%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R 13 0 R ] /Count 2 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> /XObject << /I1 12 0 R /I2 15 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text /ImageC ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20250609002611+00'00') /ModDate (D:20250609002611+00'00') /Title (Report 06-2025) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Contents 7 0 R >> endobj 7 0 obj << /Length 1849 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 70.799 521.469 675.935 re f 0.773 0.773 0.773 rg 0.773 0.773 0.773 RG 45.266 746.734 m 566.734 746.734 l 565.984 745.984 l 46.016 745.984 l f 566.734 746.734 m 566.734 70.799 l 565.984 70.799 l 565.984 745.984 l f 45.266 746.734 m 45.266 70.799 l 46.016 70.799 l 46.016 745.984 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(PHISHING: CONFIRM YOUR EMAIL ACCOUNT)] TJ ET 0.400 0.400 0.400 rg BT 61.016 664.909 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 664.909 Td /F3 9.0 Tf [(November 10,2017)] TJ ET BT 183.083 664.909 Td /F2 9.0 Tf [( by )] TJ ET BT 197.591 664.909 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 637.420 Td /F4 9.0 Tf [(The latest phishing attempt uses a rather obtuse message about confirming your email account to prevent a shutdown of )] TJ ET BT 61.016 626.431 Td /F4 9.0 Tf [(your account. It also used your email address in the salutation, which might fool some people, thinking it is genuine.)] TJ ET BT 61.016 606.442 Td /F4 9.0 Tf [(Information Technology would never send out an email like this, lacking personal salutations, direct contact via telephone, )] TJ ET BT 61.016 595.453 Td /F4 9.0 Tf [(and threatening to close your account down.)] TJ ET BT 61.016 575.464 Td /F4 9.0 Tf [(Here is the phishing e-mail example below with the dangerous parts removed. Do not click on the link or provide any )] TJ ET BT 61.016 564.475 Td /F4 9.0 Tf [(personal information. Luckily the phishing email and the server comes from the Far East, so it should be rather obvious )] TJ ET BT 61.016 553.486 Td /F4 9.0 Tf [(that it is a scam:)] TJ ET q 375.000 0 0 185.250 61.016 357.038 cm /I1 Do Q BT 61.016 339.247 Td /F4 9.0 Tf [(This is what the phishing website looks like.)] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /XObject /Subtype /Image /Width 500 /Height 247 /ColorSpace /DeviceRGB /Filter /DCTDecode /BitsPerComponent 8 /Length 23324>> stream JFIF;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82 C    !'"#%%%),($+!$%$C   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?(((((((((((((((((((((((((((((((( }FiHb@BiK^8.|(<pPnUu|y?5w7}7Ao ŜS=abz๑P򞥀_ L >PnS;@,tu\KOщ}OUZ=ijM )g A"Ÿe3! uq=k).m۟MqDF3Zo5HPۓpy?4b_'ƼxeZٸ[vpL,HNЬ^G-Fɻc'1ܤAy rEw|y?52ڌj &,mx+hϔt5[x[Q_ K6۔27ŀP1@%'hĿOyW50YT2Ci*mߗL f80+o:0C8r^Ts<@?@1/?^m[h "7r pmg$;OOӥ.i7:igtlr( 5`[}xKOщxPO{mHaHbc:#i*䂠.w;j7WzBpLjP$e|0*g4b_'ƌKO '<[ĆG#ΩcY[tJc, <Û^$6zarGt}EanGnܬ\ݒ2@1/?^yxŚmM\dimUpg&Ax&ռi ' EhZ0/Pws~Qw|y?5iȑj;cYdg1*2Nc5@ ĿO|@ ĿO|@ ĿO|@ ĿO|@ ĿO|@ ĿO|@ ĿO|@ ĿO|@ ĿO|@ ĿO|@ ĿO|@ ĿO|@ ĿO|@ ĿO|@ ĿO|@ ĿO|@ ĿO|@ ĿO(YZZ\ߤηwIi UG'dܬPMN Q#)VBX`؊ϸGKR8MLYjk2&p*Bm.^dB "?˹\ЏԨ5?Px]! !MF)C b:Wޗo5ޣgs1/, %N0ʤ1Ԏ(t xhBh\ٛߴ0W9+61Ohwc\gU CVRC.G`7T𗇣o ȖS" !`8j_v4QS1W1NAȮW:ΣDЛtNd2 .Tfm! k$sG11Fڣ'$IP?{y -#> dR7̀8eǗ󭬓x^VY$e[+Ie twms]57umiPsZm߁k}2Ng3H@̨:1[vo [DB+*? _(*h+ ۢ -c@袀 ))h4SY0Y2zJuԱPP3EQEQEQEQEQEQEQEQEQEQEQEQEQE|KԞ(v0],м"@P%B+s>#i`Q #H-`-)D B3q@W-k=5>ұmAn)?u!XדivVSOg̲YqC+-?uuڙ>IcoN⥺ieM ŝQ*KjbS'( 6A# _KagU7v+D-6< ܮ88S#u CMЯL}FX6!ȡ[''&'AuOiͨhqyfXđɰ|n0σlǹkou ظ)+p{ WN43Xk;fC]w_fݤnd!D@*D 쒸'OȖ.pדEx-btʫ# yڻyEJrKBx4w\y(6@wIgVUP7:$-P|@{}F4̜Yx8/rqE؞TbwptPO(PpG$Ck:[CiZIY7mf#3w-r.Fvrr(aߊMipѠ=*qEy|G~)Em;y..c!VB-vB屿boޛ)bO[.|Fj YD`p:GuEdZ%q>0b>[ijy P3p3q]G;3&neۈ |r(ɭ][ G7Xe B2ȳ&'3/c1w:.aM9nn\QXN9 =![{iƫo3єyrrgztx5Kk94?Dgby@~by'J+ [}@0#z[W ][ϔ0^9 S p|'񄶗2ů@EΩj4F)jhUf1$d O.K4B{4ġbIX<$PE6LNvi2Ʈ6JEBFXzP.⧴EB,x#' S|_.},(TzvQ4?u0z8jz +̔E-;Bl7[H2\Kg5T Ja5#UaZ  HPxFO&rwqT1ddˇbxZ> E}6ğlU/N |;\.Mum,U9*O":NN94x x )M#{ế=?GdҥI2&BO~?,QX,Ki$fEf${ 8<OcQ{~#,9,v,`T7(((3EPEPEPE%-QE%PTMNžg *ȑ(oby@YYԗPAWU~xuu'&6c ҉Y%~+2d1C.g!H "9s?3q}j+:mΜP4M8|Cq*ۊۢ3c&hIc -4t &%-:@@=}y (<5e X#.#"I$,pťrM^t={[+x5tFD`= =Ls >d֛kiWoyme7(VsU(2? hy4@$s#0X NߙI=VHfUX.ݿGkU{BU pYg̓<j62/1HG1&ЪbP7`a3SE_O?"ѿ/JOc ,v$ e@b Ux7DiJI8>  _H_ G$Z/ O?9'}&ͥC2!>?AM>Lt#%c%Ԁ?\ K A}?ShE)4Ҭ8HL@Y>`g֬.`  `!v ҢE)4E_Oš R4$!qGߓϽY9@ E_OOH_ @ t %hjbetd =2 h{h.kJ"d$4H_ G$Z/ OGo#Ҭ)D@20{pHM6šܓ>g#8Vh]K A}?Si?"/JH.+al;|N*Ɗ+&lhRmLn@ $Z/ OF)4 巊Y[aF40GDIw&jӤb% `_H_ G$Z7 O H9cWc _s?mc.; KS眘ј~'ַ"ѿ/J'$Z7O y< eYY Bs@TR?x5w- A}?ShBE)4E_OТ"ѿ/J/$Z/ O +?-E_OѤh%?ƏH_ @V$Z/ O- A}?Si"/JhQYh%?ƏHo @Vw$Z/ OE)4EgE_OoKaRFQ'Vc)h((((((5+xn|cG*>g̶߬K^jQυ_tPO?|-?:Zߥ ET/Qυ_tPO?|-:Zߥ ET/Qυ_tPO?|-?:Zߥ ET/Qυ_tPO?|-:Zߥ ET/Qυ_tPO?|-:Zߥ ET/Qυ_tPO?|-:Zߥ ET/Qυ_tPO?|-:Zߥ ET/Qυ_tPO?|-:Zߥ ET/Qυ_tPO?|-:Zߥ ET/Qυ_tPO?|-:Zߥ ET/Qυ_tPO?|-:Zߥ ET/Qυ_tPO?|-?cO.Hm-q[0O}/VmQKEQEQEQEQEQEQEy#`m[uy#`m@tQEQEQEQEQEQEQEQEQETsje™(IA4s&q6 3%TMu4,ia?KEPE7z)n88PEG1*o98ǶGRPE7͏򷯙3=qN((((((((a+ 6袊((((((+G='׿2ڶG='׿2ڀ6袊((((((((((((((((((((((+sK[uz_*Q@Q@Q@Q@Q@Q@Q@b^>F[Vb^:F[P7ӥ`![x/>v UE>``Q 5^6P\ {ۡ 8Hn;Wj*^_Mwv1E%u!CA,zaHc<{˭_Oğa_G<|۰V`SņTvf=񷉉$u`ТB%mj4$,3n7sT-|]{jZSZ}^M(6: `26> C@Z{U MBmm aI"iV3q i~$/ ae"g>DLV4t@@T Z3^r|s`h.P[HRxK d <j4Zơ H=N$ 7 9?62h~.=hGiWsrqTdg+=wSkN |ܳȨpIlc HʊkƓcoyeeWTᔢ\ƽ67VI# +>+< FVN~eQӓ@Ep o5$ooe4]>HLm"d@z䚧׋'k`x$IBU|9ʻqz5.%s{QİHnJ`aCqH! >-Z4Wq%gXu Bg=FۯiPkCmp1<1]r=+QsPefK[M bcPTh,w֗6Z'Uht7Q 3P^ /|<}Ǫĥ-X]TfQP>s zMZ=[E} >TtrHedw dH&hO}/Vm'Шo4QEQEQEQEQEQEQEy#`m[uy#`m@Td]AWh1#uj"w9@/u+k8ԻiJc#[!ףG*U?5g0T*:U'f?:/?iכ??\ ?MiOǗ?iW>!0>4LA(Ay/C'!'?<~~B>oI~ԩ剿v3ڋ_v-3Zjg)MZLzļz_?OG/C'0X?=' ;~u?ӿ[6s@$4??1/?i?:o?y/E'!OyKO 񺸸ISW#\,^lĒGpH%Fp3^C Ihs@$4bc?__#>KKKHS$ʼn$NI$I$NMYs@$4??1/#(s@$4?_ؘWǗW??\ ?M?Lg~+cJ+\ ?M&Lg~+cJtSE-tU؄BrB8 dW2ݡ@}w/C'0XExSFBW d2Nӿ\ ?MؘWǗ?J+\ ?M&Lg~+cJ+\ ?M&&3?a{%&_?OO0X?=_OG/C'0XEx/C'!OyEx/C'!Oyd/l-dVh!\}ȯ"s@$4?_ؘWǗ?7KmͽlXvvv=Yf'Ԓjx/C'!'?<GQ^7 Ihs@$4bc?__#(s@$4??1/#+ [U?.m펅X}d^⏹JB~Ohg>߱G,(Y/>I~`X?أd_|&}}`bϿ+oZϬQ ??E>~Ohi>߱G,(Y/>Il888kZϬR 20m-أe_|Kf%2y24HVϧE)1Ŀh#lES pO;c6@?G>@?]"\4ӿ[[0Sh p?kiEy9=k}7žm %AYU[ʧ 9GU ],(~r}?>_|E}m ?>i>߱Gȿ? M-?(~"S?'4W`X?ؤ~"S?'TW`X?أ}?O?$_[}}`b}?O?%Q_Z}`b}?O?$_[}}`bYϬQ/>_|E}k O_ZϬQ/>_|E}m O>i>߱Gȿ? !B>a+  XbQK^NgcQ{6R9s[tQEygQEQEQEQEQEQEy#`m[uy#`m@%Ihzźq.fVK%V8<PjεY$W:DYIJ Xx}qV֣{ ].)4"g2[| >9A}KQ5 ;"k;(T1F ('ۭwݍgSx6/yo1Ued&'b }Oþ մ+Ɵvƫ9flDK/@3!QeXęR+5HCw9)}:3j剼ǙBg|zsOP7]h90xǽygoNd(<‘3k)w/h#V}fR݈I<*Aa:p#r_I%YYI=*?};[}ϟp/9wɴᶌtFZѢuK/,idx_4fႱ8'Pឧe}m{?ayU{2[sa Ҁ:[Zg=څ3ECͰK;;tHĬq+j] ["@p% v[0wSZCwo%2’9l&}8J%Ӷ:HLv #d%[$㚿?~uyֱM{,G%ϓ~ ]|t VK8/efHRUgAd9:mګ[j6sF92uMwv֦yufy[J.y5w[t.K[&i 1nFxvx5Cg}Z* o S::xK5-N\XG Ep̏*xRA 뎼U]'H״˘{zKmO%f[tc/"=0@'d]W;soieImEu3DP*@h䑚iZTV_]%7)f!bN?]S[xe[Ҩi3qXfFl%pTdy >`8cנ<ڡt녷,n'hՎ)ئqs_ŝ݄sPkCuم {fum;Ŀ)kBvsro危ϖ(ܯ^T@tזUww d{SjuOiI/U-'O-ֹx67m %3}|8KcW?s75 GQ+)H̲ɽ XPZւ# WzsӰ5MS父"BrFsgt宥ձy䴐4lvR@;rE`x'\|Kk v76 $v@봹?Ek Qm]6NFօ# q-Qxl<2Rh qB%m؈ 0gX vI+FI{W}HZvvOݡdۆePIPs@TKock;yRo|c4 ~y+;?|sxV6:sBAc%,0@[$tz/V5{D-egh2T0` sTh^"(SHmx RWG GP}Bе+c0gTy ;)!v{02mp$u/mnlfim]Y3#FSd9=pS"mWk2`SAZ"^ȓa,-2JENiCDu$m.K{>0U 1G]ojv6n!6}O$mj#yz.r0>a-e;m yhfD&{ 9rJa 18>.tVyR߹V #lqvnpԋguF)n-,Y+YP[+uǡ[eI ,lb8]ˇ'}e$W '9q,`Fv .Mah~!|#A.Q67T*능 mtE'qغ1*18=+y"9t." $\bo.Րdl w/c?5O Z"X \aqx2 pI GAj[C-4+Yeya>$rquj<7$s^tP38h#sTx9XZgv{i."ۙI%HЊ<^~!n%"Գ],0 LJ`s1o;e1i<:ƚq 8\ sFt/[J&9Z,:7GKzPM[DfXd22y)\!EZu.;MJ |sk1$:|6HDwؾ_˗sz}/-DC296HP m+); .!YuP ǐJ(\@j$ӚkM 8IE1ـ1;FcYIMpvAj{mDhdB@Da!Nހ89~$x领(]TUbao"_d.rs/8MyEIw{mqLZ*bH9!q&;vK^9 Aޑywݻ;[x@&XvA.rPygRu[y%]B4 dV)܇n08NDoׁdk&%$F$4ͽ; hd+1ۅ0H?/Jw_ kKwEߜoeRW=Ec7a}[l,{XT#y#e|cuWA#TuS p˵T t;0x9W[P?d84+{ۉ@/+ 2|yy`f\Aυ%TGW- d[r|Fsn}sQkk>3EyS7*!v);\ѵ^yfec%GoS ƚxM,[K7!Hd =n$;@Tr m1;mQ 9FXFֻ?yT~h|ͣv=3G۷~ѻ>OR6Mgw7j@u3c~Wo>$Ay9}> i3N4ct69avB*@Uzm`-b&/d}=(s5ndXHxH: ^h,m1e([~~;qԞqhg_?Œ'/P5 FP5JdkH$;@pdszWpOfڔh*}K|>縹Xi5#[+qBFTO^*|4m8sQ*YĨ1رm#L|U(ϊRciVGTy,D)X6ݓ$s |*ә K fI]J-0Fk{>*}Kg_?€)~ mV[YiklbdrȒ͟G*}Kg_?€+hmc*}KyKƚ ksu8`[!asֽx4g|m+ H1lFxs>*}Kg_?€0uO꺳jGsL6f@Д2p,8HzE q$k[kRp{7>*}Kg_?€9?]%jKc"mK4r,$1#|h? FrI>*}Kg_?€0,>ik iH׷Hlﰀ3#!H\(\tW-ķϬՒ@هPDmzH͝xZyWtO_>*}K#[m rGb[|&mK,SE#/FCTtctWtO_>*}K|7A-;V3$*?2evJH5N֑C4;c FB<(8kqԿF|U(38BZnI~pNF[< n5ϴźd p[LNJH˷ p9XϊRWtO_ >Ayfl M6df;dP9'5*|0ݡTA4WqL=cRUFqFckg>*}Kg_?€3(TUuFbH%f'<`že%a VR#&$yg9C>*}Kg_?€6L'/QwD ۢ3ԿF|U(nϊRWtO_ +>*}Kg_?€6?sKF|U* ;B෹>as> endobj 14 0 obj << /Length 3857 >> stream 0.153 0.153 0.153 rg 0.773 0.773 0.773 RG 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 213.682 521.469 544.302 re f 0.773 0.773 0.773 rg 45.266 213.682 m 566.734 213.682 l 565.984 214.432 l 46.016 214.432 l f 566.734 757.984 m 566.734 213.682 l 565.984 214.432 l 565.984 757.984 l f 45.266 757.984 m 45.266 213.682 l 46.016 214.432 l 46.016 757.984 l f 61.016 229.432 m 550.984 229.432 l 550.984 230.182 l 61.016 230.182 l f q 375.000 0 0 257.250 61.016 500.734 cm /I2 Do Q 0.153 0.153 0.153 rg BT 61.016 482.943 Td /F4 9.0 Tf [(If you have received mail that looks like this please immediately report it to the Information Technology Security Team by )] TJ ET BT 61.016 471.954 Td /F4 9.0 Tf [(sending an email to)] TJ ET 0.373 0.169 0.255 rg BT 141.557 471.954 Td /F4 9.0 Tf [(help@sun.ac.za)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 141.557 470.803 m 206.222 470.803 l S 0.153 0.153 0.153 rg BT 206.222 471.954 Td /F4 9.0 Tf [(.)] TJ ET BT 61.016 451.965 Td /F4 9.0 Tf [(Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the )] TJ ET BT 61.016 440.976 Td /F4 9.0 Tf [(following link \(Which is safe\) : )] TJ ET 0.373 0.169 0.255 rg BT 181.544 440.976 Td /F4 9.0 Tf [(http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx)] TJ ET 0.18 w 0 J [ ] 0 d 181.544 439.825 m 549.707 439.825 l S 0.153 0.153 0.153 rg BT 78.360 421.003 Td /F4 9.0 Tf [(1.)] TJ ET BT 91.016 420.987 Td /F4 9.0 Tf [(Start up a new mail addressed to )] TJ ET 0.373 0.169 0.255 rg BT 225.080 420.987 Td /F4 9.0 Tf [(sysadm@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 225.080 419.836 m 303.740 419.836 l S 0.153 0.153 0.153 rg BT 303.740 420.987 Td /F4 9.0 Tf [( \(CC: )] TJ ET 0.373 0.169 0.255 rg BT 327.239 420.987 Td /F4 9.0 Tf [(help@sun.ac.za)] TJ ET 0.18 w 0 J [ ] 0 d 327.239 419.836 m 391.904 419.836 l S 0.153 0.153 0.153 rg BT 391.904 420.987 Td /F4 9.0 Tf [(\))] TJ ET BT 78.360 410.014 Td /F4 9.0 Tf [(2.)] TJ ET BT 91.016 409.998 Td /F4 9.0 Tf [(Use the Title SPAM \(without quotes\) in the Subject.)] TJ ET BT 78.360 399.025 Td /F4 9.0 Tf [(3.)] TJ ET BT 91.016 399.009 Td /F4 9.0 Tf [(With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail )] TJ ET BT 91.016 388.020 Td /F4 9.0 Tf [(Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the )] TJ ET BT 91.016 377.031 Td /F4 9.0 Tf [(attachments section of the New Mail.)] TJ ET BT 78.360 366.058 Td /F4 9.0 Tf [(4.)] TJ ET BT 91.016 366.042 Td /F4 9.0 Tf [(Send the mail.)] TJ ET BT 61.016 346.053 Td /F4 9.0 Tf [(If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and )] TJ ET BT 61.016 335.064 Td /F4 9.0 Tf [(password you should immediately go to )] TJ ET 0.373 0.169 0.255 rg BT 221.081 335.064 Td /F4 9.0 Tf [(http://www.sun.ac.za/useradm)] TJ ET 0.18 w 0 J [ ] 0 d 221.081 333.913 m 341.627 333.913 l S 0.153 0.153 0.153 rg BT 341.627 335.064 Td /F4 9.0 Tf [( and change the passwords on ALL your university )] TJ ET BT 61.016 324.075 Td /F4 9.0 Tf [(accounts \(making sure the new password is completely different, and is a strong password that will not be easily )] TJ ET BT 61.016 313.086 Td /F4 9.0 Tf [(guessed.\) as well as changing the passwords on your social media and private e-mail accounts \(especially if you use the )] TJ ET BT 61.016 302.097 Td /F4 9.0 Tf [(same passwords on these accounts.\))] TJ ET BT 432.949 282.108 Td /F4 9.0 Tf [([ARTICLE BY DAVID WILES])] TJ ET BT 61.016 262.119 Td /F4 9.0 Tf [()] TJ ET 0.400 0.400 0.400 rg BT 61.016 243.630 Td /F2 9.0 Tf [(Posted in:E-mail,Phishing,Security | Tagged:Phishing | With 0 comments)] TJ ET endstream endobj 15 0 obj << /Type /XObject /Subtype /Image /Width 500 /Height 343 /ColorSpace /DeviceRGB /Filter /DCTDecode /BitsPerComponent 8 /Length 25670>> stream JFIF;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82 C    !'"#%%%),($+!$%$C   $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$W" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?7}o>!VB٣hReB͒Xv#ҹ]>&~_$qnt@T$GA݇֩|C^Nӆv4q٬+(lL|K`jiTI6һ5Svcto*OC.H"\ֲ>x;OZ+S )_mB}+^RK#nC >f0ȸֽdYr1JWg G,?/>$'V"% u ɓ:zhL@m!NFO˿~3>|?c@!)ƽLw{=*8<[ҵc opT2I,A9tψSL?h.>+d>Ć+K.No3X? _?k=n.Sg,?/{^1eK+{vaȄl}aٶy.?8Gs^m|>]Z1~؁Nb#GϘs?|MU|MU3~&v?tii`e?q>ާ.sOMQ UϘ17,?T7,?UG]>c} 7G.r7\`e?p{zw|M?7G.r7\ `e?p{zw|MU|M?7\ `e?p{zw|MU|MUpT`e?p{zw|M?G.sOmWIG]>c} ܰMQ UG]>c} 7G.r7\`e?p{zw|M?7G.sOMWEwާ.sOMQ UQG]>c{ ܰMQ ܰMWKG]>c{ OmQ UG]>c} T74Up4`e?p{zw|MU|M?7\%wާ.sOMQ UG]>c} T7,?UG]>c} T74UpTQϘ17,?UZ㏊mi܎O\U.h˿~bsWF^;݂Gr?XtEn/=z7oΗϘGͭ.M6f]vi'AEml]Z6,~^Y)vI3+7{y:?|Tz.[kK\4O1f] .\''g5oRJcs3# 8'9B~ǐg <ڴ Wᶙxw}y i&H|3v?vw:mIYBI<<QI]rSbk,DEzרĕ,rsȮRH@^`\0M,Ip:q:7(!I崷y;m rr h0B>b#!D[{IWL:!ݮdwB u= mlfx6H&\9< S6C!Vܩ?XJ9qݔ$]Isbty0u$b\;8DXEo2W q#$ck1[W l}/~Lp;Ѻ@qlyMh_?"_}若I,#h9ElɥM eT A9=;W%>7aW՗y~_)$r#3++zV2i aG ZoK;I|bP67ykqus"03$*0;JI.~QɯR`&Yf/ CᘵZ,G3A_+bw0HɅ~8h^aֿ9k:oh3A_(aֿ9k}CE=OuZ,G3A_+(a| ínf ?uZ,_PG;efk 7Q írf 9{(/0_Yfk 7W4QD{Z0_Y¾v':-oZ-=OuZ,G3A_+(a| írf ?uZ,_PG;efk 7Q ŭrf zS AZL=pp? +GW93e2v+I_=O _wYu ӊ>[K ߷-O,?/-ZI$.&@C01G ';NO?/D6pSW`k$xO  -ҮzM-?$_RL'qrO_.h۪嶝cqʭ8]Ea'2Ijz \ɶ'*hvW66paUiY%P˕U99~jz |Y 6cCdrM9Pi?6?:ߓS&Ic<g?,DՄ>%Do\D?P #=wneKpKl e`xm}U0t*BTj۠S{:˞Tן?UQVFV ~pq,z $0J/^7(_MBiw(0.-d,'9?NϝAg('?o_\jOqϸ8?Zͯk$g$$z@O`q3,%e 1FAVYԫ>Mlms*jFj88t w)lUU[ݒF~9 0wT#̟TjDY0(CY3 nYغVH,Fn}yN6y-$ڌN3T1{lt`e-KS/& H(t ϓ{תsؽHwhVQq6MGo_AԜWp.wa׿Lg9T?q^ާsAl\uЮ~[cb'?gãYX.C[+ggz}1ZFтz[Ȳt"HN@IbB2L*ShV?tI̐ȸ*E*a/@r`)]O$$m:lbYA gKJ(+o?T}z~XhZ+VE@s{00={~eͦstӒBb=OQr-Gz~rmo:pWuvc;$ V/PkOxvPx!pFW? q[v +y$68FG՜fܬzx%*xhՄ'm.vGo?T}z~\õjhP3=3K&TR0yX] Z]cM*j(-R5H݌g7,tib}JYʁv ;luItUX#dB!q53vWG^ +UP쟚];KZO.]ƍ$$~j?Uq5dӵ1d,$ [ v˥hj(-oLd$} 2h֔)htiߣQ?UsѺ}Mv: r9jifSa98$sX9nX?M*vocfI'ᝉ?yc'5nM*^X?(M*X?(M*X?(M*X?(M*X?(M*X?(E*ϻ$*($ricQ@71sb?E~?3ӎ+i 4LÇ#oo?B5_d?/pU[:i?ƭQ^W:hζEVζ?Ƭ@Əoo4Pooo:j[:hζEVζ?Ƭ@Əoo4Pooo:j[:hζEVζ?Ƭ@Əoo4P_oo:j[:hζEVζOooTPoooζEUη?ƭQ@Ɠ:jW:hηEUζ?ƭQ@Ɨ:j[:i?ƭQ@ƏooTPoooζEUζ?ƭQ@Əoo4P_oo:jW:hζEVζ?Ƭ@ƏooTPxBkW*d簢Ŀx!E~x'vG_G3[uE3[F__G(13U 5ٮ.BuKt<>McL][HJ4e{~kʵZ.t&6noȯ^-[*xv;/&+]B849Tl0c5.ulzdN<燾'D͞ur\GP3p1CINg<򚷴!Eq&=;@U6FlcCs@gCoZ-=|?ϩ]Z=/"5m,A0~+̎JIhzR[y37-ͤ& ԭWil(P3d3eOJ?dkk~*hs!z:ZW{=OH>/r̶:jnywf8zp9'T,t=7[J[K=[0HeT<֟*+~(__f﷓=5D%i* n.)( 6#}Yo{4V4Z[2dTD}|:R^Q4? LJh# {]%8 (##ֻQbӟN}ۭ@N2GlT:jF4AܿEVFEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPE_rxC_(±?3Ҏ^A_x9~,`tA,EپPO~c5آfQ?.PJ\2iXmŜk.bPMM:œWNn-ͽ`#60LQ਽O2Dm!O\ Zu%?֝SPQEEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPEPC_(Ŀx!E~x'vG_EFX$_kj__G(2>O>?UZc2 ?*>?UZ*ods}GU( ?*M>?UZ*o\s}GU( ?*>?UZ*o\s}GU( ?*>?UZ*ods}GU(& ?*>?UZ*o\s}GU(& ?*M>?UZ*ods}GU(& ?*M>?UZ*o\s}GU( ?*M>?UZ*o\s}GU( ?*M>?UZ*ods}GU( ?*>?UZ*o\s}GU(& ?*M>?UZ*o\s}GU(& ?*>?UZ*_\s}GU( ?*M>?UZ*o\s}GU(% ?*υV k|.>7\QUjPwA$Xyh<Ŀx!E% +oO?;?ڬ_?B5_?/pQEQ@Q@Q@Q@Q@Q@Q@Q@Q@Q@ZZ m8mƊZX(w 1E[W}Ƒ9+jQXL mGRrHڦ3Mbpi,rU7oriTX4퐄qbքִ/];B 8]ᦹR-zyYvm󏔎>$l7I9 w@sIUX,J+95 TgYr|VzlЬZԏkݥ^?'ȯg.|C` o,\:OO4qo50»pN=uD/N[Z_i9]B(p?3Z1Ht9Smm 4ߓLVc袊QEQEQEQEQEQEQEQEQEQEQE% (/.Q_c*gxC@"}#[UC"?G _Q^QEQEQEQEQEQEQEQE2IfG =Tno쟝OEAo쟝nZH899]wB]&$5gqտo쟝!n kq/*[V5Uʏ-Q(&  Y4r3Mz.ดVG<9H76=aWϝs'h2yլÖh%Y%f>U1j4/tXʹnM0y/-d9ROJnt>GS$9OO2\5}1ѵd)D3l:׃9xAZ*=*K#GhvGz'N 9(?@L >Kr7'漻%MM\:kRm$G4JdX?f7jH4[K9-SE6 an'=Bm=8pڑ*{R3^"۷=1N\%q2Q^ye}o )bԣ,VωH;pjxKK n'anTǺw8矙A柹plZ@1KYQ@Q@Q@Q@Q@ S%{TM%{T%Q@Q@Q@Q@Q@Q@Q@Q@Q@k_]?rV;zPQxC@#}!}𣆯Š(X(((((((*mOPOPɤ1D9*=qVn-wj *7ZߣW=C{HF2PX{Y:&{N6H. 0WI,?6|U҆Y;jSPGn.؜}*Vqa⫉զ8 ۖ;$G9U$|ȣFm A].xm}kYXߣRߣU] ا|6 2h`1k!+s$r<.?TlߣTWY$.TlߣTP.TlߣTP.TlߣTP.TlߣTP.TlߣTPuyc`\`sV*ؿ4OxʖoO餶xʀ$(((((((((|K!˯Q_]? TJ ;?ڬ_/B5_?/pQEQ@Q@Q@Q@Q@Q@Q@@?1S \RH2J?* E|_7ssS}A&a[^ ? P2}O5H0R/5 g?G-rL.e,oԳG\ OKϬ/ k?G-rQ,{zo/>?;4}wk |σ?9«TW SeG_}gƏrA?#g!Q*+SeG_}gƏrA#gQ*+SeG_}gƏrA?g!OQ*+SeG_}gƏr|A#gOQ*+SeG_}gƏrA?g!Q*+Se2tac`Kc+}YMz'PHs:f6vfIM%{TOxʐ(((((((((_rxC_(±?3҇ŽЍmV/? mW5~&QEzaEPEPEPEQEQEQE6b?S=6OCNh}oC7'j]ֿ3_FWCGbRVH葧cKM5<ڭ葙!$ +RTOq^sk߭5O͉4]FZil0s{h"HRnĎ6[,O6z}ƛ5B3&y ',|d3[2kZiZ>5lE(2F> |O vڿ5&[H8 3G^Klbc z vZ'-9ak5b0|,78jd&h#t =V$wq 1U0=>% `i43}511icѵ)$5;qf27>i/4֒k?R!C+oi]H 2}޿ UzdHX$dPw0{j\ _"B4X\AJt dG5EX0 ]AjU𷹎WYgG}p}뇶R(a^q#3Z\z͋“J--%-}Y뿳u_z;ר{|?>S%{TM%{UvQEQEQEQEQEQEQEQEQE% (/.Q_c*g? mV/? mW5~&QEzaEPEPEPEPEPEPEPP7'so*z?1@dԃN>Q<i5kMQui! A5OOп߆ kU+Yk){_AE?/_AE?/_A'/P*% >'/P*% >'/P*% >'/P*% >'/P*% >'/P*% >'/P*!}O_ U?2C(.GhLҺT~"d{B5ႭddrQ+I/uk}W!id(A\>|U͞g?N٫7;Z+~)iZ֡ec3]eQ@L`~-VmHVkH*swf?5jMfoַ{G" AgzՏDּ?& q[U,@X܏6p󬽼-{q\.6mh +kg&S+jPE:+0R*PkIWOem:?El:Qqm3&_Z:DcQӷ,+4+x($|n=4ӣ5ė6Zi\[ZyR<~Fׂ;in/VHYąv0s2Y.o;<;z+|;[ծ3f;KCh-[~˲9;U8 +8axVI."kiYM;A݇f9hwfȒ 3wLr(toe)v9@8]I.d#>4V$I9F.[ j6w%͛جe@7B?y⤸4KO\_[mk L]Je-~ʰfF ^37J(5%XZzdGÚ$&O.&k)}mi!W,9Ҹ=wiqZRx,X*a 9+cҟj+|gcjpY| L$g^0sа֠e6~FAF3=a*rՄgEdi-~C=cd)KyUMo-Ԭ6$oBsi8It/QTb,条Y_p&s4o]Ӽ;eR-ޱl I'krObז4Fϝ8*Pٯ5=BWS@avfI;A 8iLѴ[ƞL m1UN~obިPN w~o郞q!a5^t'CQj&d$ݤFuvS3O3sEqheM+u-dp#کB->֞%IaE8 J`pHYl`yYmSH"c“0'gmn]4 ![رA^jNr9瓾k}_ tK lV=bY6eJ~'?A[>.{iuLE>V!f=sߚmXBP:RWJyVj{yt8[SM<%aY6c9T#vS086ESqݎ3Պ+FrXxx[Jhkm3]]۩Ll.vMg࿈]JٴgҞ+oHxƒQ8 <;L%ۀ 7ڪxvi!J1g8FF+;Nq4gK]#F#_\8WI). |Ce/.-BM*[ & ʬIYn!un 3Yȕyn)݉r9Ur=1IXX-dz<7y%4=;JTk[X{O윀3'$beMNW2c1R[WBI+#ǩ7RNrsix~Ĺb ˁ~x0YD8^hLi2o R(wfP7LBÂpz{סZ6JeޯoScm^]moOm#NP<#}h`S%d6NrXj<3m^_[H\E?)r6| ^=vbc 7P^Q;Yw# s}k j:lw1{@]On▀1_NOi&#Ÿ11o; `TYғúzm`e 9 91].(a*󔜞8hF*+dr =f2uBrђ;wf>P{Z$H«[c;W1G6é-m2=;H߅>\񏃬ka@i8"DaPq[#HSx9<-u'/Og n{ &O3!-,w(d4$.Y!pkۏ4`Txwn1b! 7 sooq4x;ºRDɦx%A;@@W@ 5`P;>ȧ%u8@}ORy' eciA*^$ c` QS8)śUiUa[-1a`qE-u5WnxBFwF5nRb&ܼ]GM{i uQ@d%ԒUQ]ح̯"2^4.# 622NZhIY*J^L1Żv AQ]n&o'`VhQRVdӺ1o|=j`ǩtx^sA%”MNs]BֱOX5'QT[In) CN>}k_w˩qgpJpNBzWzhgjeEA*2goEM$n'&iFrr~gnkRJŠ(#|K!˯Q_]? TJ ;?ڬ_?B5_?/pQUē끓v^kb}c)>?1kUoM??E'&?"-QU~71}oc(WB@d>71jI$s|P*'?"M??EZ}c)>71jI@d_O??EYc)~?.EU$s|c(WG&?"-QU~71dEU$s|QI TU_M??EdEU$s|QI TU_M??EdEU$s|QI TU_M??EdEU$s|QI TUoMA ?"MA ?",U~?1}oc(WG&?&-QU?.OM??EZoc($s|P*&?"M??EZoc($s|P*(bx%u;;Ӗ O!2%Y& (? O sm%K%HݵG~M$pkҬ X.cVhÀ@#<#4Ѣ2>+-y+p#<}n<вWcϬ>/1,:)`d*Yu.1 9no7|l!{B$/)RInX:i6`b UP3#ԒhtЈex0FJf,[I$RjH _Z$Z^l-Gi7A&܎Eϡiiؖ\(#sz Wq4> %*n@:`#cn"I1 oPv= C.rև^ZenQgN(c~rr~4ڄ6Q~auB< >\qWFm.Ww2< Ir-:WG6 G<>ќlqp=+k<B_j A)<ЇoǤΰK+>0 rzq۹ 4[l`CM r<@]n.mSjsFá 9+-#~+Ŧ߮+9y6; W84ΈDZVݟ$wJ)<5<˦ZP2b=qS%tooHΛ@-R警OD"a2z8">3jnXftÞzmI E G,H"Q*xWA &\L80|Q[Ů]ͤBGtGs0t[9E c2z,W=rGLs[iX"l[+eO1e"P70: aK&a5wY[=rvKp>c;_д[E "B9*#0uWV:~ttڕs@C]M{q4;H X&@87?q6Hە^d:UMOH-cI1eB 3U'9;?gC!y1qyڗVUptc2#$'p:g4E,mnY>K^A#SeѴ٣9tIEehT\c pOh>h8;wM=Kn 䴌cm4 B.Gv㜒A cz46lah,-b6([n$sPE^6 ܍S dw\eM^([@Ԧ/$V;[ȭ< 2Angk{E$֒,$;Y<}5t3J'?1{^)Xe-,H Cp8ߝLDV` ٢2yDN1sz CæY42Hh8oݑ5EXF]Jtxo x~5mL4mʯj)hv!]v=j3tv .H޹|NbEn v9Ө5amlBGyi( Ud^RiV Et?S:Vo,Mmi7&pl0M <`]=캅ِZUuiN9 Aǝ>ui? ȿg\)۷ c/ "l#fB۠ͻ;ǦUOG liqKXQ@Q@Q@Q@k_]?rV;zQGѬL#6J~w??Ɗ+>(ҧ;Eh_Cwg> ݟVVg??A!?;[h}n?O?֬~~ Cwg>G'vqQf_??ƏN(j=;'vqϭ4QGՙ{vN?;[h3 ϭ4wg>EY`}n?O??Ɗ(Z?/a ݟϭ4QGՙ{vN?;[h3 Ϭ ݟ~EY`}n?O??Ɗ(Z?/a ݟ~G'vqQf_??ƏN(j=;'vqϭ4QGՙ{vN?;[h3 ϭ4wg>EVg??A!?;[h}n?O?֬~~ Cwg> ݟ~EY`}n?O??Ɗ(Z?/a ݟ~G'v?4QGՙ{vN?;[h3 ϭ4wg>EVg??A!?;[h}n?O?֬~~ Cwg>G'vqQf_??ƏN(j=;'vqϭ4QGՙ{vN?;[h3 ϭ4wg>EVg??A!?;YO??Ɗ(\U{v9Y"#QEΤ'9n4Zh endstream endobj 16 0 obj << /Type /Annot /Subtype /Link /A 17 0 R /Border [0 0 0] /H /I /Rect [ 141.5567 471.1216 206.2217 480.2791 ] >> endobj 17 0 obj << /Type /Action /S /URI /URI (mailto:help@sun.ac.za) >> endobj 18 0 obj << /Type /Annot /Subtype /Link /A 19 0 R /Border [0 0 0] /H /I /Rect [ 181.5437 440.1436 549.7067 449.3011 ] >> endobj 19 0 obj << /Type /Action /S /URI /URI (http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki Pages/Spam sysadmin Eng.aspx) >> endobj 20 0 obj << /Type /Annot /Subtype /Link /A 21 0 R /Border [0 0 0] /H /I /Rect [ 225.0797 420.1546 303.7397 429.3121 ] >> endobj 21 0 obj << /Type /Action /S /URI /URI (mailto:sysadm@sun.ac.za) >> endobj 22 0 obj << /Type /Annot /Subtype /Link /A 23 0 R /Border [0 0 0] /H /I /Rect [ 327.2387 420.1546 391.9037 429.3121 ] >> endobj 23 0 obj << /Type /Action /S /URI /URI (mailto:help@sun.ac.za) >> endobj 24 0 obj << /Type /Annot /Subtype /Link /A 25 0 R /Border [0 0 0] /H /I /Rect [ 221.0807 334.2316 341.6267 343.3891 ] >> endobj 25 0 obj << /Type /Action /S /URI /URI (http://www.sun.ac.za/useradm) >> endobj xref 0 26 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000350 00000 n 0000000387 00000 n 0000000525 00000 n 0000000588 00000 n 0000002489 00000 n 0000002601 00000 n 0000002716 00000 n 0000002836 00000 n 0000002944 00000 n 0000026437 00000 n 0000026549 00000 n 0000030459 00000 n 0000056298 00000 n 0000056426 00000 n 0000056499 00000 n 0000056627 00000 n 0000056758 00000 n 0000056886 00000 n 0000056961 00000 n 0000057089 00000 n 0000057162 00000 n 0000057290 00000 n trailer << /Size 26 /Root 1 0 R /Info 5 0 R >> startxref 57370 %%EOF phishing « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

phishing

« Older Entries
Newer Entries »

Nigerian 419 Advance Fee scam

Wednesday, November 29th, 2017

A scam in the form of a well-known “Nigerian 419 Advance Fee” mail is appearing in some of our colleagues and students mailboxes this morning.

The mail is rather simple:

Subject is: “Kindly view attach and forward your reply to <a gmail address>”

The mail’s content simply states the same and the attachment is an image of a letter and states that the sender has a large amount of money that they would like to send you.

This is a typical “Nigerian 411 Advance Fee” scam.

Here is how it works:

You receive an unsolicited message that masquerades as some manner of business proposition, request for assistance, notice of a potential inheritance, or opportunity to help a charity but all of the scam messages share a common theme.

The messages all claim that your help is needed to access a very large sum of money and promise that you will receive a significant portion of this money in exchange for your help.

The scammers use a variety of stories to explain why they need your help to access the funds.

  • They may claim that political climate or legal issues preclude them from accessing funds in a foreign bank account and request your help to gain such access.
  • They may claim that your last name is the same as that of the deceased person who owned an account and suggests that you act as the next of kin of this person in order to gain access to the account’s funds.
  • They may claim that a rich businessman, who has a terminal illness, needs your help to distribute his wealth to charity.
  • They may claim that a soldier stationed overseas has discovered a cache of hidden cash left by a fleeing dictator and needs your help to get the money out of the country.

All these scams promise to let you keep a significant percentage of the funds in exchange for your assistance. This is the bait that is used to pull potential victims deeper into the scam. Once a recipient has taken the bait, and initiated a dialogue with the scammers, he or she will soon receive requests for “fees” that the scammer claims are necessary for processing costs, tax and legal fees, bribes to local officials, or other – totally imaginary – fees.

In reality, the supposed funds do not exist and the main purpose of these scam messages is to trick recipients into parting with their money in the form of these advance fees. Fraudulent requests for fees will usually continue until the victim realises he or she is being conned and stops sending money. In some cases, the scammers may gather enough information to access the victim’s bank account directly or steal the victim’s identity.

Typically, advance fee scammers will send many thousands of identical scam messages to recipients all around the world. (as is today’s example) It only takes a few recipients to fall for the claims in the messages to make the operation pay off for the criminals.

What to do if you receive such an Advance Fee email:

It is important that you do not respond to it in any way. The scammers are likely to act upon any response from those they see as potential victims. The best thing to do with these scam messages is to simply delete them.

Send the spam/phishing mail to the following addresses

help@sun.ac.za and sysadm@sun.ac.za.

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

If you have fallen for the scam:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

IT have set up a website page with useful information on how to report and combat phishing and spam. The address is:

https://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

As you can see the address has a sun.ac.za at the end of the domain name, so it is legitimate. I suggest bookmarking this.

[ARTICLE BY DAVID WILES]

 

 

Email

Tags: ,
Posted in E-mail, phishing, Security | Comments Off on Nigerian 419 Advance Fee scam

Phishing: Subject “Your Email Address Has Been Compromised”

Wednesday, November 15th, 2017

We’ve had a couple of reports from personnel and students about getting messages with a subject of “Your Email Address Has Been Compromised” (notice the capitalisation of every word, which is one of the signs of phishing)

The scammers have spoofed the recipient (your e-mail address to read info@verify.com) and the sender seems to come from a compromised university account in the USA (address end with an .edu)

The subject says: “Your Email Address Has Been Compromised” and a link Verify HERE is included which takes you to a website ending with a “weebly.com”. It looks already as if the website is offline or has already been blocked by Information Technology, but you should never click on links in mail if the sender is unknown.

Keep in mind, Information Technology will never send you such a mail, telling you that your e-mail address has been compromised. All IT’s communications are bilingual and will always address you personally.

If you get mail like this and you are not sure if it is legitimate or not, you should never click links or respond but rather contact IT telephonically at 808 4367 to verify. 

Information Technology will send you an automated mail IF you have changed your password on the network that is branded, is bilingual, and informs you of a password change, but it is always better to check and make sure especially if you HAVEN’T changed your password or don’t recall if you have changed your password.

Here is an example of the current phishing scam.

 

 

If you have received mail that looks like this please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to the following addresses

help@sun.ac.za

…and sysadm@sun.ac.za as well.

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on Phishing: Subject “Your Email Address Has Been Compromised”

Phishing: Subject “Unusual Login Attempt”

Monday, October 30th, 2017

A new phishing attempt on staff and students of Stellenbosch University by means of a fake website was launched earlier this week. The website has been blocked by IT in the meantime so you will not be able to access it. 

The mail will be simple with a subject line of “Unusual Login Attempt”. 

The recipient field has been spoofed to hide the sender and recipient and the content of the mail is simply a link that says:

“For Details Verify” (with the Verify links to a website called “stellenboschuniversity.weebly.com”) (See example below)

If you suspect an email is a phishing attempt, please immediately report it to the Information Technology Security Team. With your help, we can block the malicious website as soon as possible and quarantine the compromised sun account from which the email is sent. If you are not sure how to recognise a phishing email, here are a few tips. Also have a look at examples of previous phishing attempts.

Instructions to report a phishing, spam or malware incident.

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

[ARTICLE BY DAVID WILES]

 

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on Phishing: Subject “Unusual Login Attempt”

PHISHING: Absa Surecheck Profile App

Monday, October 16th, 2017

Over the weekend and as already reported by a number of Tygerberg colleagues & students, a variant of last week’s ABSA phishing scam has started flooding our email.

The tactics have changed slightly and the criminals are now using a South African domain name to launch their attack. Below is the example of the phishing email, with the forged “ABSA Bank” login page to attempt to convince you to give your bank details willingly to the scammers.

The subject of the email is “Absa Surecheck Profile App – Upgrade | FICA information” which is designed to say absolutely nothing. It is what is known in information technology circles as “techno-babble”

While the methods used to steal a your banking details may differ, the process followed by fraudsters to steal money from their victims in South Africa are nearly always the same:

  1. Get the person’s Internet banking details, typically through a phishing attack. (as shown below)
  2. Get a banking account/s to which money can be transferred to and withdrawn.
  3. Clone the SIM card used by the victim.
  4. Create beneficiaries (using the list of banking accounts) and transfer money to these beneficiaries.
  5. Withdraw the money from these accounts.

Here are the obvious warning signs:

  1. The sender is not an ABSA email account (in this case a “throwaway” German email account used to send millions of phishing e-mails)
  2. Vague and deceptive subject lines (Techno-babble)
  3. An attached file (.htm) that contains a web page that opens up in your browser and links in the background to the server in South Africa.
  4. Impersonal salutation. “Dear Valued Customer”. Banks will never address you like this. They have your money – so it stands to reason that they will know your name as well.
  5. “Online verification” has **** to convince you that the email is genuine, but university addresses end with ac.za, not co.za.

 

The web page that you are directed to is actually the .htm file based on your computer (as an attachment, but links directly to the phishing server in the background.)

In this case is iteron.co.za which is listed as “undergoing maintenance” but is fully functional in the background.

 

 

If you have received an email that looks like this please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing email to the following addresses

help@sun.ac.za

…and sysadm@sun.ac.za as well.

 Attach the phishing or suspicious email on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe): http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new email addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing email from your Inbox into the New Mail Window. It will attach the email as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the email.

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

[ARTICLE BY DAVID WILES]

Email

Tags: , ,
Posted in E-mail, phishing, Security | Comments Off on PHISHING: Absa Surecheck Profile App

PHISHING: “Confirm your email account”

Wednesday, October 11th, 2017

The latest phishing attempt uses a rather obtuse message about “confirming your email account” to prevent a shutdown of your account. It also used your email address in the salutation, which might fool some people, thinking it is genuine.

Information Technology would never send out an email like this, lacking personal salutations, direct contact via telephone, and threatening to close your account down. 

Here is the phishing e-mail example below with the dangerous parts removed. Do not click on the link or provide any personal information. Luckily the phishing email and the server comes from the Far East, so it should be rather obvious that it is a scam:

This is what the phishing website looks like. 

If you have received mail that looks like this please immediately report it to the Information Technology Security Team by sending an email to help@sun.ac.za.

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

[ARTICLE BY DAVID WILES]

 

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on PHISHING: “Confirm your email account”

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.