%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R 12 0 R ] /Count 2 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20250713053055+00'00') /ModDate (D:20250713053055+00'00') /Title (Report 07-2025) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Contents 7 0 R >> endobj 7 0 obj << /Length 5744 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 71.651 521.469 675.083 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 45.266 746.734 m 566.734 746.734 l 565.984 745.984 l 46.016 745.984 l f 566.734 746.734 m 566.734 71.651 l 565.984 71.651 l 565.984 745.984 l f 45.266 746.734 m 45.266 71.651 l 46.016 71.651 l 46.016 745.984 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(WHATSAPP SCAMS)] TJ ET 0.400 0.400 0.400 rg BT 61.016 664.909 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 664.909 Td /F3 9.0 Tf [(January 01,1970)] TJ ET BT 173.588 664.909 Td /F2 9.0 Tf [( by )] TJ ET BT 188.096 664.909 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 637.420 Td /F4 9.0 Tf [(WhatsApp is a popular communication tool, used by students and personnel every day. On the downside, it provides )] TJ ET BT 61.016 626.431 Td /F4 9.0 Tf [(cyber criminals with another way to convince you to part with your well-earned money and unfortunately it's usually quite )] TJ ET BT 61.016 615.442 Td /F4 9.0 Tf [(convincing.)] TJ ET BT 61.016 595.453 Td /F4 9.0 Tf [(WhatsApp scams come in many different forms and are often very convincing. Just make sure that you stay vigilant and )] TJ ET BT 61.016 584.464 Td /F4 9.0 Tf [(don't fall for anything that seems too good or too worrying to be true. Just because a friend or a family member sends you )] TJ ET BT 61.016 573.475 Td /F4 9.0 Tf [(something, it doesn’t mean that it is safe.)] TJ ET BT 61.016 553.486 Td /F1 9.0 Tf [(Voucher scams)] TJ ET BT 61.016 533.497 Td /F4 9.0 Tf [(A message arrives in your WhatsApp from someone who looks like your friend, recommending a deal they've found. The )] TJ ET BT 61.016 522.508 Td /F4 9.0 Tf [(messages usually come with a link that actually takes you to another website and tricks you into giving your personal )] TJ ET BT 61.016 511.519 Td /F4 9.0 Tf [(information. Don’t ever click a link you're not sure of and certainly don't ever hand over personal information to a website )] TJ ET BT 61.016 500.530 Td /F4 9.0 Tf [(you haven't checked.)] TJ ET BT 61.016 480.541 Td /F1 9.0 Tf [(WhatsApp shutting down)] TJ ET BT 61.016 460.552 Td /F4 9.0 Tf [(There are many fake messages claiming that WhatsApp is going to end unless enough people share a certain message. )] TJ ET BT 61.016 449.563 Td /F4 9.0 Tf [(The messages often look convincing, claiming to come from the CEO or another official. They're written using the right )] TJ ET BT 61.016 438.574 Td /F4 9.0 Tf [(words and phrases and look like an official statement. Any official statement wouldn't need users to send it to everyone )] TJ ET BT 61.016 427.585 Td /F4 9.0 Tf [(like a round robin. You would either see it in the news or it'll come up as a proper notification in the app from the actual )] TJ ET BT 61.016 416.596 Td /F4 9.0 Tf [(WhatsApp team.)] TJ ET BT 61.016 396.607 Td /F1 9.0 Tf [(WhatsApp threatening to shut down your account)] TJ ET BT 61.016 376.618 Td /F4 9.0 Tf [(This is very similar to the previous scam. It looks like an official message that claims that people's WhatsApp accounts are )] TJ ET BT 61.016 365.629 Td /F4 9.0 Tf [(being shut down for being inactive. Sending the message on will prove that it's actually being used and often instructs )] TJ ET BT 61.016 354.640 Td /F4 9.0 Tf [(people to pass it along.)] TJ ET BT 61.016 334.651 Td /F1 9.0 Tf [(WhatsApp forcing you to pay)] TJ ET BT 61.016 314.662 Td /F4 9.0 Tf [(Similar to the previous scam, with the only difference being that the message supposedly exempts you from having to pay )] TJ ET BT 61.016 303.673 Td /F4 9.0 Tf [(for your account – if you send it on to other people.)] TJ ET BT 61.016 283.684 Td /F1 9.0 Tf [(WhatsApp Gold or WhatsApp Premium)] TJ ET BT 61.016 263.695 Td /F4 9.0 Tf [(The claim suggests that people pay for or download a special version of WhatsApp, usually called Gold or Premium. It )] TJ ET BT 61.016 252.706 Td /F4 9.0 Tf [(offers a range of exciting-sounding features, like the ability to send more pictures, use new emoji or add extra security )] TJ ET BT 61.016 241.717 Td /F4 9.0 Tf [(features. The problem is that it is far from secure. Downloading the app infects people's phones with malware that use the )] TJ ET BT 61.016 230.728 Td /F4 9.0 Tf [(phone to send more fake messages at the cost of the original victim.)] TJ ET BT 61.016 210.739 Td /F1 9.0 Tf [(Emails from WhatsApp)] TJ ET BT 61.016 190.750 Td /F4 9.0 Tf [(Spam e-mails are bad enough. E-mails plus WhatsApp is even worse. There's a range of scams out there that send )] TJ ET BT 61.016 179.761 Td /F4 9.0 Tf [(people e-mails that look like they've come from WhatsApp, usually looking like a notification for a missed voice call or )] TJ ET BT 61.016 168.772 Td /F4 9.0 Tf [(voicemail. But when you click through, you will end up getting tricked into giving over your information, passphrases etc. )] TJ ET BT 61.016 157.783 Td /F4 9.0 Tf [(Don't ever click on an e-mail from a questionable sender. WhatsApp doesn’t send you e-mails including information about )] TJ ET BT 61.016 146.794 Td /F4 9.0 Tf [(missed calls or voicemails.)] TJ ET BT 61.016 126.805 Td /F1 9.0 Tf [(Fake WhatsApp spying apps)] TJ ET BT 61.016 106.816 Td /F4 9.0 Tf [(Currently, it is not possible to let people spy on other's conversations on WhatsApp, because it has end-to-end encryption )] TJ ET BT 61.016 95.827 Td /F4 9.0 Tf [(enabled, which ensures that messages can only be read by the phones that send and receive them. These scam apps )] TJ ET BT 61.016 84.838 Td /F4 9.0 Tf [(encourage people to download something that isn't actually real and force people to pay money for malware, or actually )] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Page /Parent 3 0 R /Annots [ 14 0 R ] /Contents 13 0 R >> endobj 13 0 obj << /Length 1794 >> stream 0.153 0.153 0.153 rg 0.773 0.773 0.773 RG 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 527.866 521.469 230.118 re f 0.773 0.773 0.773 rg 45.266 527.866 m 566.734 527.866 l 565.984 528.616 l 46.016 528.616 l f 566.734 757.984 m 566.734 527.866 l 565.984 528.616 l 565.984 757.984 l f 45.266 757.984 m 45.266 527.866 l 46.016 528.616 l 46.016 757.984 l f 61.016 543.616 m 550.984 543.616 l 550.984 544.366 l 61.016 544.366 l f 0.153 0.153 0.153 rg BT 61.016 749.193 Td /F4 9.0 Tf [(read your chats once they've got onto your phone.)] TJ ET BT 61.016 729.204 Td /F4 9.0 Tf [(Lastly - )] TJ ET BT 61.016 709.215 Td /F4 9.0 Tf [(Hopefully, you have  already blocked sharing your WhatsApp details with Facebook \(telephone number, name etc. and )] TJ ET BT 61.016 698.226 Td /F4 9.0 Tf [(allowing Facebook to suggest phone contacts as friends\) and Facebook will not be able to  make your WhatsApp account )] TJ ET BT 61.016 687.237 Td /F4 9.0 Tf [(accessible to the 13 million South African Facebook users.)] TJ ET BT 61.016 667.248 Td /F4 9.0 Tf [(There are some details about this controversial policy change by WhatsApp on the following page: )] TJ ET 0.373 0.169 0.255 rg BT 61.016 656.259 Td /F4 9.0 Tf [(http://www.mirror.co.uk/tech/you-can-stop-whatsapp-sharing-8893949)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 61.016 655.108 m 339.116 655.108 l S 0.153 0.153 0.153 rg BT 61.016 636.270 Td /F4 9.0 Tf [( )] TJ ET BT 432.949 616.281 Td /F4 9.0 Tf [([ARTICLE BY DAVID WILES])] TJ ET BT 548.482 596.292 Td /F4 9.0 Tf [( )] TJ ET BT 61.016 576.303 Td /F4 9.0 Tf [( )] TJ ET 0.400 0.400 0.400 rg BT 61.016 557.814 Td /F2 9.0 Tf [(Posted in:Apps,Communication | Tagged:Malware,Phishing,Security,Spam,Whatsapp | With 0 comments)] TJ ET endstream endobj 14 0 obj << /Type /Annot /Subtype /Link /A 15 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 655.4266 339.1157 664.5841 ] >> endobj 15 0 obj << /Type /Action /S /URI /URI (http://www.mirror.co.uk/tech/you-can-stop-whatsapp-sharing-8893949) >> endobj xref 0 16 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000312 00000 n 0000000341 00000 n 0000000479 00000 n 0000000542 00000 n 0000006338 00000 n 0000006450 00000 n 0000006565 00000 n 0000006685 00000 n 0000006793 00000 n 0000006877 00000 n 0000008724 00000 n 0000008851 00000 n trailer << /Size 16 /Root 1 0 R /Info 5 0 R >> startxref 8969 %%EOF malware « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

malware

« Older Entries
Newer Entries »

Tax season = cyber scams

Friday, July 24th, 2015

Only people with an unusual desire for pain and discomfort look forward to a trip to the dentist. The same goes for tax.

Criminals know this and prey on our vulnerability. Every year at this time, e-mails like the one below end up in SU staff inboxes. It informs you that the taxman owes you money and all you have to do to receive it, is to click on a link.

This is a scam, and you should never respond or go to the site or open up the attached file, as this could compromise your banking security.

  1. SARS has your banking details on record and keeps it in secure and encrypted form. They do not need you to confirm or enter your banking details.
  2. SARS will always either SMS or send you a registered letter in the post to inform you of tax returns. They will never contact you by unsecured e-mail.
  3. They also have enough data to address the mail to you PERSONALLY and not via some vague “Dear Taxpayer” or “Good Day” salutation.
  4. There is no EFiling@sars.gov.za address.
  5. The attached file is usually a html (webpage) file and will connect you to a server controlled by the criminals. This server downloads a Trojan virus to your computer that will install software, malware and do all sorts of nasty things to your computer and data. Another tactic is to present you with a “login page” where you enter your banking account details, your PIN code etc.
  6. Unless you have added your university e-mail address as the primary contact address on the SARS system, you should never receive mail on your university account.

This phishing scam will allow the criminals to log into and take control of your bank account via the internet.

They can create themselves as beneficiaries, transfer your money to their account, and then delete the evidence pointing to their account.

These scam e-mails will never stop. It is always difficult to block them too because scammers change their addresses, details and methods on a daily basis. So it is always best to dump these mails in the junk mail folder, blacklist the sending domain and delete the mail immediately.

Why do these criminals continue to send their mail? Because they catch people regularly. In 2012 R14+ million was stolen from South Africans alone using phishing tactics such as this one.

Also read more on this on the mybroadband website.

EXAMPLE OF E-MAIL:

From: SARS eFiling [mailto:eFiling@sars.gov.za]
Sent: Saturday, 27 June 2015 10:14
Subject: Your account has been credited with R3,167.14
efiling

Your account has been credited with R3,167.14

Please click below to accept and verify payment.

Accept Payment

During this process, there will be verifications. If you don’t receive codes on time, come back to finish verification when received

SARS eFiling

[ARTICLE BY DAVID WILES]

Email

Tags: , , ,
Posted in Security | Comments Off on Tax season = cyber scams

How to detect malware symptoms

Friday, September 26th, 2014

If your computer starts to behave strangely, you might be experiencing spyware symptoms or have other unwanted software installed on your computer.

Wikipedia defines malware as follows:

“Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of executable code, scripts, active content, and other software.’Malware’ is a general term used to refer to a variety of forms of hostile or intrusive software.” [www.wikipedia.org]

Here are a few tips on how to detect malicious software:

  • I see pop-up advertisements all the time.
    Some unwanted software will bombard you with pop-up ads that aren’t related to a particular website you’re visiting. These ads are often for adult or other websites you may find objectionable. If you see pop-up ads as soon as you turn on your computer or when you’re not even browsing the web, you might have spyware or other unwanted software on your computer.
  • My settings have changed and I can’t change them back to the way they were.
    Some unwanted software can change your home page or search page settings. Even if you adjust these settings, you might find that they revert back every time you restart your computer.
  • My web browser contains additional components that I don’t remember downloading.
    Spyware and other unwanted software can add toolbars to your web browser that you don’t want or need. Even if you remove these toolbars, they might return each time you restart your computer.
  • My computer seems sluggish.
    Spyware and other unwanted software are not designed to be efficient. The resources these programs use to track your activities and deliver advertisements can slow down your computer and errors in the software can make your computer crash. If you notice a sudden increase in the number of times a certain program crashes, or if your computer is slower than normal at performing routine tasks, you may have spyware or other unwanted software on your machine.

If you suspect your PC has been infected with malware, contact our service desk at x4367 or log a call on the HEAT CALL LOGGING SYSTEM

[Source: http://www.microsoft.com/security/pc-security/malware-symptoms.aspx]

Email

Tags:
Posted in Security | Comments Off on How to detect malware symptoms

Attack of the trojans, bots & zombies

Friday, August 30th, 2013
Once of the most common questions we are asked by users is: How do these spammers get my e-mail address? Previously we looked at Rumpelstiltskin attacks and this week we will focus on the second of the methods –  by using Trojan Horses, Bots and Zombies. Now, thet may sound like something from a movie, but they do pose quite a serious threat to you as e-mail user.

Let us use a familiar example. You regularly exchange emails with your elderly mother who has a computer. Your mother uses Outlook or Thunderbird and has dozens of emails from you in her inbox. She even added you to her address book. She also has lots of emails from a distant family member – cousin Johan from Australia. You haven’t stayed in touch with Johan that closely over the years, but you definitely know who he is.

Last year, just before the Christmas, Johan downloaded and installed this really pretty Christmas screensaver that showed tranquil tree and candle scenes when he wasn’t using the computer. What he didn’t know was that the screen saver had a sinister hidden payload. While the candles flickered peacefully on his screen, the software went to work combing through his emails and address book, his browser’s cache of past webmail sessions and other files, storing every email address it would find in a separate list.

Then it sent the entire list to a server in Russia, where a criminal combined it with other such submissions to build the ultimate monster spam list that can be sold and resold over and over again.

But as if that wasn’t enough, when the “screensaver” sent the address list to Russia, it received some content in return – messages to be sent to all of Johan’s contacts. Then, unbeknownst to John, his computer started creating hundreds of emails randomly using the harvested email addresses in the To: and From: field along with the content from the Russian server and sent them out using Johan’s Internet connection. One of them used your mother’s email address as sender and yours as recipient.

Now you received some spam from your mother asking you to buy fake watches and you’re ready to speak to her telling her to stop. Well, don’t. Your mother has obviously nothing to do with the whole thing and you’ll never find out that it was actually Johan’s computer.

You just had a look into the really nasty underworld of the Internet where botmasters (the guy in Russia) control botnets (infected computers that all report to the same server) of remote-controlled zombies (Johan’s computer) that were compromised using trojan horses (the screensaver) or similar malware.

And it doesn’t even end there. The botmaster typically doesn’t spam for his own account but hires out his botnet to whoever pays the most. The equally shady factory in China wanting to sell more fake Rolexes can now hire the botmaster to blast their offers all over the internet. The guy in Russia doesn’t even care if you open or click on that email from your mother, he gets paid either way. And when he’s done with the watches, he’ll inform his entire mailing list that they all won the lottery and can pick up the prize if only they pay a small “transfer fee” up front. And after that, he’ll mail a Paypal phish for yet another “client”. And for good measure, he’ll sell his entire email address database, incl. yours, to a friend who is in the same line of “business”.

In other words, once your email address got picked up by a botnet, Pandora’s Box is wide open. The whole scheme is particularly wicked because now you have to depend on others to keep your address safe. Unfortunately, there is little you can do:

  • First of all, do your own share: NEVER open email attachments that you didn’t ask for, even if they appear to come from good friends like Johan. If you’re still curious, ask Johan or your mother first if they really sent it.
  • NEVER download anything where you can’t in­de­pend­ent­ly verify it’s safe. With“independently verify” I mean you can read about it in forums, blogs, news sites, your local “computer geek” etc. Facebook fan pages, even with 1000s of “fans”, do NOT count, they are way too easy to manipulate and are usually full of misinformation!
  • NEVER get fooled by fake “security scans” (they’re quite the opposite!) or“video codec updates” to see that funny kitten clip. If you think you need a new Flash player, type in flash.com by hand and update from there. If afterwards the site still says you need an “update” get out of there as fast as you can.
  • Then educate your friends and family about the same. Explain how trojans work. Send them a link to this blog page!
  • You can try having multiple private email addresses. Keep a super-private one, only for family and very few of your closest friends.  Use your university address for everyone you work with and don’t use this for private mail – EVER!  Get a semi-private one for your wider social circle. The latter two do get some spam, although it’s still manageable. GMail has a very good “spam filter”, and blacklisting spammers is very easy!

 

[ARTICLE BY DAVID WILES & MATERIAL BY BustSpammers.com]

Email

Tags: , , , ,
Posted in E-mail, Security | 1 Comment »

(Afrikaans) Nuwe e-pos “malware” veroorsaak verwarring op kampus

Tuesday, January 15th, 2013

Sommige gebruikers ontvang sedert gister `n e-pos wat aandui dat jou e-pos posbus sy limiet bereik het en waarsku dat jou toegang tot sy e-pos afgesny gaan word indien dit nie onmiddellik geaktiveer word deur op `n skakel te kliek nie. Soos met alle ander weergawes van hierdie tipe “malware” e-posse, moet onder geen omstandighede op die skakel kliek nie. As jy met die muis oor die skakel beweeg, sal dit `n onbekende adres wys wat nie verband hou met die e-pos se onderwerp nie. In sommige gevalle sal dit voorkom of die e-pos deur iemand gestuur is wat jy ken, maar onthou dat die “malware” `n gebruiker se posbus infiltreer en aan sy kontakte gestuur kan word. Onder is `n voorbeeld van so `n e-pos.

From: Abrahams, B, Mnr <…..@sun.ac.za> Sent: 14 January 2013 19:51 Subject: Your Mailbox Has It Storage Limit Your Mailbox Has Exceeded It Storage Limit As Set By Your Administrator, And You Will Not Be Able To Receive New Mails Until You Re-Validate It. To Re-Validate – >Click Here: Thanks, System Administrator.

Email

Tags:
Posted in E-mail, Security | Comments Off on (Afrikaans) Nuwe e-pos “malware” veroorsaak verwarring op kampus

New malware warning

Tuesday, December 4th, 2012

Please take note that a new malware threat has emerged on campus. Some users have reported the following:

A pop up will appear on your screen (see below) prompting you to update your Antivirus package due to a threat (in this case a trojan). However, this notification in itself is a malware application. If you click on the option to update, it will install itself on your pc. Under no circumstances should you click on the button.

Close the pop up screen immediately and if you’re worried that your pc is infected, contact the IT helpdesk. Read more on http://www.hoax-slayer.com/fake-fedex-invoice-malware.shtml

Email

Tags:
Posted in General, Security | Comments Off on New malware warning

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.