%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20240927112615+00'00') /ModDate (D:20240927112615+00'00') /Title (Report 09-2024) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 12 0 R 14 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 4415 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 324.884 521.469 421.850 re f 0.773 0.773 0.773 RG 0.75 w 0 J [ ] 0 d 45.641 325.259 520.719 421.100 re S 0.773 0.773 0.773 rg 61.016 340.634 m 550.984 340.634 l 550.984 341.384 l 61.016 341.384 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(HOW DO I REPORT PHISHING?)] TJ ET 0.400 0.400 0.400 rg BT 61.016 664.909 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 664.909 Td /F3 9.0 Tf [(May 10,2021)] TJ ET BT 156.578 664.909 Td /F2 9.0 Tf [( by )] TJ ET BT 171.086 664.909 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 637.420 Td /F4 9.0 Tf [(You've received a suspicious email, what should you do with it? Firstly, don't click on any links. But just as important, send )] TJ ET BT 61.016 626.431 Td /F4 9.0 Tf [(it to us so we can prevent more staff and students falling prey to the scam. We encourage our customers to submit )] TJ ET BT 61.016 615.442 Td /F4 9.0 Tf [(potential phishing examples for review. Using these submissions, the Cyber Security Incident Response Team \(CSIRT\) )] TJ ET BT 61.016 604.453 Td /F4 9.0 Tf [(can learn from the analysis of these messages. This collectively helps to improve the level of virus and spam detection.)] TJ ET BT 61.016 584.464 Td /F1 9.0 Tf [(What is phishing?)] TJ ET BT 61.016 564.475 Td /F4 9.0 Tf [(Phishing attacks are designed to steal a person’s login and password details so that the cyber criminal can assume control )] TJ ET BT 61.016 553.486 Td /F4 9.0 Tf [(of the victim’s social network, email, and online bank accounts. Seventy percent of internet users choose the same )] TJ ET BT 61.016 542.497 Td /F4 9.0 Tf [(password for almost every web service they use. This is why phishing is so effective, as the criminal, by using the same )] TJ ET BT 61.016 531.508 Td /F4 9.0 Tf [(login details, can access multiple private accounts and manipulate them for their own good. )] TJ ET 0.373 0.169 0.255 rg BT 61.016 511.519 Td /F4 9.0 Tf [(More on how to recognise a phishing email. )] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 61.016 510.368 m 237.092 510.368 l S 0.200 0.200 0.200 rg BT 61.016 488.892 Td /F1 11.7 Tf [(REPORT PHISHING)] TJ ET 0.153 0.153 0.153 rg BT 61.016 468.244 Td /F1 9.0 Tf [(On the ICT Partner Portal:)] TJ ET 0.153 0.153 0.153 RG 85.866 451.071 m 85.866 451.483 85.696 451.893 85.404 452.185 c 85.113 452.476 84.703 452.646 84.291 452.646 c 83.878 452.646 83.469 452.476 83.177 452.185 c 82.885 451.893 82.716 451.483 82.716 451.071 c 82.716 450.659 82.885 450.249 83.177 449.957 c 83.469 449.666 83.878 449.496 84.291 449.496 c 84.703 449.496 85.113 449.666 85.404 449.957 c 85.696 450.249 85.866 450.659 85.866 451.071 c f BT 91.016 448.255 Td /F4 9.0 Tf [(Go to )] TJ ET 0.373 0.169 0.255 rg BT 115.532 448.255 Td /F4 9.0 Tf [(https://servicedesk.sun.ac.za/jira/servicedesk/customer/portal/6/create/115)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 115.532 447.104 m 412.649 447.104 l S 0.153 0.153 0.153 rg 0.153 0.153 0.153 RG 85.866 440.082 m 85.866 440.494 85.696 440.904 85.404 441.196 c 85.113 441.487 84.703 441.657 84.291 441.657 c 83.878 441.657 83.469 441.487 83.177 441.196 c 82.885 440.904 82.716 440.494 82.716 440.082 c 82.716 439.670 82.885 439.260 83.177 438.968 c 83.469 438.677 83.878 438.507 84.291 438.507 c 84.703 438.507 85.113 438.677 85.404 438.968 c 85.696 439.260 85.866 439.670 85.866 440.082 c f BT 91.016 437.266 Td /F4 9.0 Tf [(Fill in your information and add the email as an attachment. Your request will automatically be logged on the )] TJ ET BT 91.016 426.277 Td /F4 9.0 Tf [(system.?)] TJ ET BT 61.016 406.288 Td /F1 9.0 Tf [(*Spam or phishing examples must be sent in either.EML or .MSG format as an attachment and must not be )] TJ ET BT 61.016 395.299 Td /F1 9.0 Tf [(forwarded. This ensures the original email can be analysed with its full Internet message headers intact. )] TJ ET BT 61.016 384.310 Td /F4 9.0 Tf [(Alternatively, use the mail application to save the email \(usually located under File | Save As\) as an .EML or .MSG format )] TJ ET BT 61.016 373.321 Td /F4 9.0 Tf [(to a folder location, and attach the saved file to a new email.)] TJ ET 0.400 0.400 0.400 rg BT 61.016 354.832 Td /F2 9.0 Tf [(Posted in:Phishing,Security,Tips | Tagged:Malware,Phishing,Report Phishing,Report Spam,Spam | With 0 comments)] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Annot /Subtype /Link /A 13 0 R /Border [0 0 0] /H /I /Rect [ 61.0157 510.6862 237.0917 519.8437 ] >> endobj 13 0 obj << /Type /Action /S /URI /URI (http://blogs.sun.ac.za/it/en/2016/10/how-to-recognise-a-phishing-e-mail/) >> endobj 14 0 obj << /Type /Annot /Subtype /Link /A 15 0 R /Border [0 0 0] /H /I /Rect [ 115.5317 447.4225 412.6487 456.5800 ] >> endobj 15 0 obj << /Type /Action /S /URI /URI (https://servicedesk.sun.ac.za/jira/servicedesk/customer/portal/6/create/115) >> endobj xref 0 16 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000305 00000 n 0000000334 00000 n 0000000472 00000 n 0000000561 00000 n 0000005028 00000 n 0000005140 00000 n 0000005255 00000 n 0000005375 00000 n 0000005483 00000 n 0000005610 00000 n 0000005734 00000 n 0000005862 00000 n trailer << /Size 16 /Root 1 0 R /Info 5 0 R >> startxref 5989 %%EOF phishing « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

phishing

« Older Entries
Newer Entries »

Phishing e-mail with deceptive subject “IT ADMIN”

Tuesday, April 10th, 2018

Several observant colleagues and some students have reported a number of phishing emails being sent (usually in pairs) from a university account in the United Kingdom. The subject is “IT ADMIN” with no salutation or any other information other than “You have a pending message click here to read”.

With some students still on their autumn break and many colleagues only returning this week from the short school holiday, mailboxes have filled up full, voicemails and Skype 4 Business voice messages might have been left and some might be fooled into thinking that a message from “IT ADMIN” *might* be important.

This is a common tactic used by phishing scammers to attempt to con their victims into giving their usernames and passwords.

Many phishing emails use short and cryptic messages to instil a sense of urgency to scare users into doing the attackers’ bidding. In this case, a short mail about a mysterious “pending message” requires the victims to click on a link in order to retrieve the message. In actuality, the link leads to a fake login page designed to collect the user’s login credentials and deliver them to the attackers.

You should always inspect all URLs carefully to see if they redirect to an unknown website – this scam links to weebly.com. Also look out for generic salutations, grammar mistakes, and spelling errors scattered throughout the email. There are several in this mail.

It is no coincidence that a compromised UK university email address has been used. Large institutions like universities, with large numbers of students and personnel, are always a challenge to protect and are choice targets for phishing attacks.

In the same way, some Stellenbosch University students and personnel are fooled by the scam and give the scammers their passwords and login details by filling them in on the fake login page. The original email account is discarded by the scammers and compromised Stellenbosch University accounts might be used. This has happened several times before.

So, do not be surprised if later this week there is a fresh breakout of these “pending message” mails from “IT ADMIN” but this time coming from Stellenbosch University student or personnel accounts. It is very important to report this to the IT Cyber Security team.

If you have received mail that looks like this, please immediately report it by sending the spam/phishing mail to help@sun.ac.za
and sysadm@sun.ac.za. 

Attach the phishing or suspicious mail on to the message if possible.
1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
2. Use the Title “SPAM” (without quotes) in the Subject.
3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
4. Send the mail.

[Article by David Wiles]

Email

Tags:
Posted in E-mail, phishing | Comments Off on Phishing e-mail with deceptive subject “IT ADMIN”

“Cryptocurrency” scam email

Wednesday, March 28th, 2018

Please be aware of a  scam making the rounds since yesterday.

It is a “Crypto-currency” (bitcoin) scam that comes in the form of an e-mail from an unknown sender (currently an address from name@dacfinance.online). It will look like this:

 

 

Hi, how are you?
I hope you are okay

 I’ve been trying to reach you for the past couple of days.

Something MAJOR is happening in the trading world and I want you to know about it.

>> Check this with your email somebody@sun.ac.za

 Are you ready for that kind of spending power?

Many people already started to trade cryptocurrencies, BitCoin and LiteCoin.

Join now to our Group!

 To your success,
Some Name
 DAC Finance

cryptocurrency.website address

 

 

This is a sneaky attempt to defraud users seeking an opportunity to invest in Bitcoins (crypto-currency). The website you are taken to is filled with fake testimonials, inflated bank account numbers, exaggerated claims of easy money and various other lies and fabrications. The software that you would be asked to install is fake and will compromise security on your computer and be used to send spam. Furthermore, victims will have to pay anything up to $250 to join the “investment” scheme and the only thing that will happen is that you will be $250 poorer. Here is an example of the website page:

Do not respond to this mail or be tempted to join this scheme. The fact that university e-mail addresses reused and the claims look legitimate should rather be a warning.

As always if you have received mail that looks like this, please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to help@sun.ac.za and sysadm@sun.ac.za.
Attach the phishing or suspicious mail on to the message if possible.
1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
2. Use the Title “SPAM” (without quotes) in the Subject.
3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
4. Send the mail.

[Article by David Wiles]

Email

Tags: , ,
Posted in E-mail, Security | Comments Off on “Cryptocurrency” scam email

Phishing scam about reaching your mailbox storage limit

Tuesday, March 6th, 2018

Monday started with a phishing scam threatening to close your mailbox, and Monday is ending with another attack, using a similar intimidation tactic about your mailbox size.

The grammar and spelling is very poor on this one so it should be rather easy to spot. However the use of University branding and “STELLENBOSCH HELP DESK” might fool some people.

The Subject will be “We apologies” (sic)

Dear User,

You have reached the storage limit for your mailbox. Please visit the following link to complete your e-mail access restore.

Follow this link to complete the process: Click Restore

STELLENBOSCH HELP DESK

If you do click on the link (which does not go to a university website) …this webpage will appear. 

 

 

Many thanks to all of you who reported this.

Remember these 5 guidelines:

  1. Information Technology will never request sensitive information such as passwords.
  2. Phishing e-mails often appear as an important notice or urgent matter such as threats that your mailbox is over quota.
  3. Use of aggressive or intimidating language such as ‘immediately’ and threats of consequences of not verifying your account.
  4. Misspelled words and poor grammar that take away from the professional context of the e-mail. (this one is quite obvious)
  5. Use of an impersonal greeting. (Dear User)

If you have received mail that looks like this please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to help@sun.ac.za  and sysadm@sun.ac.za

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

IT have set up a website page with useful information on how to report and combat phishing and spam. The address is:https://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

[Article by David Wiles]

 

Email

Tags: ,
Posted in E-mail, Security | Comments Off on Phishing scam about reaching your mailbox storage limit

Phishing with subject “Email Expired”

Thursday, February 1st, 2018

Several students and personnel have informed us of a “new” mail making its rounds on our campuses.

The sender is “Postmaster” with the subject of “Email Expired”. This phishing scam tells you that your e-mail account will shortly expire and uses scare tactics to convince you to “click” on a link to activate your email.

Information Technology will never send you this type of email, ask you to click on a link or provide your username or password. Do not respond to these emails or click on links.

If you have received mail that looks like this please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to the following addresses

help@sun.ac.za and sysadm@sun.ac.za.

Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

IT has set up a website page with useful information on how to report and combat phishing and spam. The address is: https://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

 

[Article by David Wiles]

 

Email

Tags: ,
Posted in Security | Comments Off on Phishing with subject “Email Expired”

PHISHING: “Your Email Account Has Been Compromise”

Monday, January 29th, 2018

Please be aware that there are e-mails being sent from an outside e-mail address (@lasell.edu) with the subject  “Your Email Account Has Been Compromise” (including capitalisation of every word and a spelling mistake at the end)

The mail contains only the following:

Verify HERE

This is a phishing scam. Information Technology will never send an email like this, ask you to provide your username or password or require you to click on a link in an e-mail.

Here is an example of the phishing mail:


Many people, including students and staff can be easily fooled and manipulated by the social engineering tricks of the phishing scammers.

Once they fall victim to this phishing scam and the scammers have control of an university account, they will stop using the outside e-mail address.

Don’t become one of these victims. If you receive and e-mail with the subject “Your Email Account Has Been Compromise” and it seems that comes from a university account (like a student number, or even a known university colleague), do not respond to it, forward it or click on the link.

Report it to Information Technology’s Cyber-Security Team (details below) and then delete or move it in your Junk E-mail folder. You can use the Rules function in Outlook and Office365 Mail to delete all mail with those subject lines or senders.

Here are the instructions again:

If you have received mail that looks like this please immediately report it to Information Technology using the following method:

Send the spam/phishing mail to help@sun.ac.za and sysadm@sun.ac.za.

Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe): http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)

2. Use the Title “SPAM” (without quotes) in the Subject.

3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.

4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

IT have set up a website page with useful information on how to report and combat phishing and spam. The address is: https://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

 

[ARTICLE by David Wiles]

Email

Tags:
Posted in phishing, Security | Comments Off on PHISHING: “Your Email Account Has Been Compromise”

« Older Entries
Newer Entries »
 

© 2013-2024 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.