Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

phishing

« Older Entries
Newer Entries »

PHISHING: ABSA account statement

Monday, October 9th, 2017

Please be wary of receiving so-called “Bank Account Statements” or alleged payment/transaction notifications that arrive in your mailbox from one of South Africa’s banks. In most cases, they are phishing scams designed to fool you into willingly giving the criminals your bank account details and password/PIN code.

The warning signs are obvious, but the amount of email that we all get every day and the day-to-day stress of the workday, often make us miss the warning signs. 

Below is a typical phishing scam some university accounts received this morning. It could just as well be FNB or Standard Bank, therefore it’s important that you note the warning signs:

  1. Do you have a bank account with the bank? If not why are they sending you an account statement?
  2. Unless you are directly responsible for your department’s finances and your department has a bank account with ABSA or your official university e-mail account is the contact address for your bank correspondence, you shouldn’t be getting emails from any bank.
  3. There is no personal salutation. Banks have your contact details and they will always address you personally, never as “Dear Customer”.
  4. The grammar and spelling are usually poor. This is because the scammers are often from countries where English isn’t the main language.
  5. There is always an attached file or link you should click on or open and type in your details including passwords to “verify” your identity. Email is NOT secure and revealing any details with this medium is very risky.
  6. Branding (e.g. logos and templates) of banks can easily be copied from the bank websites and forged. Just because the bank’s logo is in the e-mail it doesn’t make the mail is official.
  7. The website you are taken to will not be the official address. Often these are compromised websites which have been hacked by criminals and used for identity theft. See the example below. The address in the address bar is clearly not ABSA’s address.

The phishing website looks like this – very similar to the login page of the ABSA website:

[ARTICLE BY DAVID WILES]

 

 

 

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on PHISHING: ABSA account statement

PHISHING: “Server Message: Verify your email account”

Wednesday, September 27th, 2017

There is a phishing scam going around disguised as an “e-mail upgrade”. Please do not respond to any e-mail asking you to click on links and provide any sort of personal information, including usernames and passwords.

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

 

Here is an example of today’s phishing scam as reported by several colleagues and students already. (Links have been removed)

 

From: Mail Administrator [mailto:phishing@e-mail.address]
Sent: Saturday, 23 September 2017 3:37 AM
To: Your University E-Mail Address <somebody@sun.ac.za> <somebody@sun.ac.za>
Subject: Server Message:Verify your somebody@sun.ac.za email account.

 

Dear somebody@sun.ac.za

Access to your account will be temporarily limited for failing automated security server update.

Kindly upgrade your email with the link below to re-verify account ownership or your email account will be deactivated..
 
Click here to verify your details.

Thanks for taking this additional step to secure your account.

Email Administrator

 

[ARTICLE BY DAVID WILES]

 

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on PHISHING: “Server Message: Verify your email account”

How to recognise a phishing website

Friday, September 22nd, 2017

Over the past few years, as phishing started to gain a stronger foothold closer to home, we’ve tried to give you tips on how to recognise the typical phishing email. However, recognising the email is just the first step. The actual danger is in the website you reach after you’ve clicked the link. This is where your information is harvested to be used maliciously later. 

Considering Google is the expert on the internet, we’ve consulted their guide to recognising a phishing website. Here’s what they say:

1. What is phishing?

Phishing is a particularly popular scam in which a party creates an official-looking web page that asks you to provide your username and password, or other personal information such as your Social Security number, bank account number, PIN number, credit card number, or mother’s maiden name or birthday. 

In many cases, you’ll receive a link to this phishing page via an email which claims to come from an official-looking (but probably forged) address. You can also end up at these pages by following links that you find on the web or in IM messages.

2. How can I tell if a page is a fake?

The best thing to do is to check the page’s URL to make sure it’s actually controlled by the party it appears to be controlled by. The crucial part of the URL is the part between the HTTP:// and the next slash (‘/’). (If there’s no slash, start at the end of the URL.) This is the part of the URL that determines site ownership. Some popular domains, for instance, are amazon, google, and eBay: 

http://www.amazon.com 
http://www.google.com 
http://www.ebay.com 

In some cases, URLs will be a bit more complex; be sure to check the name listed immediately to the left of the top level domain (.com, .net, .co.uk, etc.). For instance, http://www.google.comhttp://news.google.com and http://www.google.com/firefox/ are all part of the same site. However, google.com.fraudulentdomain.com/login.html is NOT! Neither is www.g00gle.com (note that in this URL, the letter o is replaced by the number 0). 

Tip: Since a forged URL can look very similar to a genuine one, it’s safer to use a bookmark you’ve created or to type the URL into the location bar by hand instead of following links from your email. This is important for any page where you’re asked to log in or provider private information.  Additional Resources: antiphishing.org

3. How does Google know a page is bogus?

We use several techniques to determine whether a page is genuine, including the use of a blacklist containing pages that have been identified as suspicious and/or misleading based on automated detection or user reports. Our software also examines pages’ content and structure in order to catch potentially misleading pages. Google Safe Browsing can’t offer perfect protection, so you should always be on the lookout for indications that a site isn’t what it appears to be. But Google Safe Browsing can help identify and protect you against many of the sites designed to trick users.

4. What does an alert look like?

When we suspect that a page is bogus, an alert will appear on the page. The appearance of the alert will depend on your browser, but they all look like this: 

5. How do I report a page that I think is phishing?

If you find a page that you believe is pretending to be another page in an attempt to steal users’ information, please report it to us.

6. You’re flagging a legitimate page as a potential phishing site. How do I get this fixed?

If you believe that Google Safe Browsing is incorrectly identifying a page as suspicious, please do report it to our team. We work hard to act quickly on all such reports.

7. Does this feature protect me against viruses, spyware, and all other evil things?

Sorry, but no “Google Safe Browsing” protects against phishing and malware attacks, but it can’t offer foolproof protection (although we’re working on it). You still need to watch out for all the other bad things that can happen on the wild, wild web.

Email

Tags:
Posted in E-mail, Security | Comments Off on How to recognise a phishing website

PHISHING: “Invoice” from a colleague

Wednesday, September 20th, 2017

Today’s phishing attack takes the form of an invoice apparently sent by a “colleague”. Because this comes from a “Doctor” and the e-mail message tone is not formally worded, it can often be misconstrued as legitimate and can be trusted.

This is a common phishing scam. The attachment is a fake invoice that, when opened, will infect your computer with malware, which gives the criminals access to your personal information, but primarily to steal online banking details.

Some departments within the university are particularly vulnerable because they may receive invoices regularly from a number of sources.

The email may appear as if it was sent by a well-known supplier or other trusted source. (in this case a so-called “Doctor” with a uniquely South African surname) Often the email address of a legitimate supplier or a colleague or friend will be mimicked or “spoofed” in a bid to trick you into thinking the invoice is genuine.

The attached invoice will look like a standard document or spreadsheet, however, to view the file you must enable a “macro”, which is a set of pre-programmed instructions for a computer. This macro installs the malware, which can infect the university network.

In the case below, you are directed to a website which tries to open up an infected “Word” document that records your online banking details, along with other financial information, before sending it on to the criminals who then attempt to steal money from your accounts.

 

—–Original Message—–

From: Cornelissen

Sent: 18 September 2017 03:56 PM

To: University Address <Your e-mail address>

Subject: Invoice #66633 (This number random and will change)

 

Hello,

I’ve tried to call you but couldn’t get thought. Need to know the status of this invoice I’ve sent to you a while ago. provided a copy below.

Invoice #66633:

Phishing site address

(Your name will go here)

Kind Regards,

Cornelissen, LM, Dr

 

Here are some handy tips to detect and deal with this “fake invoice” phishing scam.

  • Be on the lookout for unexpected invoices or unusual payment requests.
  • Avoid enabling any macros on an untrusted document.
  • If you’re suspicious – don’t reply to the email but instead call your supplier on the number that you have on file to check the authenticity of the invoice.
  • Ensure you have the latest anti-virus and security updates installed on your computer and consider using high-level macro security settings in software applications.
  • Ensure strong firewalls are in place to help detect malware and prevent data leaving the network without permission.
  • Consider using a separate computer dedicated to making online payments to minimise security risks, especially if you use personal Facebook or other social media sites.

 

 

If you have received mail that looks like this please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to help@sun.ac.za

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

1. Start up a new mail addressed to help@sun.ac.za)

2. Use the Title “SPAM” (without quotes) in the Subject.

3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.

4. Send the mail.

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

[ARTICLE BY DAVID WILES]

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on PHISHING: “Invoice” from a colleague

PHISHING: “Important notice from IT”

Thursday, September 7th, 2017

A phishing attack on Stellenbosch University via an internal sun email address was launched again early this morning. See the example below with dangerous links removed.

Unfortunately, this email used our own template to lure you into trusting it. Take note that we will never ask you to update your information in this way.

Please do not click on this email, do not fill in your personal information and delete the email immediately. If you follow the link and supply your information, it will be used by phishing criminals to gain access to your personal information, including your bank details.

If you have any inquiries, please let us know by logging a request on ServiceNow or calling our Service Desk at 808 4367. For more information on this and other phishing attacks, refer to our blog and Twitter account.

Email

Tags:
Posted in E-mail, phishing, Security | Comments Off on PHISHING: “Important notice from IT”

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.