%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20240926224430+00'00') /ModDate (D:20240926224430+00'00') /Title (Report 09-2024) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 12 0 R 14 0 R 16 0 R 18 0 R 20 0 R 22 0 R 24 0 R 26 0 R 28 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 6543 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 153.302 521.469 593.432 re f 0.773 0.773 0.773 RG 0.75 w 0 J [ ] 0 d 45.641 153.677 520.719 592.682 re S 0.773 0.773 0.773 rg 61.016 169.052 m 550.984 169.052 l 550.984 169.802 l 61.016 169.802 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(E-MAIL SCAM WITH SUBJECT: “MORNING”)] TJ ET 0.400 0.400 0.400 rg BT 61.016 664.909 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 664.909 Td /F3 9.0 Tf [(January 01,1970)] TJ ET BT 173.588 664.909 Td /F2 9.0 Tf [( by )] TJ ET BT 188.096 664.909 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 637.420 Td /F4 9.0 Tf [(It seems that scammers are now attempting to use student e-mail addresses to send out spam. )] TJ ET BT 61.016 617.431 Td /F4 9.0 Tf [(If you get mail with the subject of )] TJ ET BT 194.081 617.431 Td /F1 9.0 Tf [(“morning”)] TJ ET BT 239.081 617.431 Td /F4 9.0 Tf [(, supposedly coming from a student account \()] TJ ET 0.373 0.169 0.255 rg BT 420.665 617.431 Td /F4 9.0 Tf [(studentnumber@sun.ac.za)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 420.665 616.280 m 528.350 616.280 l S 0.153 0.153 0.153 rg BT 528.350 617.431 Td /F4 9.0 Tf [(\) )] TJ ET BT 61.016 606.442 Td /F4 9.0 Tf [(with the following content, please ignore and delete it.)] TJ ET BT 61.016 586.453 Td /F3 9.0 Tf [(“)] TJ ET BT 65.516 586.453 Td /F3 9.0 Tf [(We are conducting a  standard process investigation involving a late client who  shares the same surname with )] TJ ET BT 61.016 575.464 Td /F3 9.0 Tf [(you and also the circumstances surrounding investments made by this client.Are you aware of  any )] TJ ET BT 61.016 564.475 Td /F3 9.0 Tf [(relative/relation having the same surname? Send email to:)] TJ ET 0.373 0.169 0.255 rg BT 310.100 564.475 Td /F3 9.0 Tf [(scammer@scam.com)] TJ ET 0.18 w 0 J [ ] 0 d 310.100 563.045 m 402.413 563.045 l S 0.153 0.153 0.153 rg BT 402.413 564.475 Td /F3 9.0 Tf [(”)] TJ ET BT 61.016 544.486 Td /F4 9.0 Tf [(This is a typical Nigerian 419 Advance Fee scam. Do not respond to this mail. The scammers just want to see who will )] TJ ET BT 61.016 533.497 Td /F4 9.0 Tf [(respond so they can con you out of some money.)] TJ ET BT 61.016 513.508 Td /F4 9.0 Tf [(A reminder again of how to correctly report spam and phishing scams:)] TJ ET BT 61.016 493.519 Td /F4 9.0 Tf [(Send the spam/phishing mail to the following addresses: )] TJ ET 0.373 0.169 0.255 rg BT 61.016 473.530 Td /F4 9.0 Tf [(help@sun.ac.za )] TJ ET 0.18 w 0 J [ ] 0 d 61.016 472.379 m 128.183 472.379 l S 0.153 0.153 0.153 rg BT 128.183 473.530 Td /F4 9.0 Tf [(and )] TJ ET 0.373 0.169 0.255 rg BT 145.697 473.530 Td /F4 9.0 Tf [(sysadm@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 145.697 472.379 m 224.357 472.379 l S 0.153 0.153 0.153 rg BT 224.357 473.530 Td /F4 9.0 Tf [(.)] TJ ET BT 61.016 453.541 Td /F4 9.0 Tf [( Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the )] TJ ET BT 61.016 442.552 Td /F4 9.0 Tf [(following link \(which is safe\): )] TJ ET 0.373 0.169 0.255 rg BT 177.044 442.552 Td /F4 9.0 Tf [(http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx)] TJ ET 0.18 w 0 J [ ] 0 d 177.044 441.401 m 545.207 441.401 l S 0.153 0.153 0.153 rg BT 78.360 422.579 Td /F4 9.0 Tf [(1.)] TJ ET BT 91.016 422.563 Td /F4 9.0 Tf [(Start up a new mail addressed to )] TJ ET 0.373 0.169 0.255 rg BT 225.080 422.563 Td /F4 9.0 Tf [(sysadm@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 225.080 421.412 m 303.740 421.412 l S 0.153 0.153 0.153 rg BT 303.740 422.563 Td /F4 9.0 Tf [( \(CC: )] TJ ET 0.373 0.169 0.255 rg BT 327.239 422.563 Td /F4 9.0 Tf [(help@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 327.239 421.412 m 391.904 421.412 l S 0.153 0.153 0.153 rg BT 391.904 422.563 Td /F4 9.0 Tf [(\))] TJ ET BT 78.360 411.590 Td /F4 9.0 Tf [(2.)] TJ ET BT 91.016 411.574 Td /F4 9.0 Tf [(Use the Title “SPAM” )] TJ ET BT 178.037 411.574 Td /F2 9.0 Tf [(\(without quotes\))] TJ ET BT 242.063 411.574 Td /F4 9.0 Tf [( in the Subject.)] TJ ET BT 78.360 400.601 Td /F4 9.0 Tf [(3.)] TJ ET BT 91.016 400.585 Td /F4 9.0 Tf [(With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail )] TJ ET BT 91.016 389.596 Td /F4 9.0 Tf [(Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the )] TJ ET BT 91.016 378.607 Td /F4 9.0 Tf [(attachments section of the New Mail.)] TJ ET BT 78.360 367.634 Td /F4 9.0 Tf [(4.)] TJ ET BT 91.016 367.618 Td /F4 9.0 Tf [(Send the mail.)] TJ ET BT 61.016 347.629 Td /F4 9.0 Tf [(IF YOU HAVE FALLEN FOR THE SCAM:)] TJ ET 0.153 0.153 0.153 RG 0.18 w 0 J [ ] 0 d 61.016 346.478 m 227.552 346.478 l S BT 61.016 327.640 Td /F4 9.0 Tf [(If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and )] TJ ET BT 61.016 316.651 Td /F4 9.0 Tf [(password you should immediately go to )] TJ ET 0.373 0.169 0.255 rg BT 221.081 316.651 Td /F4 9.0 Tf [(http://www.sun.ac.za/useradm)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 221.081 315.500 m 341.627 315.500 l S 0.153 0.153 0.153 rg BT 341.627 316.651 Td /F4 9.0 Tf [( and change the passwords on ALL your university )] TJ ET BT 61.016 305.662 Td /F4 9.0 Tf [(accounts \(making sure the new password is completely different, and is a strong password that will not be easily )] TJ ET BT 61.016 294.673 Td /F4 9.0 Tf [(guessed.\) as well as changing the passwords on your social media and private e-mail accounts \(especially if you use the )] TJ ET BT 61.016 283.684 Td /F4 9.0 Tf [(same passwords on these accounts.\))] TJ ET BT 61.016 263.695 Td /F4 9.0 Tf [(IT has set up a website page with useful information on how to report and combat phishing and spam. The address is: )] TJ ET 0.373 0.169 0.255 rg BT 61.016 252.706 Td /F4 9.0 Tf [(http://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/)] TJ ET 0.18 w 0 J [ ] 0 d 61.016 251.555 m 357.647 251.555 l S 0.153 0.153 0.153 rg BT 61.016 232.717 Td /F4 9.0 Tf [(As you can see the address has a sun.ac.za at the end of the domain name, so it is legitimate. We suggest bookmarking )] TJ ET BT 61.016 221.728 Td /F4 9.0 Tf [(this.)] TJ ET BT 458.968 201.739 Td /F4 9.0 Tf [([Article by David Wiles])] TJ ET 0.400 0.400 0.400 rg BT 61.016 183.250 Td /F2 9.0 Tf [(Posted in:E-mail,Security | Tagged:Cyber Security,Spam | With 0 comments)] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Annot /Subtype /Link /A 13 0 R /Border [0 0 0] /H /I /Rect [ 420.6647 616.5982 528.3497 625.7557 ] >> endobj 13 0 obj << /Type /Action /S /URI /URI (mailto:studentnumber@sun.ac.za) >> endobj 14 0 obj << /Type /Annot /Subtype /Link /A 15 0 R /Border [0 0 0] /H /I /Rect [ 310.0997 563.6422 402.4127 572.7997 ] >> endobj 15 0 obj << /Type /Action /S /URI /URI (mailto:phishing@e-mail.address) >> endobj 16 0 obj << /Type /Annot /Subtype /Link /A 17 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 472.6972 128.1827 481.8547 ] >> endobj 17 0 obj << /Type /Action /S /URI /URI (mailto:help@sun.ac.za) >> endobj 18 0 obj << /Type /Annot /Subtype /Link /A 19 0 R /Border [0 0 0] /H /I /Rect [ 145.6967 472.6972 224.3567 481.8547 ] >> endobj 19 0 obj << /Type /Action /S /URI /URI (mailto:sysadm@sun.ac.za) >> endobj 20 0 obj << /Type /Annot /Subtype /Link /A 21 0 R /Border [0 0 0] /H /I /Rect [ 177.0437 441.7192 545.2067 450.8767 ] >> endobj 21 0 obj << /Type /Action /S /URI /URI (http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki Pages/Spam sysadmin Eng.aspx) >> endobj 22 0 obj << /Type /Annot /Subtype /Link /A 23 0 R /Border [0 0 0] /H /I /Rect [ 225.0797 421.7302 303.7397 430.8877 ] >> endobj 23 0 obj << /Type /Action /S /URI /URI (mailto:sysadm@sun.ac.za) >> endobj 24 0 obj << /Type /Annot /Subtype /Link /A 25 0 R /Border [0 0 0] /H /I /Rect [ 327.2387 421.7302 391.9037 430.8877 ] >> endobj 25 0 obj << /Type /Action /S /URI /URI (mailto:help@sun.ac.za) >> endobj 26 0 obj << /Type /Annot /Subtype /Link /A 27 0 R /Border [0 0 0] /H /I /Rect [ 221.0807 315.8182 341.6267 324.9757 ] >> endobj 27 0 obj << /Type /Action /S /URI /URI (http://www.sun.ac.za/useradm) >> endobj 28 0 obj << /Type /Annot /Subtype /Link /A 29 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 251.8732 357.6467 261.0307 ] >> endobj 29 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/) >> endobj xref 0 30 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000305 00000 n 0000000334 00000 n 0000000472 00000 n 0000000610 00000 n 0000007205 00000 n 0000007317 00000 n 0000007432 00000 n 0000007552 00000 n 0000007660 00000 n 0000007788 00000 n 0000007870 00000 n 0000007998 00000 n 0000008080 00000 n 0000008207 00000 n 0000008280 00000 n 0000008408 00000 n 0000008483 00000 n 0000008611 00000 n 0000008742 00000 n 0000008870 00000 n 0000008945 00000 n 0000009073 00000 n 0000009146 00000 n 0000009274 00000 n 0000009354 00000 n 0000009481 00000 n trailer << /Size 30 /Root 1 0 R /Info 5 0 R >> startxref 9606 %%EOF cyber security « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

cyber security

How to avoid phishing scams

Friday, May 24th, 2019

We are often asked by staff and students what they can do to stop phishing scams, and what software they should install to prevent them from becoming victims. In some cases students have asked us to fix their computers and to install software to block phishing scams.

Of course that request is impossible to fulfil. Phishing scams are like the common cold. Just like you cannot prevent the common cold, you can only adopt a lifestyle, and take precautionary measures to reduce your risk of infection. They will always be there and will always adapt and change. As long as there are people who are uninformed or careless who fall for these scams, phishing attacks will continue.

The best way to reduce your risk is to report all suspected phishing scams on ICT Partner Portal. (Full details at the end of this post). Here are some basic rules to help you to identify phishing scams:

  • Use common sense
    Never click on links, download files or open attachments in email or social media, even if it appears to be from a known, trusted source.
  • Watch out for shortened links
    Pay particularly close attention to shortened links. Always place your mouse over a web link in an email (known as “hovering”) to see if you’re being sent to the right website.
  • Does the email look suspicious?
    Read it again. Many phishing emails are obvious and will have implausible and generally suspicious content.
  • Be wary of threats and urgent deadlines
    Threats and urgency, especially coming from what claims to be a legitimate company, are a giveaway sign of phishing. Ignore the scare tactics and rather contact the company via phone.
  • Browse securely with HTTPS
    Always, where possible, use a secure website, indicated by https:// and a security “lock” icon in the browser’s address bar, to browse.
  • Never use public, unsecured Wi-Fi, including Maties Wi-Fi, for banking, shopping or entering personal information online
    Convenience should never be more important than safety.

If you do receive a phishing e-mail, please report it as soon as possible. Once you have reported the spam or phishing mail, you can delete it immediately.

You can report this on IT’s request logging system, the ICT Partner Portal.

  • Go to the ICT Partner Portal.
  • Fill in your information and add the email as an attachment. Your request will automatically be logged on the system and the appropriate measures will be taken by the system administrators to protect the rest of campus.

[ARTICLE BY DAVID WILES]

Email

Tags: , ,
Posted in phishing, Security, Tips | Comments Off on How to avoid phishing scams

Cybersecurity Awareness Month: Common passwords

Wednesday, October 3rd, 2018

The past two years have been particularly devastating for data security worldwide, with a number of well-publicised hacks, data breaches and extortion attempts.

Annually SplashData publishes a list of the most common passwords. The list is created using data from more than five million passwords that were leaked by hackers in 2018 and with a quick glance at the list, one thing is clear – we do not learn from our mistakes.

People continue to use easy-to-guess passwords to protect their information. For example, “123456” and “password” retain their top two spots on the list—for the fifth consecutive year and variations of these two “worst passwords” make up six of the remaining passwords on the list.

SplashData estimates almost 10% of people have used at least one of the 25 worst passwords on this year’s list, and nearly 3% of people have used the worst password – 123456.

Here is the list of the top 10 passwords of 2018:

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. letmein
  8. 1234567
  9. football
  10. iloveyou

Another typical example is 1q2w3e4r5t.  Although it seems very cryptic, one look at a computer keyboard and it’s easy to guess.

Not so clever passsword

It is a sobering fact that most people still underestimate the importance of having a secure password, and still make mistake to use simple words or numbers as a password.

“Passwords are the only control you have to secure your data with most systems these days. If your password is easily guessed by someone, then the person essentially becomes you. Use the same password across services and devices, and they can take over your digital identity.” Shaun Murphy, CEO of SNDR.

In the next post of our Cyber Aware Month series, we look at how to create a strong password you can remember.

 

Email

Tags: , ,
Posted in phishing, Security, Tips | Comments Off on Cybersecurity Awareness Month: Common passwords

E-mail scam with subject: “morning”

Wednesday, December 13th, 2017

It seems that scammers are now attempting to use student e-mail addresses to send out spam. 

If you get mail with the subject of “morning”, supposedly coming from a student account (studentnumber@sun.ac.za) with the following content, please ignore and delete it.

“We are conducting a  standard process investigation involving a late client who  shares the same surname with you and also the circumstances surrounding investments made by this client.Are you aware of  any relative/relation having the same surname? Send email to: scammer@scam.com”

This is a typical Nigerian 419 Advance Fee scam. Do not respond to this mail. The scammers just want to see who will respond so they can con you out of some money.

A reminder again of how to correctly report spam and phishing scams:

Send the spam/phishing mail to the following addresses: 

help@sun.ac.za and sysadm@sun.ac.za.

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (which is safe): http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

IT has set up a website page with useful information on how to report and combat phishing and spam. The address is: https://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

As you can see the address has a sun.ac.za at the end of the domain name, so it is legitimate. We suggest bookmarking this.

[Article by David Wiles]

Email

Tags: ,
Posted in E-mail, Security | Comments Off on E-mail scam with subject: “morning”

 

© 2013-2024 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.