%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20250425044446+00'00') /ModDate (D:20250425044446+00'00') /Title (Report 04-2025) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Contents 7 0 R >> endobj 7 0 obj << /Length 7850 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 183.335 521.469 563.399 re f 0.773 0.773 0.773 RG 0.75 w 0 J [ ] 0 d 45.641 183.710 520.719 562.649 re S 0.773 0.773 0.773 rg 61.016 199.085 m 550.984 199.085 l 550.984 199.835 l 61.016 199.835 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(WARNING ABOUT DIRECTAXIS FINANCIAL SERVICES SPAM)] TJ ET 0.400 0.400 0.400 rg BT 61.016 664.909 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 664.909 Td /F3 9.0 Tf [(January 01,1970)] TJ ET BT 173.588 664.909 Td /F2 9.0 Tf [( by )] TJ ET BT 188.096 664.909 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 637.420 Td /F4 9.0 Tf [(There have been reports of personnel and students getting numerous “spam” messages from DirectAxis Financial )] TJ ET BT 61.016 626.431 Td /F4 9.0 Tf [(Services offering financial loans at 5% interest. This email is sent from a number of  “throwaway” e-mail addresses like )] TJ ET BT 61.016 615.442 Td /F4 9.0 Tf [(outlook.com, Hotmail and webmail.co.za.)] TJ ET BT 61.016 595.453 Td /F4 9.0 Tf [(Some students and personal are struggling to manage their finances and these “offers” can be very tempting.)] TJ ET BT 61.016 575.464 Td /F4 9.0 Tf [(There are usually attached PDFs with each message where the company advertises loans and abnormally low-interest )] TJ ET BT 61.016 564.475 Td /F4 9.0 Tf [(rates, and although currently there is no embedded malware or links to servers where you would be asked to give your )] TJ ET BT 61.016 553.486 Td /F4 9.0 Tf [(user name and password, the spammers nevertheless ask you for your ID NUMBER, Full Names, Occupation, Monthly )] TJ ET BT 61.016 542.497 Td /F4 9.0 Tf [(income and Contact details, which can be used for identity theft.)] TJ ET BT 61.016 522.508 Td /F4 9.0 Tf [(Although DirectAxis is a legitimate South African microlender, in the past, their company letterhead has been forged and )] TJ ET BT 61.016 511.519 Td /F4 9.0 Tf [(used by criminals to commit fraud. Secondly, this particular Company has a number of charges against it by the Direct )] TJ ET BT 61.016 500.530 Td /F4 9.0 Tf [(Marketing Association of South Africa for using ”spam databases” to spam millions of South Africans with their adverts. )] TJ ET BT 61.016 489.541 Td /F4 9.0 Tf [(This puts them in violation of the “Protection of Personal Information Act” [http://www.justice.gov.za/legislation/acts/2013-)] TJ ET BT 61.016 478.552 Td /F4 9.0 Tf [(004.pdf])] TJ ET BT 61.016 458.563 Td /F4 9.0 Tf [(Don’t be fooled by companies offering you loans at a ridiculously low-interest rate \(Here are some handy tips to spot )] TJ ET BT 61.016 447.574 Td /F4 9.0 Tf [(frauds\))] TJ ET 0.153 0.153 0.153 RG 85.866 430.401 m 85.866 430.813 85.696 431.223 85.404 431.515 c 85.113 431.806 84.703 431.976 84.291 431.976 c 83.878 431.976 83.469 431.806 83.177 431.515 c 82.885 431.223 82.716 430.813 82.716 430.401 c 82.716 429.989 82.885 429.579 83.177 429.287 c 83.469 428.996 83.878 428.826 84.291 428.826 c 84.703 428.826 85.113 428.996 85.404 429.287 c 85.696 429.579 85.866 429.989 85.866 430.401 c f BT 91.016 427.585 Td /F4 9.0 Tf [(Any company that says it doesn't care about your credit history has no intention of lending you money. A legitimate )] TJ ET BT 91.016 416.596 Td /F4 9.0 Tf [(lending institution wants to know whether you pay your bills on time and in full. It needs some assurance that you'll )] TJ ET BT 91.016 405.607 Td /F4 9.0 Tf [(repay what you borrow.)] TJ ET 85.866 397.434 m 85.866 397.846 85.696 398.256 85.404 398.548 c 85.113 398.839 84.703 399.009 84.291 399.009 c 83.878 399.009 83.469 398.839 83.177 398.548 c 82.885 398.256 82.716 397.846 82.716 397.434 c 82.716 397.022 82.885 396.612 83.177 396.320 c 83.469 396.029 83.878 395.859 84.291 395.859 c 84.703 395.859 85.113 396.029 85.404 396.320 c 85.696 396.612 85.866 397.022 85.866 397.434 c f BT 91.016 394.618 Td /F4 9.0 Tf [(Search the business' website for an address where it legally does business. Lenders and loan brokers must be )] TJ ET BT 91.016 383.629 Td /F4 9.0 Tf [(registered in the country where they conduct business.)] TJ ET 85.866 375.456 m 85.866 375.868 85.696 376.278 85.404 376.570 c 85.113 376.861 84.703 377.031 84.291 377.031 c 83.878 377.031 83.469 376.861 83.177 376.570 c 82.885 376.278 82.716 375.868 82.716 375.456 c 82.716 375.044 82.885 374.634 83.177 374.342 c 83.469 374.051 83.878 373.881 84.291 373.881 c 84.703 373.881 85.113 374.051 85.404 374.342 c 85.696 374.634 85.866 375.044 85.866 375.456 c f BT 91.016 372.640 Td /F4 9.0 Tf [(One should never pay to get a personal loan. Many scammers ask borrowers to provide a prepaid debit card for )] TJ ET BT 91.016 361.651 Td /F4 9.0 Tf [(insurance, collateral or fees.)] TJ ET 85.866 353.478 m 85.866 353.890 85.696 354.300 85.404 354.592 c 85.113 354.883 84.703 355.053 84.291 355.053 c 83.878 355.053 83.469 354.883 83.177 354.592 c 82.885 354.300 82.716 353.890 82.716 353.478 c 82.716 353.066 82.885 352.656 83.177 352.364 c 83.469 352.073 83.878 351.903 84.291 351.903 c 84.703 351.903 85.113 352.073 85.404 352.364 c 85.696 352.656 85.866 353.066 85.866 353.478 c f BT 91.016 350.662 Td /F4 9.0 Tf [(Make sure a padlock icon appears somewhere on the web pages where you're asked to type in personal )] TJ ET BT 91.016 339.673 Td /F4 9.0 Tf [(information. Don't override any warning saying a site's security certificate has expired and pay attention to the )] TJ ET BT 91.016 328.684 Td /F4 9.0 Tf [(URLs you click on.)] TJ ET 85.866 320.511 m 85.866 320.923 85.696 321.333 85.404 321.625 c 85.113 321.916 84.703 322.086 84.291 322.086 c 83.878 322.086 83.469 321.916 83.177 321.625 c 82.885 321.333 82.716 320.923 82.716 320.511 c 82.716 320.099 82.885 319.689 83.177 319.397 c 83.469 319.106 83.878 318.936 84.291 318.936 c 84.703 318.936 85.113 319.106 85.404 319.397 c 85.696 319.689 85.866 320.099 85.866 320.511 c f BT 91.016 317.695 Td /F4 9.0 Tf [(When you find a lender online, go through the site to determine its physical location. Do they provide a street )] TJ ET BT 91.016 306.706 Td /F4 9.0 Tf [(address? However it may be a fake! If you don't find any indication of their location, you should avoid the lender.)] TJ ET 85.866 298.533 m 85.866 298.945 85.696 299.355 85.404 299.647 c 85.113 299.938 84.703 300.108 84.291 300.108 c 83.878 300.108 83.469 299.938 83.177 299.647 c 82.885 299.355 82.716 298.945 82.716 298.533 c 82.716 298.121 82.885 297.711 83.177 297.419 c 83.469 297.128 83.878 296.958 84.291 296.958 c 84.703 296.958 85.113 297.128 85.404 297.419 c 85.696 297.711 85.866 298.121 85.866 298.533 c f BT 91.016 295.717 Td /F4 9.0 Tf [(Some websites appear to offer different types of personal loans but aren't actually lenders, but sell your personal )] TJ ET BT 91.016 284.728 Td /F4 9.0 Tf [(information to other loan companies. Many “microlenders” merely collect your personal and financial information )] TJ ET BT 91.016 273.739 Td /F4 9.0 Tf [(for other companies.)] TJ ET 85.866 265.566 m 85.866 265.978 85.696 266.388 85.404 266.680 c 85.113 266.971 84.703 267.141 84.291 267.141 c 83.878 267.141 83.469 266.971 83.177 266.680 c 82.885 266.388 82.716 265.978 82.716 265.566 c 82.716 265.154 82.885 264.744 83.177 264.452 c 83.469 264.161 83.878 263.991 84.291 263.991 c 84.703 263.991 85.113 264.161 85.404 264.452 c 85.696 264.744 85.866 265.154 85.866 265.566 c f BT 91.016 262.750 Td /F4 9.0 Tf [(Don't fall for the “Act Now” urgency plea. Many criminals often give you a deadline and say their offer won't exist )] TJ ET BT 91.016 251.761 Td /F4 9.0 Tf [(tomorrow.)] TJ ET BT 458.968 231.772 Td /F4 9.0 Tf [([Article by David Wiles])] TJ ET 0.400 0.400 0.400 rg BT 61.016 213.283 Td /F2 9.0 Tf [(Posted in:E-mail,Security | Tagged:Phishing | With 0 comments)] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj xref 0 12 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000305 00000 n 0000000334 00000 n 0000000472 00000 n 0000000535 00000 n 0000008437 00000 n 0000008549 00000 n 0000008664 00000 n 0000008784 00000 n trailer << /Size 12 /Root 1 0 R /Info 5 0 R >> startxref 8892 %%EOF phishing « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

phishing

« Older Entries

Cybersecurity Awareness Month: Creating strong passwords

Tuesday, October 5th, 2021

Before we pointed out that most people underestimate the importance of having a secure password, and still make the mistake of using simple words and numbers as a password.

Keep in mind that your email and social network accounts contain very personal information about you. You must have a strong password to keep your personal life personal, and not become a victim of identity theft. 

  • Using email or your profile on Facebook, Whatsapp or Google, hackers can and do, extract a huge amount of personal data of your personal “online” life.
  • If you use the same password for multiple online accounts, you run the risk, if this password is hacked, of all your online accounts being compromised.
  • Using a personal name for an online account, the name of the city that you live in, the names of your children or your date of birth, give hackers vital clues for attempting to access your personal data.
  • For an average expert hacker, it is always easy to find passwords that are made up of words from the English vocabulary or other languages, using a basic technique called “brute force” or “dictionary” attacks.

What makes a password safe?

  1. A password at least 8 characters long.
  2. The password does not contain information that is easy to find online, such as the date of birth, the telephone number, your spouse’s name, the name of a pet, or a child’s name.
  3. The password does not contain words found in the dictionary.
  4. The password contains special characters like @ # $% ^ &, and numbers.
  5. The password uses a combination of uppercase and lowercase letters.

A trick that the experts use to create secure passwords:

Think of a phrase and use the first letters of the words in the phrase.

  • For example: “In South Africa, a barbecue is called a Braai!”
  • Take the first letters of each word and the password that is created is ISAabicaB!
  • This will be very difficult to guess, but easy to remember.
  • At this point, you can decide to make your the Google password is ISAabicaB!-G,  and Facebook ISAabicaB!-F and your university account  ISAabicaB!-US and so on.
  • There is already a capital letter and a special character (!), so you just need to add a number to finish off a good password like 9-ISAabicaB!-US (9 could be the month you created the password in – for example)

You will have already made your password a lot more difficult to hack, and it can be a lot of fun to create. 

Email

Tags: , , , ,
Posted in News, phishing, Security, Tips | Comments Off on Cybersecurity Awareness Month: Creating strong passwords

How to recognise a phishing e-mail

Tuesday, October 5th, 2021

We can’t warn you against every phishing e-mail– there’s a new variation every day. You are the only person who can protect yourself from phishing scams and identity theft. The only way to do this is to learn to recognise a harmful e-mail by paying attention and keeping an eye out for a few tell-tale signs.

phishme_how_to_spot_a_phishTypical characteristics

1. Well-known companies used as bait
These e-mails are sent out to thousands of different e-mail addresses and often the person sending them has no idea who you are. If you have no affiliation with the company the e-mail address is supposedly coming from, it’s fake. For example, if the e-mail is sent by ABSA, but you are a Standard Bank client. Also, see a list of types of companies generally used in phishing e-mails below.

2. Spelling and grammar
Improper spelling and grammar is a dead giveaway. Look for obvious errors. 

3. Lack of client information
Phishers use a generic greeting. For example, the e-mail greets you as “ABSA customer” or “Dear user”, etc. If the company was sending you information regarding your faulty account, they would mention your account details or name in the e-mail.  A company would go through the trouble to address a client by name and won’t ask you for your information. Banks have your information on their system.

4. Deadlines/Sense of urgency
Phishing e-mails demand an immediate response or stipulate a specific deadline, creating a sense of urgency and prompting you to respond before you’ve looked at the e-mail properly. For example,  demanding that you log in and change your account information within 24 hours or your account will be closed.

5. Malicious links
Although many phishing e-mails are getting better at hiding the true URL you are visiting, often these e-mails will show a URL that is unrelated to the company. Move your mouse over the link and look at the display address. Is this the website address of the company who seems to be sending the e-mail? If not, it’s clearly a phishing e-mail.

6. Attachments
Phishing e-mails occasionally include an attachment which contains malware. When opened, it will run and install a small programme on your PC, which hackers use to gain access to your PC and information. 

Typical phishing topics

• Account issues, such as accounts or passwords expiring, accounts being hacked, out-of-date accounts, or account information has to be changed.
• Credit cards expiring or being stolen, a duplicate credit card, credit card transactions, etc. 
• Confirming orders, requesting that you log in to confirm recent orders or transactions before a delivery can be made.
• Winning a prize or getting something for free. Both Woolworths and Pick ‘n Pay’s have been used in fake campaigns to lure people into providing personal details.

Company names phishers generally use

• Any major bank. ABSA and Standard Bank are both popular choices in South Africa.
• Insurance companies, for example, Outsurance.
• Internet service providers
• Apple or Microsoft claiming your account has been suspended.
• E-mail providers, e.g. Gmail or Yahoo
• SARS. Especially at this time of year. (We’ve had a few of these.)
• DHL or any delivery company claiming they have a package for you.
• Your company’s medical aid, for example, Discovery
• Your company’s IT department
• Casinos and lotteries
• Online dating websites
• Popular websites such as Amazon, Facebook, MySpace, PayPal, eBay, Microsoft, Apple, Hotmail, YouTube, etc.

A few tips to keep you safe

• Never follow links in an e-mail you’re uncertain of. Rather visit the page by typing the address of the company in your browser. For example,  instead of clicking on the “ABSA URL” in the e-mail, type http://www.absa.co.za in your web browser and log in at their official website.
• Never send personal information by e-mail. If a company is asking for your personal account information or claiming your account is invalid, visit the website and log in to the account as you normally would. If everything seems in order and there aren’t any urgent notifications from your bank, you should be fine.
• If you are still not sure about the status of your account or are concerned about your personal information, contact the company directly, either through an e-mail address provided on their website, over the phone or visit your local branch.
• Delete the e-mail and don’t click on links or fill in any information.
• If you’ve already divulged your information, immediately change your password or PIN and contact the institution to inform them of the breach.
• To report spam or phishing e-mails send an e-mail to sysadm@sun.ac.za with the subject SPAM with the suspect e-mail attached. IT system administrators will then be able to block the e-mail to protect other users.

[SOURCE: www.computerhope.com]

 

Email

Tags: , ,
Posted in E-mail, Security, Tips | Comments Off on How to recognise a phishing e-mail

How do I report phishing?

Tuesday, October 5th, 2021

You’ve received a suspicious email, what should you do with it? Firstly, don’t click on any links. But just as important, send it to us so we can prevent more staff and students falling prey to the scam. We encourage our customers to submit potential phishing examples for review. Using these submissions, the Cyber Security Incident Response Team (CSIRT) can learn from the analysis of these messages. This collectively helps to improve the level of virus and spam detection.

What is phishing?

Phishing attacks are designed to steal a person’s login and password details so that the cyber criminal can assume control of the victim’s social network, email, and online bank accounts. Seventy percent of internet users choose the same password for almost every web service they use. This is why phishing is so effective, as the criminal, by using the same login details, can access multiple private accounts and manipulate them for their own good. 

More on how to recognise a phishing email. 

Report phishing

On the ICT Partner Portal:

*Spam or phishing examples must be sent in either.EML or .MSG format as an attachment and must not be forwarded. This ensures the original email can be analysed with its full Internet message headers intact. Alternatively, use the mail application to save the email (usually located under File | Save As) as an .EML or .MSG format to a folder location, and attach the saved file to a new email.

Email

Tags: , , , ,
Posted in phishing, Security, Tips | Comments Off on How do I report phishing?

Spear phishing attack using a staff email

Monday, September 20th, 2021

If you receive an e-mail from Prof. Wolfgang Preiser – Head of the Department of Virology asking about a “PAYMENT”, you might be tempted to quickly answer and offer your assistance.

However, this was a spear-phishing scam designed to fool its victims into thinking the mail was sent out by someone like Prof Preiser.

We are getting several reports from personnel within his department saying that they are getting e-mail from Prof. Preiser and were concerned if his e-mail account has been compromised and if this is a phishing attack.

Here is what the phishing scam looks like.

An example of the spear phishing email using Prof Preiser's details

Click for a larger image.

Please note that the name, has been forged and that a “throwaway” execs.com e-mail address has been used with forged details inserted. The Professor’s account has not been compromised. 

The message below also serves as a warning and should give you an indication that this is not an email from an @sun address. Do not click links or open attachments unless you recognise the sender and know the content is safe.

CAUTION: This email originated from outside of the University. 

Additionally there is a standard warning from Microsoft to also warn you.

This is a spear-phishing attack where an institution is attacked by impersonating prominent or public figures within the enterprise to gain access to the enterprise. The targets in this method of attack are usually subordinates of high-ranking personnel, to fool them into sending money or obtaining personal details of these personnel members.

Keep an eye open for this scam, and please report it to IT Cyber Security if you find it in your inbox by logging it on the ICT Partner Portal. Fill in your information and add the email as an attachment. Your request will automatically be logged on the system.​​

If you accidentally clicked on the link and already gave any personal details to the scammers it is vitally important that you immediately go to the USERADM page (either http://www.sun.ac.za/password or www.sun.ac.za/useradm) and change your password immediately.

Make sure the new password is completely different and a strong password that will not be easily guessed. Also change the passwords on your social media and private e-mail accounts, especially if you use the same passwords on these accounts.

Contact the IT Service Desk if you are still unsure.

[ARTICLE BY DAVID WILES]

Email

Tags: ,
Posted in News, phishing, Security | Comments Off on Spear phishing attack using a staff email

Phishing alert: Zoom invite

Thursday, November 5th, 2020

Please be on the lookout for a new tactic that phishing scammers are employing to get your personal details, passwords and to gain access to your university account.

These scammers are using “Zoom” video conference invitations to fool their intended victims and steal passwords and other personal details.

 

Above is one such example. Take note of the highlighted the warning signs that reveal the scam. This particular scam is “custom” programmed for specific university e-mail addresses and might target your address, as the e-mail addresses are embedded into the phishing web page and the e-mail itself.

If you do get such an e-mail please report it to IT Cyber Security as soon as possible on the ICT Partner Portal.

If you have accidentally responded to the phisher and already provided them with your personal details, it is vitally important that you immediately change your password. Make sure the new password is completely different, and is a strong password that will not be easily guessed, as well as changing the passwords on your social media and private e-mail accounts, especially if you use the same passwords on these accounts.

After changing your password, also log a request on the ICT Partner Portal in order for your devices to be checked for malicious software. 

[ARTICLE BY DAVID WILES]

Email

Tags:
Posted in News, phishing, Security | Comments Off on Phishing alert: Zoom invite

« Older Entries
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.