%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20250719005543+00'00') /ModDate (D:20250719005543+00'00') /Title (Report 07-2025) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 12 0 R 14 0 R 16 0 R 18 0 R 20 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 10901 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 169.049 521.469 577.685 re f 0.773 0.773 0.773 RG 0.75 w 0 J [ ] 0 d 45.641 169.424 520.719 576.935 re S 0.773 0.773 0.773 rg 61.016 184.799 m 550.984 184.799 l 550.984 185.549 l 61.016 185.549 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(STEP UP TO STRONGER PASSWORDS)] TJ ET 0.400 0.400 0.400 rg BT 61.016 664.909 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 664.909 Td /F3 9.0 Tf [(May 10,2021)] TJ ET BT 156.578 664.909 Td /F2 9.0 Tf [( by )] TJ ET BT 171.086 664.909 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 637.420 Td /F1 9.0 Tf [(Weak and reused passwords continue to be a common entry point for account or identity takeover and network )] TJ ET BT 61.016 626.431 Td /F1 9.0 Tf [(intrusions. Simple steps and tools exist to help you achieve unique, strong passwords for your accounts.)] TJ ET BT 61.016 606.442 Td /F4 9.0 Tf [( A password is often all that stands between you and sensitive data. It’s also often all that stands between a cyber criminal )] TJ ET BT 61.016 595.453 Td /F4 9.0 Tf [(and your account. Below are tips to help you create stronger passwords, manage them more easily, and take one further )] TJ ET BT 61.016 584.464 Td /F4 9.0 Tf [(step to protect against account theft.)] TJ ET 0.153 0.153 0.153 RG 85.866 567.291 m 85.866 567.703 85.696 568.113 85.404 568.405 c 85.113 568.696 84.703 568.866 84.291 568.866 c 83.878 568.866 83.469 568.696 83.177 568.405 c 82.885 568.113 82.716 567.703 82.716 567.291 c 82.716 566.879 82.885 566.469 83.177 566.177 c 83.469 565.886 83.878 565.716 84.291 565.716 c 84.703 565.716 85.113 565.886 85.404 566.177 c 85.696 566.469 85.866 566.879 85.866 567.291 c f BT 91.016 564.475 Td /F1 9.0 Tf [(Always:)] TJ ET BT 125.027 564.475 Td /F4 9.0 Tf [( Use a unique password for each account so )] TJ ET BT 305.117 564.475 Td /F2 9.0 Tf [(one)] TJ ET BT 320.129 564.475 Td /F4 9.0 Tf [( compromised password does not put )] TJ ET BT 472.193 564.475 Td /F2 9.0 Tf [(all)] TJ ET BT 481.193 564.475 Td /F4 9.0 Tf [( of your )] TJ ET BT 91.016 553.486 Td /F4 9.0 Tf [(accounts at risk of takeover.)] TJ ET 85.866 545.313 m 85.866 545.725 85.696 546.135 85.404 546.427 c 85.113 546.718 84.703 546.888 84.291 546.888 c 83.878 546.888 83.469 546.718 83.177 546.427 c 82.885 546.135 82.716 545.725 82.716 545.313 c 82.716 544.901 82.885 544.491 83.177 544.199 c 83.469 543.908 83.878 543.738 84.291 543.738 c 84.703 543.738 85.113 543.908 85.404 544.199 c 85.696 544.491 85.866 544.901 85.866 545.313 c f BT 91.016 542.497 Td /F1 9.0 Tf [(Good:)] TJ ET BT 117.512 542.497 Td /F4 9.0 Tf [( A good password is 10 or more characters in length, with a combination of uppercase and lowercase )] TJ ET BT 91.016 531.508 Td /F4 9.0 Tf [(letters, plus numbers and/or symbols — such as )] TJ ET BT 285.587 531.508 Td /F2 9.0 Tf [(pAMPh$3let)] TJ ET BT 334.610 531.508 Td /F4 9.0 Tf [(. Complex passwords can be challenging to )] TJ ET BT 91.016 520.519 Td /F4 9.0 Tf [(remember for even one site, let alone using multiple passwords for multiple sites; strong passwords are also )] TJ ET BT 91.016 509.530 Td /F4 9.0 Tf [(difficult to type on a smartphone keyboard \(for an easy password management option, see “best” below\).)] TJ ET 85.866 501.357 m 85.866 501.769 85.696 502.179 85.404 502.471 c 85.113 502.762 84.703 502.932 84.291 502.932 c 83.878 502.932 83.469 502.762 83.177 502.471 c 82.885 502.179 82.716 501.769 82.716 501.357 c 82.716 500.945 82.885 500.535 83.177 500.243 c 83.469 499.952 83.878 499.782 84.291 499.782 c 84.703 499.782 85.113 499.952 85.404 500.243 c 85.696 500.535 85.866 500.945 85.866 501.357 c f BT 91.016 498.541 Td /F1 9.0 Tf [(Better:)] TJ ET BT 120.014 498.541 Td /F4 9.0 Tf [( A passphrase uses a combination of words to achieve a length of 20 or more characters. That additional )] TJ ET BT 91.016 487.552 Td /F4 9.0 Tf [(length makes it's exponentially harder for hackers to crack, yet a passphrase is easier for you to remember and )] TJ ET BT 91.016 476.563 Td /F4 9.0 Tf [(more natural to type. To create a passphrase, generate four or more random words from a dictionary, mix in )] TJ ET BT 91.016 465.574 Td /F4 9.0 Tf [(uppercase letters, and add a number or symbol to make it even stronger — such as )] TJ ET BT 91.016 454.585 Td /F4 9.0 Tf [(rubbishconsiderGREENSwim$3. You’ll still find it challenging to remember multiple passphrases, though, so read )] TJ ET BT 91.016 443.596 Td /F4 9.0 Tf [(on.)] TJ ET 85.866 435.423 m 85.866 435.835 85.696 436.245 85.404 436.537 c 85.113 436.828 84.703 436.998 84.291 436.998 c 83.878 436.998 83.469 436.828 83.177 436.537 c 82.885 436.245 82.716 435.835 82.716 435.423 c 82.716 435.011 82.885 434.601 83.177 434.309 c 83.469 434.018 83.878 433.848 84.291 433.848 c 84.703 433.848 85.113 434.018 85.404 434.309 c 85.696 434.601 85.866 435.011 85.866 435.423 c f BT 91.016 432.607 Td /F1 9.0 Tf [(Best:)] TJ ET BT 113.516 432.607 Td /F4 9.0 Tf [( The strongest passwords are created by password managers — software that generates and keeps track of )] TJ ET BT 91.016 421.618 Td /F4 9.0 Tf [(complex and unique passwords for all of your accounts. All you need to remember is one complex password or )] TJ ET BT 91.016 410.629 Td /F4 9.0 Tf [(passphrase to access your password manager. With a password manager, you can look up passwords when you )] TJ ET BT 91.016 399.640 Td /F4 9.0 Tf [(need them, copy and paste from the vault, or use functionality within the software to log you in automatically. Best )] TJ ET BT 91.016 388.651 Td /F4 9.0 Tf [(practice is to add two-step verification to your password manager account. Keep reading!)] TJ ET 85.866 380.478 m 85.866 380.890 85.696 381.300 85.404 381.592 c 85.113 381.883 84.703 382.053 84.291 382.053 c 83.878 382.053 83.469 381.883 83.177 381.592 c 82.885 381.300 82.716 380.890 82.716 380.478 c 82.716 380.066 82.885 379.656 83.177 379.364 c 83.469 379.073 83.878 378.903 84.291 378.903 c 84.703 378.903 85.113 379.073 85.404 379.364 c 85.696 379.656 85.866 380.066 85.866 380.478 c f BT 91.016 377.662 Td /F1 9.0 Tf [(Step it up!)] TJ ET BT 135.017 377.662 Td /F4 9.0 Tf [( When you use two-step verification \(a.k.a., two-factor authentication or login approval\), a stolen )] TJ ET BT 91.016 366.673 Td /F4 9.0 Tf [(password doesn’t result in a stolen account. Anytime your account is logged into from a new device, you receive )] TJ ET BT 91.016 355.684 Td /F4 9.0 Tf [(an authorization check on your smartphone or another registered device. Without that second piece, a password )] TJ ET BT 91.016 344.695 Td /F4 9.0 Tf [(thief can’t get into your account. It’s the single best way to protect your account from cyber criminals.)] TJ ET BT 61.016 324.706 Td /F4 9.0 Tf [(https://youtu.be/pMPhBEoVulQ)] TJ ET 0.200 0.200 0.200 rg BT 61.016 302.079 Td /F1 11.7 Tf [(RESOURCES)] TJ ET 0.153 0.153 0.153 rg 85.866 284.247 m 85.866 284.659 85.696 285.069 85.404 285.361 c 85.113 285.652 84.703 285.822 84.291 285.822 c 83.878 285.822 83.469 285.652 83.177 285.361 c 82.885 285.069 82.716 284.659 82.716 284.247 c 82.716 283.835 82.885 283.425 83.177 283.133 c 83.469 282.842 83.878 282.672 84.291 282.672 c 84.703 282.672 85.113 282.842 85.404 283.133 c 85.696 283.425 85.866 283.835 85.866 284.247 c f BT 91.016 281.431 Td /F4 9.0 Tf [(Check out )] TJ ET 0.373 0.169 0.255 rg BT 134.036 281.431 Td /F4 9.0 Tf [(http://twofactorauth.org)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 134.036 280.280 m 226.088 280.280 l S 0.153 0.153 0.153 rg BT 226.088 281.431 Td /F4 9.0 Tf [( to see a list of services that offer two-step verification.)] TJ ET 0.153 0.153 0.153 RG 85.866 273.258 m 85.866 273.670 85.696 274.080 85.404 274.372 c 85.113 274.663 84.703 274.833 84.291 274.833 c 83.878 274.833 83.469 274.663 83.177 274.372 c 82.885 274.080 82.716 273.670 82.716 273.258 c 82.716 272.846 82.885 272.436 83.177 272.144 c 83.469 271.853 83.878 271.683 84.291 271.683 c 84.703 271.683 85.113 271.853 85.404 272.144 c 85.696 272.436 85.866 272.846 85.866 273.258 c f BT 91.016 270.442 Td /F4 9.0 Tf [(Learn more about )] TJ ET 0.373 0.169 0.255 rg BT 164.555 270.442 Td /F4 9.0 Tf [(passwords and securing your accounts)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 164.555 269.291 m 320.120 269.291 l S 0.153 0.153 0.153 rg BT 320.120 270.442 Td /F4 9.0 Tf [( from the National Cyber Security Alliance.)] TJ ET 0.153 0.153 0.153 RG 85.866 262.269 m 85.866 262.681 85.696 263.091 85.404 263.383 c 85.113 263.674 84.703 263.844 84.291 263.844 c 83.878 263.844 83.469 263.674 83.177 263.383 c 82.885 263.091 82.716 262.681 82.716 262.269 c 82.716 261.857 82.885 261.447 83.177 261.155 c 83.469 260.864 83.878 260.694 84.291 260.694 c 84.703 260.694 85.113 260.864 85.404 261.155 c 85.696 261.447 85.866 261.857 85.866 262.269 c f BT 91.016 259.453 Td /F4 9.0 Tf [(Consider whether a )] TJ ET 0.373 0.169 0.255 rg BT 171.548 259.453 Td /F4 9.0 Tf [(password manager)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 171.548 258.302 m 248.075 258.302 l S 0.153 0.153 0.153 rg BT 248.075 259.453 Td /F4 9.0 Tf [( is the right choice for you.)] TJ ET 0.153 0.153 0.153 RG 85.866 251.280 m 85.866 251.692 85.696 252.102 85.404 252.394 c 85.113 252.685 84.703 252.855 84.291 252.855 c 83.878 252.855 83.469 252.685 83.177 252.394 c 82.885 252.102 82.716 251.692 82.716 251.280 c 82.716 250.868 82.885 250.458 83.177 250.166 c 83.469 249.875 83.878 249.705 84.291 249.705 c 84.703 249.705 85.113 249.875 85.404 250.166 c 85.696 250.458 85.866 250.868 85.866 251.280 c f BT 91.016 248.464 Td /F4 9.0 Tf [(Explore )] TJ ET 0.373 0.169 0.255 rg BT 124.028 248.464 Td /F4 9.0 Tf [(Five Ways to Upgrade your Password this Password Day)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 124.028 247.313 m 352.097 247.313 l S 0.153 0.153 0.153 rg BT 352.097 248.464 Td /F4 9.0 Tf [(, which is observed in May each year.)] TJ ET 0.153 0.153 0.153 RG 85.866 240.291 m 85.866 240.703 85.696 241.113 85.404 241.405 c 85.113 241.696 84.703 241.866 84.291 241.866 c 83.878 241.866 83.469 241.696 83.177 241.405 c 82.885 241.113 82.716 240.703 82.716 240.291 c 82.716 239.879 82.885 239.469 83.177 239.177 c 83.469 238.886 83.878 238.716 84.291 238.716 c 84.703 238.716 85.113 238.886 85.404 239.177 c 85.696 239.469 85.866 239.879 85.866 240.291 c f BT 91.016 237.475 Td /F4 9.0 Tf [(Find more videos and a quiz at )] TJ ET 0.373 0.169 0.255 rg BT 216.575 237.475 Td /F4 9.0 Tf [(http://passwordday.org)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 216.575 236.324 m 307.619 236.324 l S 0.153 0.153 0.153 rg BT 307.619 237.475 Td /F4 9.0 Tf [(.)] TJ ET BT 61.016 217.486 Td /F4 9.0 Tf [( )] TJ ET 0.400 0.400 0.400 rg BT 61.016 198.997 Td /F2 9.0 Tf [(Posted in:E-mail,Security | Tagged:Password,Security | With 0 comments)] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Annot /Subtype /Link /A 13 0 R /Border [0 0 0] /H /I /Rect [ 134.0357 280.5985 226.0877 289.7560 ] >> endobj 13 0 obj << /Type /Action /S /URI /URI (http://twofactorauth.org/) >> endobj 14 0 obj << /Type /Annot /Subtype /Link /A 15 0 R /Border [0 0 0] /H /I /Rect [ 164.5547 269.6095 320.1197 278.7670 ] >> endobj 15 0 obj << /Type /Action /S /URI /URI (http://staysafeonline.org/stay-safe-online/protect-your-personal-information/passwords-and-securing-your-accounts) >> endobj 16 0 obj << /Type /Annot /Subtype /Link /A 17 0 R /Border [0 0 0] /H /I /Rect [ 171.5477 258.6205 248.0747 267.7780 ] >> endobj 17 0 obj << /Type /Action /S /URI /URI (http://library.educause.edu/resources/2015/7/password-managers) >> endobj 18 0 obj << /Type /Annot /Subtype /Link /A 19 0 R /Border [0 0 0] /H /I /Rect [ 124.0277 247.6315 352.0967 256.7890 ] >> endobj 19 0 obj << /Type /Action /S /URI /URI (http://nakedsecurity.sophos.com/2016/05/05/dont-do-it-5-ways-to-upgrade-your-passwords-this-passwordday/) >> endobj 20 0 obj << /Type /Annot /Subtype /Link /A 21 0 R /Border [0 0 0] /H /I /Rect [ 216.5747 236.6425 307.6187 245.8000 ] >> endobj 21 0 obj << /Type /Action /S /URI /URI (http://passwordday.org/) >> endobj xref 0 22 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000305 00000 n 0000000334 00000 n 0000000472 00000 n 0000000582 00000 n 0000011536 00000 n 0000011648 00000 n 0000011763 00000 n 0000011883 00000 n 0000011991 00000 n 0000012119 00000 n 0000012196 00000 n 0000012324 00000 n 0000012489 00000 n 0000012617 00000 n 0000012731 00000 n 0000012859 00000 n 0000013015 00000 n 0000013143 00000 n trailer << /Size 22 /Root 1 0 R /Info 5 0 R >> startxref 13218 %%EOF security « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

security

« Older Entries
Newer Entries »

Security tips for travelling at home and abroad

Wednesday, March 1st, 2017

Travelling without your electronic devices is highly unlikely — whether it’s to the coffee shop around the corner or overseas. These devices make it easy for us to stay connected while on the go, but they can also store a lot of information — including contacts, photos, videos, location, and other personal and financial data — about ourselves and our friends and family. Following are some ways to protect yourself and others.

Before you go:

  • If possible, do not take your work or personal devices with you on international trips. If you do, remove or encrypt any confidential data.
  • For international travel, consider using temporary devices, such as an inexpensive laptop and a prepaid cell phone purchased specifically for travel. (For business travel, your employer may have specific policies about device use and travelling abroad.)
  • Install a device finder or manager on your mobile device in case it is lost or stolen. Make sure it has remote wipe capabilities and that you know how to do a remote wipe.
  • Ensure that any device with an operating system and software is fully patched and up-to-date with security software.
  • Makes copies of your travel documents and any credit cards you’re taking with you. Leave the copies with a trusted friend, in case the items are lost or stolen.
  • Keep prying eyes out! Use strong passwords, passcodes, or smart-phone touch ID to lock and protect your devices.
  • Avoid posting social media announcements about your travel plans; such announcements make you an easy target for thieves. Wait until you’re home to post your photos or share details about your trip.

While you’re there:

  • Physically protect yourself, your devices, and any identification documents (especially your passport).
  • Don’t use an ATM unless you have no other option; instead, work with a teller inside the bank. If you must use an ATM, only do so during daylight hours and ask a friend to watch your back. Also, check the ATM for any skimming devices, and use your hand to cover the number pad as you enter your PIN.
  • It’s hard to resist sharing photos or telling friends and family about your adventures, but it’s best to wait to post about your trip on social media until you return home.
  • Never use the computers available in public areas, hotel business centres, or cyber cafĂ©s since they may be loaded with keyloggers and malware. If you use a device belonging to other travellers, colleagues, or friends, do not log in to e-mail or any sensitive accounts.
  • Be careful when using public wireless networks or Wi-Fi hotspots; they’re not secure, so anyone could potentially see what you’re doing on your computer or mobile device while you’re connected.
  • Disable Wi-Fi and Bluetooth when not in use. Some stores and other locations search for devices with Wi-Fi or Bluetooth enabled to track your movements when you’re within range.
  • Keep your devices with you at all times during your travels. Do not assume they will be safe in your hotel room or in a hotel safe.

When you return:

  • Change any and all passwords you may have used abroad.
  • Run full antivirus scans on your devices.
  • If you used a credit card while travelling, check your monthly statements for any discrepancies for at least one year after you return.
  • If you downloaded any apps specifically for your trip and no longer need them, be sure to delete those apps and the associated data.
  • Post all of your photos on social media and enjoy reliving the experience!

Also read the New York Times article, “Traveling Light in a Time of Digital Thievery”. Looking for hotel safety tips? Watch this four-minute Travel Channel video, which explains how to avoid thefts, Wi-Fi hackers, and fire-hazard hotels.

 

[SOURCE: www.educause.edu]

Email

Tags:
Posted in Security, Tips | Comments Off on Security tips for travelling at home and abroad

Warning about (Standard Bank) phishing scam being sent from university e-mail address

Friday, February 24th, 2017

It seems that phishing scammers are again using some student accounts, either by direct access or address “spoofing” (a technique commonly used by spammers to hide the origin of their e-mails by using a forged return address ) to send phishing mail such as the one below to many university accounts.

The phishers attempt to trick the recipients of their mail into thinking that because the mail is from a “sun.ac.za” account, it is genuine.

The mail below is an obvious phishing scam and should not be responded to. Also, don’t click on the enclosed links or provide any usernames, passwords or personal details to the senders.

Looking at the mail below, note the following 5 “warning signs”.

  1. No personal salutation – Just “Valued Customer”.
  2. Intimidating threats should you not comply – “Failure to Update”.
  3. Request to click a link to verify your details or to provide usernames and passwords
  4. The link takes you to a webpage that might look legitimate but is not based in the university network. (this phishing scam originated in Sri Lanka)
  5. Poor grammar and spelling.

Never be fooled if a mail seems as if it was sent from a university address.

In this case, the e-mail address of an Agricultural Sciences student was used.

Information Technology does have a good automated mechanism for submitting spam. It is quite simple to use, but being automated there will be no indication or acknowledgement that the mail has been received by Information Technology:

  1. Start a new mail addressed to sysadm@sun.ac.za
  2. Use the Title “SPAM” (without quotes) in the Subject field.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an attachment and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the e-mail.

Do not “Forward” the Spam mail to this address. When you forward the original sender and all the information that the spam filters use to filter out the mail is lost and the Forwarded mail will be rendered useless for the filters.

Here is the mail that is circulating at the moment (malicious links have been removed):

From: Compromised, Student Account <12345678@sun.ac.za>

Sent: 23 February 2017 16:00

Subject: Mandatory Update 

Dear Valued Customer, 

STANDARD BANK MONETARY SERVICES 

We wish to inform you that your Credit Card has been listed for suspension due to recent Error/Traffic on your previous transaction. 

You are MANDATED to re-update your details here: https://dont.click.on.this.link.com 

Failure to Update within 24Hours will Lead to your Banking Services Suspension/Interruption.

We are sorry for any inconveniences this might have caused you.

[ARTICLE BY DAVID WILES]

 

Email

Tags: ,
Posted in E-mail, Security | Comments Off on Warning about (Standard Bank) phishing scam being sent from university e-mail address

Ransomware attack uses fake SA Post Office e-mails

Wednesday, February 22nd, 2017

Be aware that a ransomware attack using fake SA Post Office e-mail has made its appearance recently on the Tygerberg network.

The hacking attack, originating in Russia, uses fake e-mails from the SA Post Office to inform the victim of a parcel intended for delivery. The mail contains a link which downloads malicious software – in this case a nefarious variant of the Cryptolocker malware.

Crypto ransomware is a type of malware used to extort money from victims by preventing access to their computer or files. Recovery of infected systems is virtually impossible without clean backups.

When the victim opens the malicious e-mail attachment, the virus attacks the target PC system, encrypts victim’s files and displays a ransom note, which informs the victim that in order to restore access to their files, a ransom of between $100 and $500 must be paid. Victims have only a certain amount of time to pay a ransom or they will lose access to their files forever.

If you have been backing up your data and have extra copies of your photos, documents, and other files, you won’t need to pay a ransom. Reformatting your drive, and restoring the drive from backup is the only reliable way of undoing the damage.

Cryptolocker ransomware is a nasty infection. Criminals only seek to earn easy money and frequently manage to do so. For victims of this ransomware, I want to emphasise that paying the ransom will not solve the problem. There is no guarantee that your data will be restored. Making the payment will not help to remove Cryptolocker ransomware.

Here is some advice to prevent becoming a ransomware victim:

  • Use spam filters and be cautious when opening e-mails, especially if there are attachments.
  • Make sure you are using reputable, up-to-date security products.
  • Make sure your operating system and applications are up to date and fully patched.
  • Run a regular scan of your computer.
  • Set and use strong and unique passwords.
  • Set passwords on all your hardware devices (modems and routers).
  • Back up your data.
  • Keep a backup copy of your data in a safe place, disconnected from your computer and the internet.
  • Only visit reputable websites and online services.

[ARTICLE BY DAVID WILES]

 

Email

Tags: ,
Posted in E-mail, Security | Comments Off on Ransomware attack uses fake SA Post Office e-mails

Learn What It Takes to Refuse the Phishing Bait!

Wednesday, February 1st, 2017

Cybercriminals know the best strategies for gaining access to your institution’s sensitive data. In most cases, it doesn’t involve them rappelling from a ceiling’s skylight and deftly avoiding a laser detection system to hack into your servers; instead, they simply manipulate one staff member or student.

According to IBM’s 2014 Cyber Security Intelligence Index, human error is a factor in 95 percent of security incidents. Following are a few ways to identify various types of social engineering attacks and their telltale signs.

  • Phishing isn’t relegated to just e-mail! Cyber criminals will also launch phishing attacks through phone calls, text messages, or other online messaging applications. Don’t know the sender or caller? Seem too good to be true? It’s probably a phishing attack.
  • Know the signs. Does the e-mail contain a vague salutation, spelling or grammatical errors, an urgent request, and/or an offer that seems impossibly good? Click that delete button.
  • Verify the sender. Check the sender’s e-mail address to make sure it’s legitimate. If it appears that our help desk is asking you to click on a link to increase your mailbox quota, but the sender is “UniversityHelpDesk@yahoo.com,” it’s a phishing message.
  • Don’t be duped by aesthetics. Phishing e-mails often contain convincing logos, links to actual company websites, legitimate phone numbers, and e-mail signatures of actual employees. However, if the message is urging you to take action — especially action such as sending sensitive information, clicking on a link, or downloading an attachment — exercise caution and look for other telltale signs of phishing attacks. Don’t hesitate to contact the company directly; they can verify legitimacy and may not even be aware that their name is being used for fraud.
  • Never, ever share your password. Did we say never? Yup, we mean never.Your password is the key to your identity, your data, and your classmates’ and colleagues’ data. It is for your eyes only. The IT department will never ask you for your password.
  • Avoid opening links and attachments from unknown senders. Get into the habit of typing known URLs into your browser. Don’t open attachments unless you’re expecting a file from someone. Give them a call if you’re suspicious.
  • When you’re not sure, call to verify. Let’s say you receive an e-mail claiming to be from someone you know — a friend, colleague, or even the rector of the university. Cyber criminals often spoof addresses to convince you, then request that you perform an action such as transfer funds or provide sensitive information. If something seems off about the e-mail, call them at a known number listed in the university’s directory to confirm the request.
  • Don’t talk to strangers! Receive a call from someone you don’t know? Are they asking you to provide information or making odd requests? Hang up the phone and report it to the helpdesk.
  • Don’t be tempted by abandoned flash drives. Cyber criminals may leave flash drives lying around for victims to pick up and insert, thereby unknowingly installing malware on their computers. You might be tempted to insert a flash drive only to find out the rightful owner, but be wary — it could be a trap.
  • See someone suspicious? Say something. If you notice someone suspicious walking around or “tailgating” someone else, especially in an off-limits area, call campus safety.

[ARTICLE FROM Educause]

Email

Tags: , ,
Posted in E-mail, General, Security | Comments Off on Learn What It Takes to Refuse the Phishing Bait!

Latest WhatsApp hoax

Monday, January 9th, 2017

If you are a user of the popular chat app WhatsApp, you should be aware of the latest hoax that states that the chat service will soon start charging a fee.

Here is an example of the current hoax:

Tomorrow at 6 pm they are ending WhatsApp and you have to pay to open it, this is by law. 

This message is to inform all of our users, our servers have recently been very congested, so we are asking you to help us solve this problem. We require our active users to forward this message to each of the people in their contact list to confirm our active users using WhatsApp. 

If you do not send this message to all your contacts WhatsApp will start to charge you. 

The message is allegedly sent from Whatsapp’s chief executive officer – Jim Balsamic.

  1. The real CEO of WhatsApp is Jan Koum.
  2. WhatsApp publically declared that they’ll never charge users for the service. [ https://blog.whatsapp.com/615/Making-WhatsApp-free-and-more-useful ]

This isn’t the first time this sort of hoax has plagued the web – a similar message was sent around in 2013.

In some cases, it was reported that victims of this hoax were “tricked” into opening a legitimate-looking Word, Excel or PDF document attached to a WhatsApp message. The PDF attachment then downloaded malware to devices to steal personal information.

Another student reported that one message they received tried to persuade them to download a R200 Edgars voucher. In reality, the link simply installed cookies and a browser extension on their phone that flooded the phone with adverts.

Always be wary of messages with the following characteristics:

  1. The person sending the message claims to be associated with WhatsApp.
  2. The message contains instructions telling you to forward the message. (Use a bit of common sense here. According to this hoax message, WhatsApp servers are “very congested” and Jim Balsamic want you to add to the congestion by forwarding the message to all your WhatsApp contacts?)
  3. The message says you will suffer some sort of punishment, like account suspension, if you don’t follow the instructions.
  4. The message promises a reward or gift from Whatsapp or another party.
  5. Just because a message was forwarded to you by a friend or family member, doesn’t make it legitimate. (friends and family can be just as gullible as any other person)

[ARTICLE BY DAVID WILES]

Email

Tags: , ,
Posted in Security | Comments Off on Latest WhatsApp hoax

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.