7;^R!^ܳO;ECc?rc8c~so~k;o>Ƒё N EvزiSÏ:A/xz{wπd̥69EMMo,//;wlٻg{'_ٷoW|f\.vZ;wn4NE+*J׭vO=e||I3UEE7ޭnX\쮭Ͼ[67nۺ!˽AE96ݦP(Hm6NM&CCoRB!dDL6˪T h(f9" /++p {l788/ L(^~]Q%\n SS`0X,0r9-Qj>EoS %gHi5l6'Je㽽J3 ɅElW+*TJ~%?tw=wes76dFbhp{ ia`x_P_P{{W6UlVTUF>2:hZf9^ύOLT:6aMu޹}Z V1iYzv-FRzѠz] `ЉE֩鹁X4x"Xb1UVt:mQu> P]Ui|ŭ|s0 zREӔJPڊ,%%Fr9C#Wsss LVe2Fw(KE!@P A!$A fqUe'&{䡃{kk*}l>OI[**|g\}X6_a|.KFEQd]]塃Ok*A*<(Z,7|bzjՕeL^Kcy6q6l0]ow%|>)8=F|:дlu4388RWW؃5 [6/[:55ZblܺuCYY1 0Qd2%(dlEZFEcq#L$S4-3 DB@"XGQX(B˃ϧ| $A@Q Mvmz@&C8e2t!IIg8iZI! (m(c(E B?otZ\N/CaxAg2Yrr,S;{.\l:|ijpgl[j(Qr7ۻZZn{橺P(,64}TV%B K KGB j?R*Q鴹9M$B'Lƍ[uuU&?ofj 0PTuAeEVD2Ĕfx7nv {|>/R( PFp?q|UEQ_Y1aC;000l0A{s.gX,166YQ m Fch4*uw;E2g7nv֯.YrbjJViABDS!L3LSsNೳd2k4ꓧΫ)va2#E*Ek*ϞD(AiyK!㝫xׯ+ZRNt `JJ<7ov?qčhpy9<2FQ㜘Z*4(/AKGw"dho着*p:?#AN/w c\./j4P(RlCО `y~\˱TRGoi0x~r!'8~I=@ XpayRB TH7|!{R,T'-Sl+$)m6]$ɜ4øB#Fe'dY"!u%B '"X JH"PBbyEH$G&Y]<)6ֹ LMCO'MMd%L3LwM-. dzfԩd I"J$&B2J&S vR` 0_dW/5 S. gp8N3 N\Ԕy\ }5Lvzh)T2,~L%'c2{Gɽu"rW寸I\vY)D裏}k#Gp<˱d;+Z/,cEYq V\Ok 8jjd^}A.Ud23P^^h+b?;0 p0F!fF.э(;b8òl_M֯S*}}CccA7ج@ 8NOK}ŴM (25=jk*Cc*rqq꿩:"vmu##F~}ch ! 7k4ƏOL_ڪoXըs\ީIa,8&Ɂ3L&LvttPk͛ppPݴqf?08Bt}}^eYvaaQ…&\nͩTv>Uה>J;8jٹl.: uu1Ltd&&FæM ۽ӳZz}cV"da`04<<:*FS*ƺ厚 =&SQ3/\vA7Y,i{n]-|Vϕ@Pt`sl*#I2fslUU,X޾!Z%eNMOKJp` M]Ǖ篷ڽ{^EW} nig=ժ7ǧ z.!duTA&ąVhuucS2tbmDgޙH2A6oYesbjn~` =;dM&#'?}}hx,O㉺d-aI*"@<8Nh,q}q1|<`,%:H{Ѩ(UJAFb /1;VeJ)z-9yj6g^Z 0MzۊS33e>b0 w+rGiF0E y2ZXb8,E+xg'LO{D"9=3D9AL6t:f.-ؾ Bh*mW00099EEP_[WW p\RCDQb1:EzFyN$S闿l[ۭ6_ÑXK ;/]jY0 Ģd2e1m6ˁ{45sE  TfliLClUSA"GF'ZM%VQ1fdxXXyy|6+[& | . "Fd2ByР׹EѨs9w>ܿoW}}͹sW(Jn]- v:ΟcBA.W5CC#y]QPȟ{n"Qׯ{~Mi4Gl慅E͢RP=uB)g KǵZM[[| :3g/ @hlO3 DP ʱ>ը-V֭.\h*)qc&ێ yĉk"+a4T*,c;;`2N+**NZ˲sxT*Lf#ŰBNx-,#-nkHē A 9^ ¡PDC4"L`AD a% Rt(mA0hd2 ˲z XLu:f1eZ=7 !ID{[_W5Z ï~|uE~Y,^{63fܹhlㆆu,BDV}ʭ_89PU ->'!y$ >y.ѴZa2h$n6:]A/ kGD'Xc$B %$Ik$B 5F#PBbD(!H"Xc$JH1%$Ik$B 5F#PBbyU14xOX rޘWE6P(_V8|>S!% A0 3LēF6 ]~RZ-ⲓ_%$3o-RjHDZ%!"uGIdMEzJH1%$;HGJH|mD(!HчQAO!jRQT*M8[H|Ez>: s;S3LfphzL>ϭ2eϝ:66T+C? pM6L&h2oy/;Ti-gj{CC(KNΜ;T*B{6_m]HJd WRh+NqR%JіU;FˀMD|14 m6DH$^~"gN8 ]xpLww?c`E={V'N zrrZ8hsMZ955xCCԌ\A~7tX,NӲwz!?CȕhZx~M֯~wEd88P*<'I |ejw3G7oj(yM&ի48EPd۶nD?T 󅞪 4-i8Ah-FiQrujʟg9V]U3 EJs_ATTT\|ɓ4M?S$((]XAx5ռ.Z&̥L&+FrSl6P*1 MM$>CK(K:ɱ,PGA2iP0LV4  ,Q@.:-(8巔<,L&Kilm 0!" q4MpԊ=E$!DDFQ8Pj j@V*C*Nb,!xȾýC< &V>wjYYqssUUK;/wf I @P)p6:u2nnn3.53L@j:;{nu]򒖖(*L6[[S100LQT.yA藊5mVbK i2'&fJK*RAl!q$I'HCa\edFMN;ٽg +f?{UVUv77]o޻EQB;TJDF jWe2_Wג$+*U A:n=7:gj*,M[[MFpPYU 0DQduuU@D!d$ar9o_͛̽wf ڂ`8FI0 A$0 Q$ըyRbeh,(&@!@ON8ϗ+?384\׽u1" $E DQ\:#$IHx4YM v9.ǽHw_v+gc:/xP/ kzA<ޱ}ӎV?񳇞~Ӆ$?<ϯfEcS. V1q2l.^HVm+8Ѩ/*(XQE*rNej5(@kviW*dj5oPv5u0@Q;6Q jE6+(ڬv;rY"(+jՅ71vLѨE6 UJF:YbJRZmMbpNU*սB-L & ,ˊfdm% aA>%)wr>ԟwYDp @qeEN'&&lLxaYvqqnc_#z6}聙v1?ZjӒz`Aό!yQ<H*($J|H"Xc$JH1;C -$z$$6HO‡@zJշIeL&#YHH"\(4J:#_'(Z,m"E%ϰ\fkO,V GBbD(!H"Xc$JH1%$Ik$B 5F#PBbD(!H"Xc$JH1%$ɋ Cl6d:#k"aY6N?^`84@I_< MMMƏw A8+//x<+ ! #9LʵcEX,{uim۞A@jvDE!T*&i3Xy^P,iH4O^:lv'$!D#PBbD(!H"Xc$JH1#B<yC T:fKf(_ip烩4 \4 *_ V9 C|`S)B*NZ$G*#"p8_R)'jk+{XSSanKC ~\((/%5A~B"7i_tF'aZ=}EQ!7?+$J ݎB%Zn(s$E swx 嶭:Ξgbwau2kӎIkLe2 O_:v||(mY6?22CQqA7\.J1 uڲ1,E^bfs*baa10nq"GGSlE=)<v ·F՗_HS#pTUh64n7޵m Uex6M>_1aҩta ?9EmQUt #,61? vuaVUUfl6b<%p4]U]Vd ?565Iyrqlǎ-JH+:.\l*++Y\ ~絧̥?@s!GAـB78:08h.{CɨT|,56Ŧ@0K[pO;o>xp1Zi_zХ(]W[/_fSԟ~7o F\.C8yNJ)jv⟙;yܫ GBWwWxE w?JWob? _l<,Ik0Ó7o[l.ѱKKkSS3?--ml.k/|^^ L\._^qV*ͼ z'?}.㣏NۋmƆD2UU]W166}C55_gv۹sϜicCQ14z]iihmk8q\IgphzѨ߾}6onid2R_꭛׭NH8W'bFۭݻj>yjAPYz8[Yy!h$w4-;|ȱcۯP.xp199; B`n_ ~"{u*N;;7ޑ[zJd2R)7 $I:muu\.:p8r%%Ag1&&gk z]xv讝[k4C֛4gH$v *s8lX[[8ᱺ*F !dԌa+)PUTdZ--T zڪ?ot'{wtIrB~j333Gqy$7oDR)u%~a3CCCssskNJ DS(BSN}]L&aj&0AD wBhrJd2px5 Q!dZ^DEʯgitTBbD(!H"Xc$JH1wDWxY5L Arr%!wgE'm7c >O !!x`8 endstream endobj 17 0 obj << /Type /Annot /Subtype /Link /A 18 0 R /Border [0 0 0] /H /I /Rect [ 76.0277 526.1326 148.5497 535.2901 ] >> endobj 18 0 obj << /Type /Action /S /URI /URI (https://servicedesk.sun.ac.za/jira/plugins/servlet/theme/portal/6) >> endobj xref 0 19 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000361 00000 n 0000000398 00000 n 0000000536 00000 n 0000000599 00000 n 0000003957 00000 n 0000004069 00000 n 0000004184 00000 n 0000004304 00000 n 0000004412 00000 n 0000009839 00000 n 0000009923 00000 n 0000011389 00000 n 0000012149 00000 n 0000044248 00000 n 0000044375 00000 n trailer << /Size 19 /Root 1 0 R /Info 5 0 R >> startxref 44492 %%EOF Tips « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

Tips

« Older Entries
Newer Entries »

Cybersecurity Awareness Month: Social Engineering – The weakest link

Thursday, October 25th, 2018

When we use the term “hacker” in our day-to-day conversation, we tend to associate it with an attacker who uses their technical expertise to break into protected computer systems and compromise sensitive data. We hear about this breed of hacker in the news and we invest millions of rands in new technologies to improve our network defences.

However, there is another type of attacker who use their tactics to bypass even the most expensive and effective cybersecurity technology. They use a variety of media, including phone calls and social media, and trick people into offering them access to sensitive information. These are the social engineers, hackers who exploit the one weakness found in every institution, also universities: human psychology

Social engineering is a term that covers a broad spectrum of malicious activity. It is a means of attack that leans on human interaction and involves manipulating people. All the methods listed in our previous article use social engineering.

The object of a social engineer is to convince people to bypass or suppress their natural reserve or suspicion in order to get access to technology systems or data. For example, someone who calls the secretary of a department pretending to be from the IT Department asking questions and getting them to reveal sensitive information such as login names, e-mail addresses, WiFi passwords, etc. They are in essence con-artists.

Whether it is through a phone call or an email, social engineering attacks are always very effective because they rely on the weakest link of security – human beings.

The best historical record of social engineering is the story of the Trojan War from Homer’s Illiad. After a ten-year siege on the Trojans, the Greeks pretended to accept their defeat. They left behind an enormous wooden horse as an offer of peace, and the Trojans opened their city gates to bring in the horse as a victory trophy. However, the Greeks soldiers were hiding inside the wooden horse, crept out at night, opened the city gates and allowed the Greek army to enter and destroy the city of Troy.

How to protect yourself:

  • First and foremost, be suspicious of anyone who contacts you via email or telephone and appears to know a lot about you. They may be very friendly and attempt to gain your trust, but if you’ve never dealt with this person before, ask yourself how they know so much about you and why they are contacting you.
  • If you are contacted by telephone, don’t blindly provide information. If you’re suspicious (that little voice in the back of your mind that says “something is not right here”), hang up.
  • Offer to call the person back. Ask them for a direct phone number. If they can’t provide one, discontinue the call.
  • If they do provide a number, do some research. Can you find a website for the company? Do a Google search on the phone number – does it come back linked to the company name you were given?

As a matter of habit, never give personal or sensitive information, for example, your login name, ID number, password and bank account number, over the phone or email. If the person is persistent, explain that you are concerned about security and will not provide this information over the phone. If they don’t accept your explanation, they should not be trusted.

Not only are your inboxes and phone lines being targeted, but so are your social media sites. Take a long, hard look at your social media presence. How much do you reveal about yourself to the world? Do you provide information about your position with a company? Do you share your habits – where you shop, gym or like to eat or socialize? Even the most mundane information you share could make you a target for a social engineering attack. Any social engineer will do their homework on you ahead of time. Whether it’s selfies or cat videos, most us like to tweet, tag, link, comment, like, and post online. Platforms like Facebook and Instagram are full of information social engineers can use.  

How many personal details are displayed on your department or Facebook page? Some departmental web pages even display personal cell phone numbers.

Over the past week, there has also been an increase in extortion phishing. Extortion phishing is the practice of obtaining money through force or threats via email. The victim receives an email suggesting they have been recorded through their webcam whilst watching adult websites. The criminals demand a ransom in Bitcoin or some untraceable cryptocurrency and threaten to circulate the recording to their contacts unless payment is made. Often scammers state that they know your password, installed malware on the computer and demand payment.

The new extortion phish threat plays on our own innate sense of guilt. More worrying, however, is that the passwords they have are often correct or close to correct because they have been leaked through data breaches. Usually, these passwords are old and haven’t been used for months or years. In some cases, they’ve remained unchanged or have only changed by a single letter or number. For example, how many times would I have to guess the correct password if the old password is “christopher” and the new password is “Christopher123”.

Your password and email address are potentially out there for all to see. One way to check if your username and password have been leaked in a data breach is to use a site like Firefox Monitor. You can enter in your e-mail address and the site will tell you if your information, e.g. email address and password have been compromised.

Social engineering attacks range from unsophisticated attacks, for example simply lying to get information, to very elaborate attacks, for example specifically designed websites. They have one thing in common – exploiting the weakest link, human beings. 

For this reason, these attacks will continue to increase, so being aware and cautious is the best defence.

Next time we will focus a little more on the type of attacks the university has suffered over the past year or so, and how to spot them.

Keep safe out there;

Email

Tags:
Posted in phishing, Security, Tips | Comments Off on Cybersecurity Awareness Month: Social Engineering – The weakest link

Cybersecurity Awareness Month: Identity Thieves Modus Operandi – Part 2

Friday, October 19th, 2018

In our previous article, we mentioned that identity theft isn’t always “high-tech”. It can happen to anyone, even if they don’t have a computer, use social media or own a cell phone. However, in this article, we’ll focus on “high-tech” methods of identity theft.

The identity thief’s goal is to obtain your personal information, such as your ID Number, bank or credit card account numbers, credit report information or the existence and size of your savings and investment portfolios. Once they have any of these, they can contact your financial institution pretending to be you or someone with authorized access to your account. The thief may, for example, claim that they have forgotten their chequebook and needs information about their account.

Credit or debit card theft – Many people believe credit card fraud and identity theft are the same. In reality, they are different crimes. The main difference between credit card fraud and identity theft is that credit card fraud typically involves a single credit account, but if your identity is stolen, the potential for damaging your credit history can be much greater, because someone can open numerous lines of credit in your name. Credit card fraud typically occurs when someone steals your credit card information and uses it to make unauthorized purchases. This can be done by stealing your purse or wallet or, if the criminal works at a retail store or in a restaurant, he or she may simply copy your credit card information during a transaction.

Pretexting – If you receive a phone call from someone from a reputable research firm asking you to participate in a survey, asking seemingly harmless questions like the name of your cell phone provider, bank, or even your preferred shopping centre, this is probably a pretexting scam. Pretexting is the practice of getting your personal information, such as telephone records, bank or credit card numbers, or any other information, under false pretences. A pretexter pretends they are someone else to obtain your personal information claiming they are from a survey firm and want to they ask you a few questions. Sometimes they will claim to be representatives from other types of organizations – not just survey firms –  but banks, SARS, insurance companies and ISPs.

Skimming – Identity thieves place small machines or skimmers, in the card slots of ATMs to steal credit and debit card numbers and pin codes from unsuspecting victims. This has also been reported to occur at some petrol stations where you can pay at the pump. It is not easy to look at a card reader and see that it has been altered in some way before you insert your debit or credit card, as some of the skimmers are so advanced that they are virtually undetectable. In some cases, a skimmer may remain in place for months at a time, unnoticed by employees of the “host” store and it could take months before victims realize that an identity thief has stolen their card number and PIN. Most victims only find out after the thief starts making illegitimate purchases or withdrawals from their accounts, often to the tune of thousands of rands.

Man-in-the-middle attacks – Smartphones and tablets have become a major point of access to the internet. There are many Wi-Fi networks that people can connect to from almost anywhere, for example, public libraries, airports, shopping malls and government or municipal facilities. Unfortunately, this also opens a “port of entry” for hackers which has led to the increase of “Man-In-The-Middle” attacks. A Man-In-The-Middle attack, also known under the acronym MITM, happens when a communication between two parties is intercepted by an outside entity. The perpetrator either eavesdrops on the communication or impersonates one of the two parties, making it appear as a regular exchange of data. A MITM attack targets users of enterprise email accounts, financial applications, and e-commerce websites in order to steal account details, credentials, bank account or credit card numbers and to monitor password changes.

Phishing – The Internet scam known as “phishing” (the “ph” substitution distinguishes the activity from the real “fishing” but the activity is intrinsically the same) is a spam email message that contains a link to what appears to be from a legitimate business, such as your bank, but it is actually a fake website. The email often states that you must update your account information through a bogus link to a phisher’s website and the user, unknowingly, gives out personal information to the fake website.

Pharming – A relatively new Internet scam is “pharming”. Using a virus or malware, the victim’s Internet browser is hijacked without their knowledge. If the address of a legitimate website is typed into the address bar of a browser the virus redirects the victim’s browser to a fake site.  All identifying information, such as bank passwords and credit card numbers, is collected by the scammers who steal the user’s identity.

Vishing – This is similar to “phishing”. However “vishing” scams attempt to trick targets into divulging personal information such as credit card, bank account and social security numbers using new telephone technology. Typically, “vishing” targets will receive a phone call from what appears to be a legitimate business, such as their bank or credit card issuer, and the victim is informed that their account has been compromised. The “visher” usually requests that the caller enter their account or credit card number or even their social security number to secure their account, thereby compromising the victim’s identity.

SMiShing (SMS phishing) – This form of “phishing” specifically targets smartphones. Smishing uses the scammers’ old favorite—phishing, to send out an email to entice their intended victims to click a link that downloads malicious software or virus on the smartphone. As its name implies, smishing comes from “SMS phishing”. A smishing attack goes after the smartphone via text message and usually occurs when a message is received from an unknown number that offers some sort of incentive. It might be telling you about a free offer, a coupon, that there’s something wrong with your account, or even more likely, it might claim that “your friend” has sent you a “greeting card” or message. Unlike viruses of the “old days” that sought to lock up your computer or disable your files, smishing attacks remain hidden and continue to feed information back to the smisher. Information like contacts list, email address books, and passwords are sent to the scammers.

Spear-phishing – Our last method is spear phishing. With this method, the scammer is targeting you specifically instead of just sending out random “shot in the dark” emails that someone might fall for. Spear-phishing is very successful, especially within environments like the university, because scammers pay attention to your internet activity and send you requests that look like the real thing, claiming to be from entities within your own environment. Scammers can pull off spear phishing attempts based on the information you share about yourself, as well as other bad habits such as using the same password for multiple websites. As soon as you post updates to social media, especially about accounts, people you interact with, purchases you’ve made, etc. you’re handing over vital information a scammer can use to target you.

How to protect yourself from identity theft:

  • Don’t give out your personal information on the phone, email or snail mail unless you’ve initiated the contact or unless you are sure it’s safe. And don’t feel guilty about saying No.
  • Never use your pet’s name, children’s name or a nickname as a password.
  • Ask your financial companies about their policies for preventing identity theft.
  • Be VERY careful about answering surveys — and certainly don’t give out any personal information to anyone who calls on the phone or asks via email. If you do answer survey questions, use common sense and don’t give out any information that could be sold or used by identity thieves. In other words “control” the information that you give out.
  • Tell your colleagues, family and friends about the dangers of identity theft. Awareness and sensitisation empower even the most “non-technical” person.

In the next article, we will be providing a bit of information about social engineeringKeep safe out there.

Email

Posted in phishing, Security, Tips | Comments Off on Cybersecurity Awareness Month: Identity Thieves Modus Operandi – Part 2

Cybersecurity Awareness Month: Identity thieves’ modus operandi – Part 1

Friday, October 12th, 2018

Identity Theft takes place whenever a criminal gets hold of a piece of your information and uses that information for their own personal gain.

While a lost or stolen wallet, purse or cell phone may simply mean the loss of your cash and credit cards, it may also be the beginning of an identity theft case. The return of the item does not guarantee cards were not copied or that your personal information was not used to commit identity theft.

In the previous article we pointed out 5 low-tech areas in your world where identity theft could take place.

  • Old-fashioned letters (including junk-mail)
  • The trash can
  • Flash disks
  • Your driver’s license or ID Document
  • Household paperwork.

Identity theft isn’t always “high-tech”. It can happen to anyone, even if they don’t have a computer or cell phone or don’t use social media.

Dumpster diving – literally digging through your trash – remains a popular method for stealing large amounts of your personal information. South Africans receive over 1.2 million tons of junk mail every year and much of this mail, such as pre-approved credit cards, credit card bills, and bank statements, includes your personal information. Dumpster-diving identity thieves root through your trash because they know the documents you discard as garbage contain personal identity information they can use in a variety of illegal manners, such as employment-related, loan, bank, benefits and tax fraud.

Mail theft – Mail theft is the number 1 white collar crime in the USA today. Mail theft is defined as anyone taking mail, be it a letter or a package, for any purpose. This includes stealing from post office workers, private mailboxes, collection boxes and even from mail trucks. One of the main motivators in mail theft is to steal a person’s identity and gain access to private information, including bank accounts and credit cards.

Social engineering – Social engineering is the art of manipulating people to give up confidential information. The types of information these criminals are seeking can vary, but when individuals are targeted, the criminals are usually trying to trick you into giving them your passwords or bank information. Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust than it is to find ways to hack your software. For example, it is much easier to fool someone into giving you their password than it is for you to try hacking their password. That is why phishing is so successful, often victims willingly give their personal information to the scammers, as they feel they can trust the person asking for the information.

Shoulder surfing – Shoulder surfing occurs when someone watches over your shoulder as you key it into a device such as an ATM or tablet, to steal valuable information, such as your password, ATM PIN, or credit card number. When the shoulder surfer uses your information for his financial gain, it becomes identity theft.

Theft of personal items – When a personal item like a handbag, a wallet or purse, a cell phone, or a laptop is stolen, all the information can potentially be used for identity theft. The value of the stolen items is often not much, and replacement is an inconvenience to many of us. However, your personal information can never be recovered, and is intrinsically more valuable than the stolen item.

What can you do to minimize “low-tech” identity theft?

  • Never give out personal or financial information over the phone or in an email.
  • Password-protect your cell phone.
  • Shred credit card receipts, junk mail and other such documents with sensitive personal or financial information.
  • Be aware of your surroundings at all time.
  • Tilt the screen of your cell phone screen away from the person next to you and don’t work in crowded airplanes, trains, airports, cafes, hotel lobbies and other public spaces.
  • Work with your back to a wall, preventing others from standing behind you and looking over your shoulder.

Next time we will look at the modus operandi of high-tech identity thieves.

 

Email

Posted in Security, Tips | Comments Off on Cybersecurity Awareness Month: Identity thieves’ modus operandi – Part 1

Cybersecurity Awareness Month: Where do scammers get your information?

Friday, October 12th, 2018

In the last article, we provided you with a few tips on how to create strong passwords in order to make the hacker’s job harder at accessing your personal data. Using weak passwords is one way hackers and scammers get your information?”.

But where do scammers get your information?

The graphic below depicts the world where most of us find ourselves, and where scammers might obtain important snippets of our personal data that, in many cases, is there for the taking:

This is your world

Your personal information is in places beyond your control.

The cell phone has become an indispensable communications tool in the 21st century. According to the Pew Research Centre, South Africa is placed 24th on the world list with a smartphone usage of 37% of the total population. However, according to a recent global survey by McAfee and One Poll, 36% of those smartphone users have no form or password, pin or fingerprint protection on their devices. This means that if their phone falls into the wrong hands, they risk opening up all sorts of personal information such as bank details and online logins to whoever finds or steals the smartphone.

How much of your personal information have you placed out there on the internet?

  • Over 30% of South African Internet users share at least 3 pieces of personal information posted on their social media profiles that can make stealing their identity easy.
  • 60% of South African Internet users have revealed they had no idea what their privacy settings are and who could see their personal information on those sites.

Old-style junk mail, invoices, receipts and ordinary letters can still provide scammers with a wealth of information. Dumpster-diving can reveal documents with your ID Number, old bank statements with your account details, old credit cards, unwanted junk e-mail, payslips and tax forms. Even old prescriptions & medical aid claims can provide scammer with a wealth of information from your personal information.

The modern equivalent of a filing cabinet, a flash disk poses a huge risk to the security of your personal data. Flash disks are small and cheap and can often be forgotten plugged into computers, fall out of pockets and be stolen, providing scammers with all the data stored on that device.

Your bank, your employers and SARS all store and work with your personal information. You have placed a tremendous amount of trust in these organizations to keep your personal data safe. How many people at your bank, for instance, have access to your personal data, who can they potentially give that data to?

Your driver’s license has a lot of information on it, including fingerprints, date of birth and ID number. The new style “smart” licenses will hold even more information, and if the license gets into the wrong hands it can be used for identity theft. For instance, in order to open up a cell phone contract, you would need an ID document or driver’s license, bank account details and proof of address, almost all of which can be obtained by dumpster-diving or someone rifling through your paperwork.

Finally, your computer (at work or at home) or your laptop holds a huge amount of your personal information. If stolen, the hard-drives can easily be trawled for personal information. If there is no password or a weak password on the laptop it makes stealing this information much easier.

This is your world:

  • Since 2007, more money has been made from trafficking financial data acquired by identity theft, than money made from drug trafficking.
  • 8.8 million South Africans were victims of identity theft in 2015.
  • 1 in 3 South Africans do not have a password on their cellphones or computer.
  • 70% of South Africans change their passwords after being compromised. (So 30% of South Africans don’t do anything even after they have been compromised)
  • 1 in 3 South Africans admits sharing passwords with other people.

There are 4 areas where we all neglect the security of our personal information:

  1. IndifferenceLack of Feeling
  2. IgnoranceLack of Knowledge
  3. InabilityLack of Training or Education
  4. InactionLack of Respect

What can you do to improve your personal data security and to prevent identity theft?

When someone comes and knocks on your front door, do you just open the door and let them in? No, you check who it is and then you decide if you want to open your door to them or not. The power of access is in your hands because you control the door.

The same principle applies to your personal data. Be careful and vigilant and be the gatekeeper of your personal data! Control what data is given out and who receives it. You have the control!

Next time we will look at the modus operandi of identity thieves. 

 

Email

Tags: ,
Posted in phishing, Security, Tips | Comments Off on Cybersecurity Awareness Month: Where do scammers get your information?

New IT online request service

Thursday, October 4th, 2018

Information Technology recently implemented a new, user-friendly request and incident logging system for staff and students. Our aim was to deploy the system in such a way that you weren’t affected and the process of logging calls remained simple. The only difference is our new, clean and user-friendly look. We would like to encourage you to make use of the online logging system, also known as the ICT Partner Portal, to ensure faster service. 

Log in on our ICT Partner Portal at servicedesk.sun.ac.za.

The ICT Portal is the central point where you can easily log your IT-related issues without calling the IT Service Desk. Here you will also be able to keep track of the progress of your requests online.

As soon as you request a service or log an incident or error, the system automatically assigns a call number. The call number will appear in future email correspondence and updates related to your call. This will ensure that calls are grouped together and the information is easier accessible and better integrated. 

Even though the platform interface looks different, you will be able to perform the same actions as before. Staff and students are automatically registered as users – you only need to log on at servicedesk.sun.ac.za with your SU username and password.

This is what the new interface looks like:

Alternatively, if you prefer not to use the online logging service, you can send an email to help@sun.ac.za. This will automatically log your request on our system. Keep in mind that if you use this method, it will take slightly longer to attend to your call as a helpdesk agent has to classify it first.

If you’ve recently requested a service by sending an email you might have noticed that the confirmation email looks slightly different. Your email will include a reference number, for example, ICT-123, your name and links to view your request. By clicking on the link, you will be diverted to the ICT portal where you can view the status of your request and leave a comment for the technician working on your request.

This is what the new email from IT will look like when you request a service:

For any additional enquiries, please contact the IT Service Desk at 021 808 4367.

Email

Tags: , , ,
Posted in General, Tips | Comments Off on New IT online request service

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.