%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R 13 0 R ] /Count 2 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> /XObject << /I1 12 0 R /I2 15 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text /ImageC ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20250615040513+00'00') /ModDate (D:20250615040513+00'00') /Title (Report 06-2025) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Contents 7 0 R >> endobj 7 0 obj << /Length 1849 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 70.799 521.469 675.935 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 45.266 746.734 m 566.734 746.734 l 565.984 745.984 l 46.016 745.984 l f 566.734 746.734 m 566.734 70.799 l 565.984 70.799 l 565.984 745.984 l f 45.266 746.734 m 45.266 70.799 l 46.016 70.799 l 46.016 745.984 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(PHISHING: CONFIRM YOUR EMAIL ACCOUNT)] TJ ET 0.400 0.400 0.400 rg BT 61.016 664.909 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 664.909 Td /F3 9.0 Tf [(November 10,2017)] TJ ET BT 183.083 664.909 Td /F2 9.0 Tf [( by )] TJ ET BT 197.591 664.909 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 637.420 Td /F4 9.0 Tf [(The latest phishing attempt uses a rather obtuse message about confirming your email account to prevent a shutdown of )] TJ ET BT 61.016 626.431 Td /F4 9.0 Tf [(your account. It also used your email address in the salutation, which might fool some people, thinking it is genuine.)] TJ ET BT 61.016 606.442 Td /F4 9.0 Tf [(Information Technology would never send out an email like this, lacking personal salutations, direct contact via telephone, )] TJ ET BT 61.016 595.453 Td /F4 9.0 Tf [(and threatening to close your account down.)] TJ ET BT 61.016 575.464 Td /F4 9.0 Tf [(Here is the phishing e-mail example below with the dangerous parts removed. Do not click on the link or provide any )] TJ ET BT 61.016 564.475 Td /F4 9.0 Tf [(personal information. Luckily the phishing email and the server comes from the Far East, so it should be rather obvious )] TJ ET BT 61.016 553.486 Td /F4 9.0 Tf [(that it is a scam:)] TJ ET q 375.000 0 0 185.250 61.016 357.038 cm /I1 Do Q BT 61.016 339.247 Td /F4 9.0 Tf [(This is what the phishing website looks like.)] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /XObject /Subtype /Image /Width 500 /Height 247 /ColorSpace /DeviceRGB /Filter /DCTDecode /BitsPerComponent 8 /Length 23324>> stream JFIF;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82 C    !'"#%%%),($+!$%$C   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?(((((((((((((((((((((((((((((((( }FiHb@BiK^8.|(<pPnUu|y?5w7}7Ao ŜS=abz๑P򞥀_ L >PnS;@,tu\KOщ}OUZ=ijM )g A"Ÿe3! uq=k).m۟MqDF3Zo5HPۓpy?4b_'ƼxeZٸ[vpL,HNЬ^G-Fɻc'1ܤAy rEw|y?52ڌj &,mx+hϔt5[x[Q_ K6۔27ŀP1@%'hĿOyW50YT2Ci*mߗL f80+o:0C8r^Ts<@?@1/?^m[h "7r pmg$;OOӥ.i7:igtlr( 5`[}xKOщxPO{mHaHbc:#i*䂠.w;j7WzBpLjP$e|0*g4b_'ƌKO '<[ĆG#ΩcY[tJc, <Û^$6zarGt}EanGnܬ\ݒ2@1/?^yxŚmM\dimUpg&Ax&ռi ' EhZ0/Pws~Qw|y?5iȑj;cYdg1*2Nc5@ ĿO|@ ĿO|@ ĿO|@ ĿO|@ ĿO|@ ĿO|@ ĿO|@ ĿO|@ ĿO|@ ĿO|@ ĿO|@ ĿO|@ ĿO|@ ĿO|@ ĿO|@ ĿO|@ ĿO|@ ĿO(YZZ\ߤηwIi UG'dܬPMN Q#)VBX`؊ϸGKR8MLYjk2&p*Bm.^dB "?˹\ЏԨ5?Px]! !MF)C b:Wޗo5ޣgs1/, %N0ʤ1Ԏ(t xhBh\ٛߴ0W9+61Ohwc\gU CVRC.G`7T𗇣o ȖS" !`8j_v4QS1W1NAȮW:ΣDЛtNd2 .Tfm! k$sG11Fڣ'$IP?{y -#> dR7̀8eǗ󭬓x^VY$e[+Ie twms]57umiPsZm߁k}2Ng3H@̨:1[vo [DB+*? _(*h+ ۢ -c@袀 ))h4SY0Y2zJuԱPP3EQEQEQEQEQEQEQEQEQEQEQEQEQE|KԞ(v0],м"@P%B+s>#i`Q #H-`-)D B3q@W-k=5>ұmAn)?u!XדivVSOg̲YqC+-?uuڙ>IcoN⥺ieM ŝQ*KjbS'( 6A# _KagU7v+D-6< ܮ88S#u CMЯL}FX6!ȡ[''&'AuOiͨhqyfXđɰ|n0σlǹkou ظ)+p{ WN43Xk;fC]w_fݤnd!D@*D 쒸'OȖ.pדEx-btʫ# yڻyEJrKBx4w\y(6@wIgVUP7:$-P|@{}F4̜Yx8/rqE؞TbwptPO(PpG$Ck:[CiZIY7mf#3w-r.Fvrr(aߊMipѠ=*qEy|G~)Em;y..c!VB-vB屿boޛ)bO[.|Fj YD`p:GuEdZ%q>0b>[ijy P3p3q]G;3&neۈ |r(ɭ][ G7Xe B2ȳ&'3/c1w:.aM9nn\QXN9 =![{iƫo3єyrrgztx5Kk94?Dgby@~by'J+ [}@0#z[W ][ϔ0^9 S p|'񄶗2ů@EΩj4F)jhUf1$d O.K4B{4ġbIX<$PE6LNvi2Ʈ6JEBFXzP.⧴EB,x#' S|_.},(TzvQ4?u0z8jz +̔E-;Bl7[H2\Kg5T Ja5#UaZ  HPxFO&rwqT1ddˇbxZ> E}6ğlU/N |;\.Mum,U9*O":NN94x x )M#{ế=?GdҥI2&BO~?,QX,Ki$fEf${ 8<OcQ{~#,9,v,`T7(((3EPEPEPE%-QE%PTMNžg *ȑ(oby@YYԗPAWU~xuu'&6c ҉Y%~+2d1C.g!H "9s?3q}j+:mΜP4M8|Cq*ۊۢ3c&hIc -4t &%-:@@=}y (<5e X#.#"I$,pťrM^t={[+x5tFD`= =Ls >d֛kiWoyme7(VsU(2? hy4@$s#0X NߙI=VHfUX.ݿGkU{BU pYg̓<j62/1HG1&ЪbP7`a3SE_O?"ѿ/JOc ,v$ e@b Ux7DiJI8>  _H_ G$Z/ O?9'}&ͥC2!>?AM>Lt#%c%Ԁ?\ K A}?ShE)4Ҭ8HL@Y>`g֬.`  `!v ҢE)4E_Oš R4$!qGߓϽY9@ E_OOH_ @ t %hjbetd =2 h{h.kJ"d$4H_ G$Z/ OGo#Ҭ)D@20{pHM6šܓ>g#8Vh]K A}?Si?"/JH.+al;|N*Ɗ+&lhRmLn@ $Z/ OF)4 巊Y[aF40GDIw&jӤb% `_H_ G$Z7 O H9cWc _s?mc.; KS眘ј~'ַ"ѿ/J'$Z7O y< eYY Bs@TR?x5w- A}?ShBE)4E_OТ"ѿ/J/$Z/ O +?-E_OѤh%?ƏH_ @V$Z/ O- A}?Si"/JhQYh%?ƏHo @Vw$Z/ OE)4EgE_OoKaRFQ'Vc)h((((((5+xn|cG*>g̶߬K^jQυ_tPO?|-?:Zߥ ET/Qυ_tPO?|-:Zߥ ET/Qυ_tPO?|-?:Zߥ ET/Qυ_tPO?|-:Zߥ ET/Qυ_tPO?|-:Zߥ ET/Qυ_tPO?|-:Zߥ ET/Qυ_tPO?|-:Zߥ ET/Qυ_tPO?|-:Zߥ ET/Qυ_tPO?|-:Zߥ ET/Qυ_tPO?|-:Zߥ ET/Qυ_tPO?|-:Zߥ ET/Qυ_tPO?|-?cO.Hm-q[0O}/VmQKEQEQEQEQEQEQEy#`m[uy#`m@tQEQEQEQEQEQEQEQEQETsje™(IA4s&q6 3%TMu4,ia?KEPE7z)n88PEG1*o98ǶGRPE7͏򷯙3=qN((((((((a+ 6袊((((((+G='׿2ڶG='׿2ڀ6袊((((((((((((((((((((((+sK[uz_*Q@Q@Q@Q@Q@Q@Q@b^>F[Vb^:F[P7ӥ`![x/>v UE>``Q 5^6P\ {ۡ 8Hn;Wj*^_Mwv1E%u!CA,zaHc<{˭_Oğa_G<|۰V`SņTvf=񷉉$u`ТB%mj4$,3n7sT-|]{jZSZ}^M(6: `26> C@Z{U MBmm aI"iV3q i~$/ ae"g>DLV4t@@T Z3^r|s`h.P[HRxK d <j4Zơ H=N$ 7 9?62h~.=hGiWsrqTdg+=wSkN |ܳȨpIlc HʊkƓcoyeeWTᔢ\ƽ67VI# +>+< FVN~eQӓ@Ep o5$ooe4]>HLm"d@z䚧׋'k`x$IBU|9ʻqz5.%s{QİHnJ`aCqH! >-Z4Wq%gXu Bg=FۯiPkCmp1<1]r=+QsPefK[M bcPTh,w֗6Z'Uht7Q 3P^ /|<}Ǫĥ-X]TfQP>s zMZ=[E} >TtrHedw dH&hO}/Vm'Шo4QEQEQEQEQEQEQEy#`m[uy#`m@Td]AWh1#uj"w9@/u+k8ԻiJc#[!ףG*U?5g0T*:U'f?:/?iכ??\ ?MiOǗ?iW>!0>4LA(Ay/C'!'?<~~B>oI~ԩ剿v3ڋ_v-3Zjg)MZLzļz_?OG/C'0X?=' ;~u?ӿ[6s@$4??1/?i?:o?y/E'!OyKO 񺸸ISW#\,^lĒGpH%Fp3^C Ihs@$4bc?__#>KKKHS$ʼn$NI$I$NMYs@$4??1/#(s@$4?_ؘWǗW??\ ?M?Lg~+cJ+\ ?M&Lg~+cJtSE-tU؄BrB8 dW2ݡ@}w/C'0XExSFBW d2Nӿ\ ?MؘWǗ?J+\ ?M&Lg~+cJ+\ ?M&&3?a{%&_?OO0X?=_OG/C'0XEx/C'!OyEx/C'!Oyd/l-dVh!\}ȯ"s@$4?_ؘWǗ?7KmͽlXvvv=Yf'Ԓjx/C'!'?<GQ^7 Ihs@$4bc?__#(s@$4??1/#+ [U?.m펅X}d^⏹JB~Ohg>߱G,(Y/>I~`X?أd_|&}}`bϿ+oZϬQ ??E>~Ohi>߱G,(Y/>Il888kZϬR 20m-أe_|Kf%2y24HVϧE)1Ŀh#lES pO;c6@?G>@?]"\4ӿ[[0Sh p?kiEy9=k}7žm %AYU[ʧ 9GU ],(~r}?>_|E}m ?>i>߱Gȿ? M-?(~"S?'4W`X?ؤ~"S?'TW`X?أ}?O?$_[}}`b}?O?%Q_Z}`b}?O?$_[}}`bYϬQ/>_|E}k O_ZϬQ/>_|E}m O>i>߱Gȿ? !B>a+  XbQK^NgcQ{6R9s[tQEygQEQEQEQEQEQEy#`m[uy#`m@%Ihzźq.fVK%V8<PjεY$W:DYIJ Xx}qV֣{ ].)4"g2[| >9A}KQ5 ;"k;(T1F ('ۭwݍgSx6/yo1Ued&'b }Oþ մ+Ɵvƫ9flDK/@3!QeXęR+5HCw9)}:3j剼ǙBg|zsOP7]h90xǽygoNd(<‘3k)w/h#V}fR݈I<*Aa:p#r_I%YYI=*?};[}ϟp/9wɴᶌtFZѢuK/,idx_4fႱ8'Pឧe}m{?ayU{2[sa Ҁ:[Zg=څ3ECͰK;;tHĬq+j] ["@p% v[0wSZCwo%2’9l&}8J%Ӷ:HLv #d%[$㚿?~uyֱM{,G%ϓ~ ]|t VK8/efHRUgAd9:mګ[j6sF92uMwv֦yufy[J.y5w[t.K[&i 1nFxvx5Cg}Z* o S::xK5-N\XG Ep̏*xRA 뎼U]'H״˘{zKmO%f[tc/"=0@'d]W;soieImEu3DP*@h䑚iZTV_]%7)f!bN?]S[xe[Ҩi3qXfFl%pTdy >`8cנ<ڡt녷,n'hՎ)ئqs_ŝ݄sPkCuم {fum;Ŀ)kBvsro危ϖ(ܯ^T@tזUww d{SjuOiI/U-'O-ֹx67m %3}|8KcW?s75 GQ+)H̲ɽ XPZւ# WzsӰ5MS父"BrFsgt宥ձy䴐4lvR@;rE`x'\|Kk v76 $v@봹?Ek Qm]6NFօ# q-Qxl<2Rh qB%m؈ 0gX vI+FI{W}HZvvOݡdۆePIPs@TKock;yRo|c4 ~y+;?|sxV6:sBAc%,0@[$tz/V5{D-egh2T0` sTh^"(SHmx RWG GP}Bе+c0gTy ;)!v{02mp$u/mnlfim]Y3#FSd9=pS"mWk2`SAZ"^ȓa,-2JENiCDu$m.K{>0U 1G]ojv6n!6}O$mj#yz.r0>a-e;m yhfD&{ 9rJa 18>.tVyR߹V #lqvnpԋguF)n-,Y+YP[+uǡ[eI ,lb8]ˇ'}e$W '9q,`Fv .Mah~!|#A.Q67T*능 mtE'qغ1*18=+y"9t." $\bo.Րdl w/c?5O Z"X \aqx2 pI GAj[C-4+Yeya>$rquj<7$s^tP38h#sTx9XZgv{i."ۙI%HЊ<^~!n%"Գ],0 LJ`s1o;e1i<:ƚq 8\ sFt/[J&9Z,:7GKzPM[DfXd22y)\!EZu.;MJ |sk1$:|6HDwؾ_˗sz}/-DC296HP m+); .!YuP ǐJ(\@j$ӚkM 8IE1ـ1;FcYIMpvAj{mDhdB@Da!Nހ89~$x领(]TUbao"_d.rs/8MyEIw{mqLZ*bH9!q&;vK^9 Aޑywݻ;[x@&XvA.rPygRu[y%]B4 dV)܇n08NDoׁdk&%$F$4ͽ; hd+1ۅ0H?/Jw_ kKwEߜoeRW=Ec7a}[l,{XT#y#e|cuWA#TuS p˵T t;0x9W[P?d84+{ۉ@/+ 2|yy`f\Aυ%TGW- d[r|Fsn}sQkk>3EyS7*!v);\ѵ^yfec%GoS ƚxM,[K7!Hd =n$;@Tr m1;mQ 9FXFֻ?yT~h|ͣv=3G۷~ѻ>OR6Mgw7j@u3c~Wo>$Ay9}> i3N4ct69avB*@Uzm`-b&/d}=(s5ndXHxH: ^h,m1e([~~;qԞqhg_?Œ'/P5 FP5JdkH$;@pdszWpOfڔh*}K|>縹Xi5#[+qBFTO^*|4m8sQ*YĨ1رm#L|U(ϊRciVGTy,D)X6ݓ$s |*ә K fI]J-0Fk{>*}Kg_?€)~ mV[YiklbdrȒ͟G*}Kg_?€+hmc*}KyKƚ ksu8`[!asֽx4g|m+ H1lFxs>*}Kg_?€0uO꺳jGsL6f@Д2p,8HzE q$k[kRp{7>*}Kg_?€9?]%jKc"mK4r,$1#|h? FrI>*}Kg_?€0,>ik iH׷Hlﰀ3#!H\(\tW-ķϬՒ@هPDmzH͝xZyWtO_>*}K#[m rGb[|&mK,SE#/FCTtctWtO_>*}K|7A-;V3$*?2evJH5N֑C4;c FB<(8kqԿF|U(38BZnI~pNF[< n5ϴźd p[LNJH˷ p9XϊRWtO_ >Ayfl M6df;dP9'5*|0ݡTA4WqL=cRUFqFckg>*}Kg_?€3(TUuFbH%f'<`že%a VR#&$yg9C>*}Kg_?€6L'/QwD ۢ3ԿF|U(nϊRWtO_ +>*}Kg_?€6?sKF|U* ;B෹>as> endobj 14 0 obj << /Length 3857 >> stream 0.153 0.153 0.153 rg 0.773 0.773 0.773 RG 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 213.682 521.469 544.302 re f 0.773 0.773 0.773 rg 45.266 213.682 m 566.734 213.682 l 565.984 214.432 l 46.016 214.432 l f 566.734 757.984 m 566.734 213.682 l 565.984 214.432 l 565.984 757.984 l f 45.266 757.984 m 45.266 213.682 l 46.016 214.432 l 46.016 757.984 l f 61.016 229.432 m 550.984 229.432 l 550.984 230.182 l 61.016 230.182 l f q 375.000 0 0 257.250 61.016 500.734 cm /I2 Do Q 0.153 0.153 0.153 rg BT 61.016 482.943 Td /F4 9.0 Tf [(If you have received mail that looks like this please immediately report it to the Information Technology Security Team by )] TJ ET BT 61.016 471.954 Td /F4 9.0 Tf [(sending an email to)] TJ ET 0.373 0.169 0.255 rg BT 141.557 471.954 Td /F4 9.0 Tf [(help@sun.ac.za)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 141.557 470.803 m 206.222 470.803 l S 0.153 0.153 0.153 rg BT 206.222 471.954 Td /F4 9.0 Tf [(.)] TJ ET BT 61.016 451.965 Td /F4 9.0 Tf [(Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the )] TJ ET BT 61.016 440.976 Td /F4 9.0 Tf [(following link \(Which is safe\) : )] TJ ET 0.373 0.169 0.255 rg BT 181.544 440.976 Td /F4 9.0 Tf [(http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx)] TJ ET 0.18 w 0 J [ ] 0 d 181.544 439.825 m 549.707 439.825 l S 0.153 0.153 0.153 rg BT 78.360 421.003 Td /F4 9.0 Tf [(1.)] TJ ET BT 91.016 420.987 Td /F4 9.0 Tf [(Start up a new mail addressed to )] TJ ET 0.373 0.169 0.255 rg BT 225.080 420.987 Td /F4 9.0 Tf [(sysadm@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 225.080 419.836 m 303.740 419.836 l S 0.153 0.153 0.153 rg BT 303.740 420.987 Td /F4 9.0 Tf [( \(CC: )] TJ ET 0.373 0.169 0.255 rg BT 327.239 420.987 Td /F4 9.0 Tf [(help@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 327.239 419.836 m 391.904 419.836 l S 0.153 0.153 0.153 rg BT 391.904 420.987 Td /F4 9.0 Tf [(\))] TJ ET BT 78.360 410.014 Td /F4 9.0 Tf [(2.)] TJ ET BT 91.016 409.998 Td /F4 9.0 Tf [(Use the Title SPAM \(without quotes\) in the Subject.)] TJ ET BT 78.360 399.025 Td /F4 9.0 Tf [(3.)] TJ ET BT 91.016 399.009 Td /F4 9.0 Tf [(With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail )] TJ ET BT 91.016 388.020 Td /F4 9.0 Tf [(Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the )] TJ ET BT 91.016 377.031 Td /F4 9.0 Tf [(attachments section of the New Mail.)] TJ ET BT 78.360 366.058 Td /F4 9.0 Tf [(4.)] TJ ET BT 91.016 366.042 Td /F4 9.0 Tf [(Send the mail.)] TJ ET BT 61.016 346.053 Td /F4 9.0 Tf [(If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and )] TJ ET BT 61.016 335.064 Td /F4 9.0 Tf [(password you should immediately go to )] TJ ET 0.373 0.169 0.255 rg BT 221.081 335.064 Td /F4 9.0 Tf [(http://www.sun.ac.za/useradm)] TJ ET 0.18 w 0 J [ ] 0 d 221.081 333.913 m 341.627 333.913 l S 0.153 0.153 0.153 rg BT 341.627 335.064 Td /F4 9.0 Tf [( and change the passwords on ALL your university )] TJ ET BT 61.016 324.075 Td /F4 9.0 Tf [(accounts \(making sure the new password is completely different, and is a strong password that will not be easily )] TJ ET BT 61.016 313.086 Td /F4 9.0 Tf [(guessed.\) as well as changing the passwords on your social media and private e-mail accounts \(especially if you use the )] TJ ET BT 61.016 302.097 Td /F4 9.0 Tf [(same passwords on these accounts.\))] TJ ET BT 432.949 282.108 Td /F4 9.0 Tf [([ARTICLE BY DAVID WILES])] TJ ET BT 61.016 262.119 Td /F4 9.0 Tf [()] TJ ET 0.400 0.400 0.400 rg BT 61.016 243.630 Td /F2 9.0 Tf [(Posted in:E-mail,Phishing,Security | Tagged:Phishing | With 0 comments)] TJ ET endstream endobj 15 0 obj << /Type /XObject /Subtype /Image /Width 500 /Height 343 /ColorSpace /DeviceRGB /Filter /DCTDecode /BitsPerComponent 8 /Length 25670>> stream JFIF;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82 C    !'"#%%%),($+!$%$C   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$W" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?7}o>!VB٣hReB͒Xv#ҹ]>&~_$qnt@T$GA݇֩|C^Nӆv4q٬+(lL|K`jiTI6һ5Svcto*OC.H"\ֲ>x;OZ+S )_mB}+^RK#nC >f0ȸֽdYr1JWg G,?/>$'V"% u ɓ:zhL@m!NFO˿~3>|?c@!)ƽLw{=*8<[ҵc opT2I,A9tψSL?h.>+d>Ć+K.No3X? _?k=n.Sg,?/{^1eK+{vaȄl}aٶy.?8Gs^m|>]Z1~؁Nb#GϘs?|MU|MU3~&v?tii`e?q>ާ.sOMQ UϘ17,?T7,?UG]>c} 7G.r7\`e?p{zw|M?7G.r7\ `e?p{zw|MU|M?7\ `e?p{zw|MU|MUpT`e?p{zw|M?G.sOmWIG]>c} ܰMQ UG]>c} 7G.r7\`e?p{zw|M?7G.sOMWEwާ.sOMQ UQG]>c{ ܰMQ ܰMWKG]>c{ OmQ UG]>c} T74Up4`e?p{zw|MU|M?7\%wާ.sOMQ UG]>c} T7,?UG]>c} T74UpTQϘ17,?UZ㏊mi܎O\U.h˿~bsWF^;݂Gr?XtEn/=z7oΗϘGͭ.M6f]vi'AEml]Z6,~^Y)vI3+7{y:?|Tz.[kK\4O1f] .\''g5oRJcs3# 8'9B~ǐg <ڴ Wᶙxw}y i&H|3v?vw:mIYBI<<QI]rSbk,DEzרĕ,rsȮRH@^`\0M,Ip:q:7(!I崷y;m rr h0B>b#!D[{IWL:!ݮdwB u= mlfx6H&\9< S6C!Vܩ?XJ9qݔ$]Isbty0u$b\;8DXEo2W q#$ck1[W l}/~Lp;Ѻ@qlyMh_?"_}若I,#h9ElɥM eT A9=;W%>7aW՗y~_)$r#3++zV2i aG ZoK;I|bP67ykqus"03$*0;JI.~QɯR`&Yf/ CᘵZ,G3A_+bw0HɅ~8h^aֿ9k:oh3A_(aֿ9k}CE=OuZ,G3A_+(a| ínf ?uZ,_PG;efk 7Q írf 9{(/0_Yfk 7W4QD{Z0_Y¾v':-oZ-=OuZ,G3A_+(a| írf ?uZ,_PG;efk 7Q ŭrf zS AZL=pp? +GW93e2v+I_=O _wYu ӊ>[K ߷-O,?/-ZI$.&@C01G ';NO?/D6pSW`k$xO  -ҮzM-?$_RL'qrO_.h۪嶝cqʭ8]Ea'2Ijz \ɶ'*hvW66paUiY%P˕U99~jz |Y 6cCdrM9Pi?6?:ߓS&Ic<g?,DՄ>%Do\D?P #=wneKpKl e`xm}U0t*BTj۠S{:˞Tן?UQVFV ~pq,z $0J/^7(_MBiw(0.-d,'9?NϝAg('?o_\jOqϸ8?Zͯk$g$$z@O`q3,%e 1FAVYԫ>Mlms*jFj88t w)lUU[ݒF~9 0wT#̟TjDY0(CY3 nYغVH,Fn}yN6y-$ڌN3T1{lt`e-KS/& H(t ϓ{תsؽHwhVQq6MGo_AԜWp.wa׿Lg9T?q^ާsAl\uЮ~[cb'?gãYX.C[+ggz}1ZFтz[Ȳt"HN@IbB2L*ShV?tI̐ȸ*E*a/@r`)]O$$m:lbYA gKJ(+o?T}z~XhZ+VE@s{00={~eͦstӒBb=OQr-Gz~rmo:pWuvc;$ V/PkOxvPx!pFW? q[v +y$68FG՜fܬzx%*xhՄ'm.vGo?T}z~\õjhP3=3K&TR0yX] Z]cM*j(-R5H݌g7,tib}JYʁv ;luItUX#dB!q53vWG^ +UP쟚];KZO.]ƍ$$~j?Uq5dӵ1d,$ [ v˥hj(-oLd$} 2h֔)htiߣQ?UsѺ}Mv: r9jifSa98$sX9nX?M*vocfI'ᝉ?yc'5nM*^X?(M*X?(M*X?(M*X?(M*X?(M*X?(E*ϻ$*($ricQ@71sb?E~?3ӎ+i 4LÇ#oo?B5_d?/pU[:i?ƭQ^W:hζEVζ?Ƭ@Əoo4Pooo:j[:hζEVζ?Ƭ@Əoo4Pooo:j[:hζEVζ?Ƭ@Əoo4P_oo:j[:hζEVζOooTPoooζEUη?ƭQ@Ɠ:jW:hηEUζ?ƭQ@Ɨ:j[:i?ƭQ@ƏooTPoooζEUζ?ƭQ@Əoo4P_oo:jW:hζEVζ?Ƭ@ƏooTPxBkW*d簢Ŀx!E~x'vG_G3[uE3[F__G(13U 5ٮ.BuKt<>McL][HJ4e{~kʵZ.t&6noȯ^-[*xv;/&+]B849Tl0c5.ulzdN<燾'D͞ur\GP3p1CINg<򚷴!Eq&=;@U6FlcCs@gCoZ-=|?ϩ]Z=/"5m,A0~+̎JIhzR[y37-ͤ& ԭWil(P3d3eOJ?dkk~*hs!z:ZW{=OH>/r̶:jnywf8zp9'T,t=7[J[K=[0HeT<֟*+~(__f﷓=5D%i* n.)( 6#}Yo{4V4Z[2dTD}|:R^Q4? LJh# {]%8 (##ֻQbӟN}ۭ@N2GlT:jF4AܿEVFEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPE_rxC_(±?3Ҏ^A_x9~,`tA,EپPO~c5آfQ?.PJ\2iXmŜk.bPMM:œWNn-ͽ`#60LQ਽O2Dm!O\ Zu%?֝SPQEEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPC_(Ŀx!E~x'vG_EFX$_kj__G(2>O>?UZc2 ?*>?UZ*ods}GU( ?*M>?UZ*o\s}GU( ?*>?UZ*o\s}GU( ?*>?UZ*ods}GU(& ?*>?UZ*o\s}GU(& ?*M>?UZ*ods}GU(& ?*M>?UZ*o\s}GU( ?*M>?UZ*o\s}GU( ?*M>?UZ*ods}GU( ?*>?UZ*o\s}GU(& ?*M>?UZ*o\s}GU(& ?*>?UZ*_\s}GU( ?*M>?UZ*o\s}GU(% ?*υV k|.>7\QUjPwA$Xyh<Ŀx!E% +oO?;?ڬ_?B5_?/pQEQ@Q@Q@Q@Q@Q@Q@Q@Q@Q@ZZ m8mƊZX(w 1E[W}Ƒ9+jQXL mGRrHڦ3Mbpi,rU7oriTX4퐄qbքִ/];B 8]ᦹR-zyYvm󏔎>$l7I9 w@sIUX,J+95 TgYr|VzlЬZԏkݥ^?'ȯg.|C` o,\:OO4qo50»pN=uD/N[Z_i9]B(p?3Z1Ht9Smm 4ߓLVc袊QEQEQEQEQEQEQEQEQEQEQE% (/.Q_c*gxC@"}#[UC"?G _Q^QEQEQEQEQEQEQEQE2IfG =Tno쟝OEAo쟝nZH899]wB]&$5gqտo쟝!n kq/*[V5Uʏ-Q(&  Y4r3Mz.ดVG<9H76=aWϝs'h2yլÖh%Y%f>U1j4/tXʹnM0y/-d9ROJnt>GS$9OO2\5}1ѵd)D3l:׃9xAZ*=*K#GhvGz'N 9(?@L >Kr7'漻%MM\:kRm$G4JdX?f7jH4[K9-SE6 an'=Bm=8pڑ*{R3^"۷=1N\%q2Q^ye}o )bԣ,VωH;pjxKK n'anTǺw8矙A柹plZ@1KYQ@Q@Q@Q@Q@ S%{TM%{T%Q@Q@Q@Q@Q@Q@Q@Q@Q@k_]?rV;zPQxC@#}!}𣆯Š(X(((((((*mOPOPɤ1D9*=qVn-wj *7ZߣW=C{HF2PX{Y:&{N6H. 0WI,?6|U҆Y;jSPGn.؜}*Vqa⫉զ8 ۖ;$G9U$|ȣFm A].xm}kYXߣRߣU] ا|6 2h`1k!+s$r<.?TlߣTWY$.TlߣTP.TlߣTP.TlߣTP.TlߣTP.TlߣTPuyc`\`sV*ؿ4OxʖoO餶xʀ$(((((((((|K!˯Q_]? TJ ;?ڬ_/B5_?/pQEQ@Q@Q@Q@Q@Q@Q@@?1S \RH2J?* E|_7ssS}A&a[^ ? P2}O5H0R/5 g?G-rL.e,oԳG\ OKϬ/ k?G-rQ,{zo/>?;4}wk |σ?9«TW SeG_}gƏrA?#g!Q*+SeG_}gƏrA#gQ*+SeG_}gƏrA?g!OQ*+SeG_}gƏr|A#gOQ*+SeG_}gƏrA?g!Q*+Se2tac`Kc+}YMz'PHs:f6vfIM%{TOxʐ(((((((((_rxC_(±?3҇ŽЍmV/? mW5~&QEzaEPEPEPEQEQEQE6b?S=6OCNh}oC7'j]ֿ3_FWCGbRVH葧cKM5<ڭ葙!$ +RTOq^sk߭5O͉4]FZil0s{h"HRnĎ6[,O6z}ƛ5B3&y ',|d3[2kZiZ>5lE(2F> |O vڿ5&[H8 3G^Klbc z vZ'-9ak5b0|,78jd&h#t =V$wq 1U0=>% `i43}511icѵ)$5;qf27>i/4֒k?R!C+oi]H 2}޿ UzdHX$dPw0{j\ _"B4X\AJt dG5EX0 ]AjU𷹎WYgG}p}뇶R(a^q#3Z\z͋“J--%-}Y뿳u_z;ר{|?>S%{TM%{UvQEQEQEQEQEQEQEQEQE% (/.Q_c*g? mV/? mW5~&QEzaEPEPEPEPEPEPEPP7'so*z?1@dԃN>Q<i5kMQui! A5OOп߆ kU+Yk){_AE?/_AE?/_A'/P*% >'/P*% >'/P*% >'/P*% >'/P*% >'/P*% >'/P*!}O_ U?2C(.GhLҺT~"d{B5ႭddrQ+I/uk}W!id(A\>|U͞g?N٫7;Z+~)iZ֡ec3]eQ@L`~-VmHVkH*swf?5jMfoַ{G" AgzՏDּ?& q[U,@X܏6p󬽼-{q\.6mh +kg&S+jPE:+0R*PkIWOem:?El:Qqm3&_Z:DcQӷ,+4+x($|n=4ӣ5ė6Zi\[ZyR<~Fׂ;in/VHYąv0s2Y.o;<;z+|;[ծ3f;KCh-[~˲9;U8 +8axVI."kiYM;A݇f9hwfȒ 3wLr(toe)v9@8]I.d#>4V$I9F.[ j6w%͛جe@7B?y⤸4KO\_[mk L]Je-~ʰfF ^37J(5%XZzdGÚ$&O.&k)}mi!W,9Ҹ=wiqZRx,X*a 9+cҟj+|gcjpY| L$g^0sа֠e6~FAF3=a*rՄgEdi-~C=cd)KyUMo-Ԭ6$oBsi8It/QTb,条Y_p&s4o]Ӽ;eR-ޱl I'krObז4Fϝ8*Pٯ5=BWS@avfI;A 8iLѴ[ƞL m1UN~obިPN w~o郞q!a5^t'CQj&d$ݤFuvS3O3sEqheM+u-dp#کB->֞%IaE8 J`pHYl`yYmSH"c“0'gmn]4 ![رA^jNr9瓾k}_ tK lV=bY6eJ~'?A[>.{iuLE>V!f=sߚmXBP:RWJyVj{yt8[SM<%aY6c9T#vS086ESqݎ3Պ+FrXxx[Jhkm3]]۩Ll.vMg࿈]JٴgҞ+oHxƒQ8 <;L%ۀ 7ڪxvi!J1g8FF+;Nq4gK]#F#_\8WI). |Ce/.-BM*[ & ʬIYn!un 3Yȕyn)݉r9Ur=1IXX-dz<7y%4=;JTk[X{O윀3'$beMNW2c1R[WBI+#ǩ7RNrsix~Ĺb ˁ~x0YD8^hLi2o R(wfP7LBÂpz{סZ6JeޯoScm^]moOm#NP<#}h`S%d6NrXj<3m^_[H\E?)r6| ^=vbc 7P^Q;Yw# s}k j:lw1{@]On▀1_NOi&#Ÿ11o; `TYғúzm`e 9 91].(a*󔜞8hF*+dr =f2uBrђ;wf>P{Z$H«[c;W1G6é-m2=;H߅>\񏃬ka@i8"DaPq[#HSx9<-u'/Og n{ &O3!-,w(d4$.Y!pkۏ4`Txwn1b! 7 sooq4x;ºRDɦx%A;@@W@ 5`P;>ȧ%u8@}ORy' eciA*^$ c` QS8)śUiUa[-1a`qE-u5WnxBFwF5nRb&ܼ]GM{i uQ@d%ԒUQ]ح̯"2^4.# 622NZhIY*J^L1Żv AQ]n&o'`VhQRVdӺ1o|=j`ǩtx^sA%”MNs]BֱOX5'QT[In) CN>}k_w˩qgpJpNBzWzhgjeEA*2goEM$n'&iFrr~gnkRJŠ(#|K!˯Q_]? TJ ;?ڬ_?B5_?/pQUē끓v^kb}c)>?1kUoM??E'&?"-QU~71}oc(WB@d>71jI$s|P*'?"M??EZ}c)>71jI@d_O??EYc)~?.EU$s|c(WG&?"-QU~71dEU$s|QI TU_M??EdEU$s|QI TU_M??EdEU$s|QI TU_M??EdEU$s|QI TUoMA ?"MA ?",U~?1}oc(WG&?&-QU?.OM??EZoc($s|P*&?"M??EZoc($s|P*(bx%u;;Ӗ O!2%Y& (? O sm%K%HݵG~M$pkҬ X.cVhÀ@#<#4Ѣ2>+-y+p#<}n<вWcϬ>/1,:)`d*Yu.1 9no7|l!{B$/)RInX:i6`b UP3#ԒhtЈex0FJf,[I$RjH _Z$Z^l-Gi7A&܎Eϡiiؖ\(#sz Wq4> %*n@:`#cn"I1 oPv= C.rև^ZenQgN(c~rr~4ڄ6Q~auB< >\qWFm.Ww2< Ir-:WG6 G<>ќlqp=+k<B_j A)<ЇoǤΰK+>0 rzq۹ 4[l`CM r<@]n.mSjsFá 9+-#~+Ŧ߮+9y6; W84ΈDZVݟ$wJ)<5<˦ZP2b=qS%tooHΛ@-R警OD"a2z8">3jnXftÞzmI E G,H"Q*xWA &\L80|Q[Ů]ͤBGtGs0t[9E c2z,W=rGLs[iX"l[+eO1e"P70: aK&a5wY[=rvKp>c;_д[E "B9*#0uWV:~ttڕs@C]M{q4;H X&@87?q6Hە^d:UMOH-cI1eB 3U'9;?gC!y1qyڗVUptc2#$'p:g4E,mnY>K^A#SeѴ٣9tIEehT\c pOh>h8;wM=Kn 䴌cm4 B.Gv㜒A cz46lah,-b6([n$sPE^6 ܍S dw\eM^([@Ԧ/$V;[ȭ< 2Angk{E$֒,$;Y<}5t3J'?1{^)Xe-,H Cp8ߝLDV` ٢2yDN1sz CæY42Hh8oݑ5EXF]Jtxo x~5mL4mʯj)hv!]v=j3tv .H޹|NbEn v9Ө5amlBGyi( Ud^RiV Et?S:Vo,Mmi7&pl0M <`]=캅ِZUuiN9 Aǝ>ui? ȿg\)۷ c/ "l#fB۠ͻ;ǦUOG liqKXQ@Q@Q@Q@k_]?rV;zQGѬL#6J~w??Ɗ+>(ҧ;Eh_Cwg> ݟVVg??A!?;[h}n?O?֬~~ Cwg>G'vqQf_??ƏN(j=;'vqϭ4QGՙ{vN?;[h3 ϭ4wg>EY`}n?O??Ɗ(Z?/a ݟϭ4QGՙ{vN?;[h3 Ϭ ݟ~EY`}n?O??Ɗ(Z?/a ݟ~G'vqQf_??ƏN(j=;'vqϭ4QGՙ{vN?;[h3 ϭ4wg>EVg??A!?;[h}n?O?֬~~ Cwg> ݟ~EY`}n?O??Ɗ(Z?/a ݟ~G'v?4QGՙ{vN?;[h3 ϭ4wg>EVg??A!?;[h}n?O?֬~~ Cwg>G'vqQf_??ƏN(j=;'vqϭ4QGՙ{vN?;[h3 ϭ4wg>EVg??A!?;YO??Ɗ(\U{v9Y"#QEΤ'9n4Zh endstream endobj 16 0 obj << /Type /Annot /Subtype /Link /A 17 0 R /Border [0 0 0] /H /I /Rect [ 141.5567 471.1216 206.2217 480.2791 ] >> endobj 17 0 obj << /Type /Action /S /URI /URI (mailto:help@sun.ac.za) >> endobj 18 0 obj << /Type /Annot /Subtype /Link /A 19 0 R /Border [0 0 0] /H /I /Rect [ 181.5437 440.1436 549.7067 449.3011 ] >> endobj 19 0 obj << /Type /Action /S /URI /URI (http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki Pages/Spam sysadmin Eng.aspx) >> endobj 20 0 obj << /Type /Annot /Subtype /Link /A 21 0 R /Border [0 0 0] /H /I /Rect [ 225.0797 420.1546 303.7397 429.3121 ] >> endobj 21 0 obj << /Type /Action /S /URI /URI (mailto:sysadm@sun.ac.za) >> endobj 22 0 obj << /Type /Annot /Subtype /Link /A 23 0 R /Border [0 0 0] /H /I /Rect [ 327.2387 420.1546 391.9037 429.3121 ] >> endobj 23 0 obj << /Type /Action /S /URI /URI (mailto:help@sun.ac.za) >> endobj 24 0 obj << /Type /Annot /Subtype /Link /A 25 0 R /Border [0 0 0] /H /I /Rect [ 221.0807 334.2316 341.6267 343.3891 ] >> endobj 25 0 obj << /Type /Action /S /URI /URI (http://www.sun.ac.za/useradm) >> endobj xref 0 26 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000350 00000 n 0000000387 00000 n 0000000525 00000 n 0000000588 00000 n 0000002489 00000 n 0000002601 00000 n 0000002716 00000 n 0000002836 00000 n 0000002944 00000 n 0000026437 00000 n 0000026549 00000 n 0000030459 00000 n 0000056298 00000 n 0000056426 00000 n 0000056499 00000 n 0000056627 00000 n 0000056758 00000 n 0000056886 00000 n 0000056961 00000 n 0000057089 00000 n 0000057162 00000 n 0000057290 00000 n trailer << /Size 26 /Root 1 0 R /Info 5 0 R >> startxref 57370 %%EOF phishing « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

phishing

« Older Entries
Newer Entries »

SARS e-mail may fool users

Tuesday, October 15th, 2013

For some lucky people, it is time for the tax returns from SARS. The criminals know it too and every year at this time, users will get emails allegedly from SARS promising tax returns and asking you to click on a link, log in and provide your bank account details and password so they can pay you money!

This is a scam, and you should never respond or go to the site or open up the attached file, as this could compromise your banking security.

  1. SARS has your banking details on record and these are stored in secure and encrypted form. They do not need you to confirm or enter your banking details.
  2. SARS would always either SMS or send you a registered letter in the post to inform you of tax returns, etc. They would never contact you via unsecured e-mail, and furthermore they have enough of your data to address the mail to you PERSONALLY and not via some vague “Dear Taxpayer” salutation.
  3. There is no returnfund@sars.co.za address
  4. The attached file is usually a html (webpage) file that gives you a forged webpage sitting on the criminals server somewhere overseas.
  5. The amount that they promise to pay you is always something like R9,250.75
  6. Unless you have added your university e-mail address as the primary contact address on the SARS system you should never get mail on your university account.

If you do go to this site and you do enter in your banking account details, credit card details, passwords etc, this will allow the criminals to log into your bank account via the internet, and take control over your bank account. They will create themselves as beneficiaries and then transfer all your money to their account, and then delete all the evidence pointing to their account.

These scam e-mails will never stop. It is always difficult to block them too because scammers change their addresses, details and methods on a daily basis. So it is always best to dump these mails in the junk mail folder, blacklist the sending domain and delete the mail immediately.

Why do these criminals continue to send their mail? Because they catch people regularly. In 2012 South Africa was the 5th most phished country in the world behind India, Canada, the USA and the UK, with estimated figures of R14 million being stolen from South Africans last year alone.

 

[ARTICLE BY DAVID WILES]

Email

Tags: , , ,
Posted in E-mail, Security | Comments Off on SARS e-mail may fool users

ABSA eStatement phishing

Sunday, September 22nd, 2013

The only thing that must be more annoying than us constantly warning you of e-mail scams, is the persistence that is shown by the criminals and scam artists to attempt to con you, and steal your personal data and money.

The problem is they will continue to send phishing mails because they continue to catch people, even within an academic institution like the University.

Recently another ABSA eStatement landed in our e-mail box, this time a little more sophisticated, but armed with a few basic tips you will be able to spot the scam quickly.

Keep an eye out for these mails in your mailbox and delete then or add then to your Junk-Mail filters to block them in future.

Here’s how you spot can them:

1. Did you give your @sun.ac.za work address as your primary contact for Internet Banking?

2. Do you bank with (in this case) ABSA?

3. Is the salutation addressed to you personally, or is it just “Dear Customer”?

4. Is there a .pdf or an .html file attached? (phishers almost always use .html – a forged web-page)

5. Is the Subject of the e-mail “important” sounding? (In this case “Absa Cheque Account Statement”)

6. If you click on (or open by mistake) the attachment, does the web page look like the bank’s normal login page but does it LACK the https:// text at the front of the address and is the normal http://?

Answering these questions, it will be easy to establish whether an e-mail is clearly a phishing scam and can be deleted. Be vigilant and alert. Anyone can be caught out – even you.

[ARTICLE BY DAVID WILES]

 

Email

Tags: , ,
Posted in E-mail, Security | Comments Off on ABSA eStatement phishing

SARS wants to give you money?

Friday, August 2nd, 2013

 It’s that time of the year when our mailboxes are infiltrated by messages from SARS and we start making sums and filling out forms. Unfortunately elusive cyber criminals also know that this is the perfect time to prey on our gullibility.

So it’s most likely that you will be receiving (if you haven’t already) a so-called e-mail from SARS asking you either to verify your information or to let you know that a much-welcomed amount has been paid into your account. (see example below) Don’t get excited – it’s not really SARS.

Clicking on the hyperlink in the email takes you to a fake “e-filing” site that has hyperlinks for the four big South African banks and instructions to log on to your Internet banking site for “confirmation of your details”.  When you follow the Nedbank link (as an example), you are taken to a copy of the Nedbank internet banking site that asks for profile, pin and password.  Supplying these takes you to a second page that asks you for your mobile number.  Submitting information on this page takes you to a page that requests the reference number sent to your cellphone.

Do not authorise any cellphone message that comes through if you end up in the above situation.  Furthermore, do not click on any hyperlinks in emails or divulge your account or mobile number details to anyone over the phone or via email.  Banks will never ask you to access internet banking through a link in an email, neither will banks ever ask for your mobile number when you access internet banking.

Look out for the following tell-tale signs:

–  when you move with your pc’s mouse over the link, it won’t be the official, correct web address
–  the e-mail isn’t addressed to you personally – your name isn’t mentioned anywhere
–  the address it was sent from is a generic one that doesn’t exist
–  there is no reference or account number
–  no contact person is mentioned

If you’re unsure, rather go directly to the SARS e-filing web site (type in http://www.sarsefiling.co.za/) and see if there were any payments made to your account.

———————————————————————————————–

From: Sars Efiling <message@sars.co.za>
Date: 30 July 2013 19:37:38 EDT
To: <fakeaddress@sun.ac.za>
Subject: You have a new transaction message

We have filed your return and made a deposit of R3,650.80 into your account.

Confirm your filing

This is an automated email, replies sent to this address will not be received.

Sars eFiling

 

Email

Tags: ,
Posted in E-mail, Security | Comments Off on SARS wants to give you money?

ABSA phishing now also in Afrikaans!

Tuesday, March 19th, 2013

Just because an e-mail from a “bank” is sent to you and it is in perfect Afrikaans, don’t be fooled into thinking it is legitimate.

The following e-mail was sent to a number of South African addresses and is a very clever and convincing attempt to obtain users banking details and PIN codes. What is frightening about this mail is that it is written in near-perfect Afrikaans and would fool most people including myself – if I weren’t so paranoid.

Take a look at the following mail message. It looks very convincing but some spelling mistakes give it away but are not easily seen!

Subject: Absa Kredietkaart Rekening Staat -Fooi Afgetrek

absa-afrikaanse phishing

There is an attached .html file (a web page) which immediately should tell you that something is wrong.

Here is what the web page looks like:

absa-afrikaanse phishing2

On closer inspection of the webpage coding reveals that this is a phishing scam run by a syndicate whose servers are currently in Italy.

  • If you use this page to type in your Account number, PIN code and password, you will have given the criminals free and open access to your bank account (if you were with ABSA)
  • ABSA, or any bank, would never send you e-mail containing links and ask you to click on that link to verify ANY personal information, especially account numbers or PIN codes.
  • Embedded html pages would never be included because they can be easily compromised (like this one)
  • Don’t be fooled by alarming subjects like “Fooi Afgetrek”, “Security Upgrade”, “Illegal Access to your account” or if the mail is in Afrikaans!

(INFORMATION SUPPLIED BY DAVID WILES)

Email

Tags:
Posted in E-mail, Security | Comments Off on ABSA phishing now also in Afrikaans!

Beware of SIM card swap fraud

Friday, February 22nd, 2013

 

Although it is a known scam, when it hits one of your colleagues, it makes you aware that there are very real dangers out there. A SIM card swap fraud occurs when criminals obtain and utilise a replacement SIM card to acquire security messages and one-time passwords (OTP) sent to you by the bank. Using the OTP, criminals are able to change, add beneficiaries and transfer money out of your account using your personal information that they would have obtained through phishing. One of our colleagues lost R20 000 over the holidays and asked us to warn other staff as well:

How does a SIM swap scam work?

  • The SIM swap takes place after the fraudsters have received a your bank logon details as a result of the you responding to, for example, a Phishing e-mail. (this is why phishing e-mails are so dangerous and you should never ever respond or click on links contained in these phishing e-mails.)
  • Once the fraudsters have the your cell phone number and other personal information, the fraudster can pose as you, requesting a new SIM card from a cellular service provider.
  • The cellular service provider transfers the your SIM card identity to the new SIM card, cancelling your old SIM card in the process.
  • The result is that there is no signal on the old SIM card, which means the you cannot receive / make phone calls or send SMS messages. (This ought to be the first sign of something wrong, so if you get  “SIMCARD INVALID” error on your cell phone)
  • The SMS authorisation reference number, which is normally sent to the client, reaches the fraudster instead of you, the legitimate owner, and the fraudster is able to make once-off payments and create beneficiaries fraudulently

What should I do if I suspect an unlawful SIM swap?

  • If you fall prey to an unlawful SIM swap, or suspect that you have, contact your cellular service provider for assistance.
  • Also contact the internet banking helpdesk to request that your internet banking access be suspended with immediate effect. This will prevent fraudsters from gaining access and transacting on your accounts.

What can I do to prevent SIM swap fraud?

  • Protect your information – all your information.
  • Do not disclose your ID number on websites unless you have verified the legitimacy of the site. The bank already knows your ID number and will not require you to give it to us again.
  • Do not disclose your cell number on websites unless you have verified the legitimacy of the site. Phishing sites often request for information such as ID Number, email address and email address password, physical address, etc.
  • Always make sure that your contact details on Internet banking are valid and correct. You know when your details have changed, so when you are ready, you can update the information on Internet banking or at a local bank branch.

[INFORMATION SUPPLIED BY DAVID WILES]

 

Email

Tags: , ,
Posted in Communication, Security | Comments Off on Beware of SIM card swap fraud

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.