%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20250717134812+00'00') /ModDate (D:20250717134812+00'00') /Title (Report 07-2025) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Annots [ 12 0 R 14 0 R 16 0 R 18 0 R 20 0 R ] /Contents 7 0 R >> endobj 7 0 obj << /Length 10901 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 169.049 521.469 577.685 re f 0.773 0.773 0.773 RG 0.75 w 0 J [ ] 0 d 45.641 169.424 520.719 576.935 re S 0.773 0.773 0.773 rg 61.016 184.799 m 550.984 184.799 l 550.984 185.549 l 61.016 185.549 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(STEP UP TO STRONGER PASSWORDS)] TJ ET 0.400 0.400 0.400 rg BT 61.016 664.909 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 664.909 Td /F3 9.0 Tf [(May 10,2021)] TJ ET BT 156.578 664.909 Td /F2 9.0 Tf [( by )] TJ ET BT 171.086 664.909 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 637.420 Td /F1 9.0 Tf [(Weak and reused passwords continue to be a common entry point for account or identity takeover and network )] TJ ET BT 61.016 626.431 Td /F1 9.0 Tf [(intrusions. Simple steps and tools exist to help you achieve unique, strong passwords for your accounts.)] TJ ET BT 61.016 606.442 Td /F4 9.0 Tf [( A password is often all that stands between you and sensitive data. It’s also often all that stands between a cyber criminal )] TJ ET BT 61.016 595.453 Td /F4 9.0 Tf [(and your account. Below are tips to help you create stronger passwords, manage them more easily, and take one further )] TJ ET BT 61.016 584.464 Td /F4 9.0 Tf [(step to protect against account theft.)] TJ ET 0.153 0.153 0.153 RG 85.866 567.291 m 85.866 567.703 85.696 568.113 85.404 568.405 c 85.113 568.696 84.703 568.866 84.291 568.866 c 83.878 568.866 83.469 568.696 83.177 568.405 c 82.885 568.113 82.716 567.703 82.716 567.291 c 82.716 566.879 82.885 566.469 83.177 566.177 c 83.469 565.886 83.878 565.716 84.291 565.716 c 84.703 565.716 85.113 565.886 85.404 566.177 c 85.696 566.469 85.866 566.879 85.866 567.291 c f BT 91.016 564.475 Td /F1 9.0 Tf [(Always:)] TJ ET BT 125.027 564.475 Td /F4 9.0 Tf [( Use a unique password for each account so )] TJ ET BT 305.117 564.475 Td /F2 9.0 Tf [(one)] TJ ET BT 320.129 564.475 Td /F4 9.0 Tf [( compromised password does not put )] TJ ET BT 472.193 564.475 Td /F2 9.0 Tf [(all)] TJ ET BT 481.193 564.475 Td /F4 9.0 Tf [( of your )] TJ ET BT 91.016 553.486 Td /F4 9.0 Tf [(accounts at risk of takeover.)] TJ ET 85.866 545.313 m 85.866 545.725 85.696 546.135 85.404 546.427 c 85.113 546.718 84.703 546.888 84.291 546.888 c 83.878 546.888 83.469 546.718 83.177 546.427 c 82.885 546.135 82.716 545.725 82.716 545.313 c 82.716 544.901 82.885 544.491 83.177 544.199 c 83.469 543.908 83.878 543.738 84.291 543.738 c 84.703 543.738 85.113 543.908 85.404 544.199 c 85.696 544.491 85.866 544.901 85.866 545.313 c f BT 91.016 542.497 Td /F1 9.0 Tf [(Good:)] TJ ET BT 117.512 542.497 Td /F4 9.0 Tf [( A good password is 10 or more characters in length, with a combination of uppercase and lowercase )] TJ ET BT 91.016 531.508 Td /F4 9.0 Tf [(letters, plus numbers and/or symbols — such as )] TJ ET BT 285.587 531.508 Td /F2 9.0 Tf [(pAMPh$3let)] TJ ET BT 334.610 531.508 Td /F4 9.0 Tf [(. Complex passwords can be challenging to )] TJ ET BT 91.016 520.519 Td /F4 9.0 Tf [(remember for even one site, let alone using multiple passwords for multiple sites; strong passwords are also )] TJ ET BT 91.016 509.530 Td /F4 9.0 Tf [(difficult to type on a smartphone keyboard \(for an easy password management option, see “best” below\).)] TJ ET 85.866 501.357 m 85.866 501.769 85.696 502.179 85.404 502.471 c 85.113 502.762 84.703 502.932 84.291 502.932 c 83.878 502.932 83.469 502.762 83.177 502.471 c 82.885 502.179 82.716 501.769 82.716 501.357 c 82.716 500.945 82.885 500.535 83.177 500.243 c 83.469 499.952 83.878 499.782 84.291 499.782 c 84.703 499.782 85.113 499.952 85.404 500.243 c 85.696 500.535 85.866 500.945 85.866 501.357 c f BT 91.016 498.541 Td /F1 9.0 Tf [(Better:)] TJ ET BT 120.014 498.541 Td /F4 9.0 Tf [( A passphrase uses a combination of words to achieve a length of 20 or more characters. That additional )] TJ ET BT 91.016 487.552 Td /F4 9.0 Tf [(length makes it's exponentially harder for hackers to crack, yet a passphrase is easier for you to remember and )] TJ ET BT 91.016 476.563 Td /F4 9.0 Tf [(more natural to type. To create a passphrase, generate four or more random words from a dictionary, mix in )] TJ ET BT 91.016 465.574 Td /F4 9.0 Tf [(uppercase letters, and add a number or symbol to make it even stronger — such as )] TJ ET BT 91.016 454.585 Td /F4 9.0 Tf [(rubbishconsiderGREENSwim$3. You’ll still find it challenging to remember multiple passphrases, though, so read )] TJ ET BT 91.016 443.596 Td /F4 9.0 Tf [(on.)] TJ ET 85.866 435.423 m 85.866 435.835 85.696 436.245 85.404 436.537 c 85.113 436.828 84.703 436.998 84.291 436.998 c 83.878 436.998 83.469 436.828 83.177 436.537 c 82.885 436.245 82.716 435.835 82.716 435.423 c 82.716 435.011 82.885 434.601 83.177 434.309 c 83.469 434.018 83.878 433.848 84.291 433.848 c 84.703 433.848 85.113 434.018 85.404 434.309 c 85.696 434.601 85.866 435.011 85.866 435.423 c f BT 91.016 432.607 Td /F1 9.0 Tf [(Best:)] TJ ET BT 113.516 432.607 Td /F4 9.0 Tf [( The strongest passwords are created by password managers — software that generates and keeps track of )] TJ ET BT 91.016 421.618 Td /F4 9.0 Tf [(complex and unique passwords for all of your accounts. All you need to remember is one complex password or )] TJ ET BT 91.016 410.629 Td /F4 9.0 Tf [(passphrase to access your password manager. With a password manager, you can look up passwords when you )] TJ ET BT 91.016 399.640 Td /F4 9.0 Tf [(need them, copy and paste from the vault, or use functionality within the software to log you in automatically. Best )] TJ ET BT 91.016 388.651 Td /F4 9.0 Tf [(practice is to add two-step verification to your password manager account. Keep reading!)] TJ ET 85.866 380.478 m 85.866 380.890 85.696 381.300 85.404 381.592 c 85.113 381.883 84.703 382.053 84.291 382.053 c 83.878 382.053 83.469 381.883 83.177 381.592 c 82.885 381.300 82.716 380.890 82.716 380.478 c 82.716 380.066 82.885 379.656 83.177 379.364 c 83.469 379.073 83.878 378.903 84.291 378.903 c 84.703 378.903 85.113 379.073 85.404 379.364 c 85.696 379.656 85.866 380.066 85.866 380.478 c f BT 91.016 377.662 Td /F1 9.0 Tf [(Step it up!)] TJ ET BT 135.017 377.662 Td /F4 9.0 Tf [( When you use two-step verification \(a.k.a., two-factor authentication or login approval\), a stolen )] TJ ET BT 91.016 366.673 Td /F4 9.0 Tf [(password doesn’t result in a stolen account. Anytime your account is logged into from a new device, you receive )] TJ ET BT 91.016 355.684 Td /F4 9.0 Tf [(an authorization check on your smartphone or another registered device. Without that second piece, a password )] TJ ET BT 91.016 344.695 Td /F4 9.0 Tf [(thief can’t get into your account. It’s the single best way to protect your account from cyber criminals.)] TJ ET BT 61.016 324.706 Td /F4 9.0 Tf [(https://youtu.be/pMPhBEoVulQ)] TJ ET 0.200 0.200 0.200 rg BT 61.016 302.079 Td /F1 11.7 Tf [(RESOURCES)] TJ ET 0.153 0.153 0.153 rg 85.866 284.247 m 85.866 284.659 85.696 285.069 85.404 285.361 c 85.113 285.652 84.703 285.822 84.291 285.822 c 83.878 285.822 83.469 285.652 83.177 285.361 c 82.885 285.069 82.716 284.659 82.716 284.247 c 82.716 283.835 82.885 283.425 83.177 283.133 c 83.469 282.842 83.878 282.672 84.291 282.672 c 84.703 282.672 85.113 282.842 85.404 283.133 c 85.696 283.425 85.866 283.835 85.866 284.247 c f BT 91.016 281.431 Td /F4 9.0 Tf [(Check out )] TJ ET 0.373 0.169 0.255 rg BT 134.036 281.431 Td /F4 9.0 Tf [(http://twofactorauth.org)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 134.036 280.280 m 226.088 280.280 l S 0.153 0.153 0.153 rg BT 226.088 281.431 Td /F4 9.0 Tf [( to see a list of services that offer two-step verification.)] TJ ET 0.153 0.153 0.153 RG 85.866 273.258 m 85.866 273.670 85.696 274.080 85.404 274.372 c 85.113 274.663 84.703 274.833 84.291 274.833 c 83.878 274.833 83.469 274.663 83.177 274.372 c 82.885 274.080 82.716 273.670 82.716 273.258 c 82.716 272.846 82.885 272.436 83.177 272.144 c 83.469 271.853 83.878 271.683 84.291 271.683 c 84.703 271.683 85.113 271.853 85.404 272.144 c 85.696 272.436 85.866 272.846 85.866 273.258 c f BT 91.016 270.442 Td /F4 9.0 Tf [(Learn more about )] TJ ET 0.373 0.169 0.255 rg BT 164.555 270.442 Td /F4 9.0 Tf [(passwords and securing your accounts)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 164.555 269.291 m 320.120 269.291 l S 0.153 0.153 0.153 rg BT 320.120 270.442 Td /F4 9.0 Tf [( from the National Cyber Security Alliance.)] TJ ET 0.153 0.153 0.153 RG 85.866 262.269 m 85.866 262.681 85.696 263.091 85.404 263.383 c 85.113 263.674 84.703 263.844 84.291 263.844 c 83.878 263.844 83.469 263.674 83.177 263.383 c 82.885 263.091 82.716 262.681 82.716 262.269 c 82.716 261.857 82.885 261.447 83.177 261.155 c 83.469 260.864 83.878 260.694 84.291 260.694 c 84.703 260.694 85.113 260.864 85.404 261.155 c 85.696 261.447 85.866 261.857 85.866 262.269 c f BT 91.016 259.453 Td /F4 9.0 Tf [(Consider whether a )] TJ ET 0.373 0.169 0.255 rg BT 171.548 259.453 Td /F4 9.0 Tf [(password manager)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 171.548 258.302 m 248.075 258.302 l S 0.153 0.153 0.153 rg BT 248.075 259.453 Td /F4 9.0 Tf [( is the right choice for you.)] TJ ET 0.153 0.153 0.153 RG 85.866 251.280 m 85.866 251.692 85.696 252.102 85.404 252.394 c 85.113 252.685 84.703 252.855 84.291 252.855 c 83.878 252.855 83.469 252.685 83.177 252.394 c 82.885 252.102 82.716 251.692 82.716 251.280 c 82.716 250.868 82.885 250.458 83.177 250.166 c 83.469 249.875 83.878 249.705 84.291 249.705 c 84.703 249.705 85.113 249.875 85.404 250.166 c 85.696 250.458 85.866 250.868 85.866 251.280 c f BT 91.016 248.464 Td /F4 9.0 Tf [(Explore )] TJ ET 0.373 0.169 0.255 rg BT 124.028 248.464 Td /F4 9.0 Tf [(Five Ways to Upgrade your Password this Password Day)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 124.028 247.313 m 352.097 247.313 l S 0.153 0.153 0.153 rg BT 352.097 248.464 Td /F4 9.0 Tf [(, which is observed in May each year.)] TJ ET 0.153 0.153 0.153 RG 85.866 240.291 m 85.866 240.703 85.696 241.113 85.404 241.405 c 85.113 241.696 84.703 241.866 84.291 241.866 c 83.878 241.866 83.469 241.696 83.177 241.405 c 82.885 241.113 82.716 240.703 82.716 240.291 c 82.716 239.879 82.885 239.469 83.177 239.177 c 83.469 238.886 83.878 238.716 84.291 238.716 c 84.703 238.716 85.113 238.886 85.404 239.177 c 85.696 239.469 85.866 239.879 85.866 240.291 c f BT 91.016 237.475 Td /F4 9.0 Tf [(Find more videos and a quiz at )] TJ ET 0.373 0.169 0.255 rg BT 216.575 237.475 Td /F4 9.0 Tf [(http://passwordday.org)] TJ ET 0.373 0.169 0.255 RG 0.18 w 0 J [ ] 0 d 216.575 236.324 m 307.619 236.324 l S 0.153 0.153 0.153 rg BT 307.619 237.475 Td /F4 9.0 Tf [(.)] TJ ET BT 61.016 217.486 Td /F4 9.0 Tf [( )] TJ ET 0.400 0.400 0.400 rg BT 61.016 198.997 Td /F2 9.0 Tf [(Posted in:E-mail,Security | Tagged:Password,Security | With 0 comments)] TJ ET endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /Annot /Subtype /Link /A 13 0 R /Border [0 0 0] /H /I /Rect [ 134.0357 280.5985 226.0877 289.7560 ] >> endobj 13 0 obj << /Type /Action /S /URI /URI (http://twofactorauth.org/) >> endobj 14 0 obj << /Type /Annot /Subtype /Link /A 15 0 R /Border [0 0 0] /H /I /Rect [ 164.5547 269.6095 320.1197 278.7670 ] >> endobj 15 0 obj << /Type /Action /S /URI /URI (http://staysafeonline.org/stay-safe-online/protect-your-personal-information/passwords-and-securing-your-accounts) >> endobj 16 0 obj << /Type /Annot /Subtype /Link /A 17 0 R /Border [0 0 0] /H /I /Rect [ 171.5477 258.6205 248.0747 267.7780 ] >> endobj 17 0 obj << /Type /Action /S /URI /URI (http://library.educause.edu/resources/2015/7/password-managers) >> endobj 18 0 obj << /Type /Annot /Subtype /Link /A 19 0 R /Border [0 0 0] /H /I /Rect [ 124.0277 247.6315 352.0967 256.7890 ] >> endobj 19 0 obj << /Type /Action /S /URI /URI (http://nakedsecurity.sophos.com/2016/05/05/dont-do-it-5-ways-to-upgrade-your-passwords-this-passwordday/) >> endobj 20 0 obj << /Type /Annot /Subtype /Link /A 21 0 R /Border [0 0 0] /H /I /Rect [ 216.5747 236.6425 307.6187 245.8000 ] >> endobj 21 0 obj << /Type /Action /S /URI /URI (http://passwordday.org/) >> endobj xref 0 22 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000305 00000 n 0000000334 00000 n 0000000472 00000 n 0000000582 00000 n 0000011536 00000 n 0000011648 00000 n 0000011763 00000 n 0000011883 00000 n 0000011991 00000 n 0000012119 00000 n 0000012196 00000 n 0000012324 00000 n 0000012489 00000 n 0000012617 00000 n 0000012731 00000 n 0000012859 00000 n 0000013015 00000 n 0000013143 00000 n trailer << /Size 22 /Root 1 0 R /Info 5 0 R >> startxref 13218 %%EOF security « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

security

« Older Entries
Newer Entries »

Scam warning: UPS Parcel Receipt with infected attachment

Wednesday, November 30th, 2016

The holiday season is upon us and there is a lot of activity around this time of the year with parcels being delivered both at home and at the university. This is being exploited by the scammers.

There is currently a UPS scam making its rounds in university mailboxes, where victims are lured into clicking a download link.

If you have received a package via the parcel company like UPS or DHL, you might be tempted open up an e-mail that seems to come from them, saying they have a package for you. There might be an attachment that you are asked to open to confirm your address or to fill in your personal details for “verification”.

The whole thing is a scam. Clicking on the attachment will download a Trojan virus onto your computer which will just sit there doing its nefarious work — reading your files, including confidential information, then transmitting the details to a server somewhere that is controlled by the criminals.

It seems there are two main variations of this “parcel delivery” scam – both looking like a genuine notification.

  • The first one tells you the parcel service tried, but was unable to deliver a package to you because of an incorrect address. The subject heading usually has a phony tracking number. The attachment is supposedly a copy of a waybill or invoice for you to print and use to collect the parcel from a UPS office.
  • The second is a customs notification and may even seem to come from “US Customs Service” rather than UPS. It says you have an international package (usually from Europe) and that you need to complete the attached customs form so it can be delivered.

In both these cases, the attachment is a compressed ZIP file (that is, one with a name that ends in “.zip”), even though the icon may look like a Word document. As soon as you double click on it, it will install a program onto your computer will then download and install several files on your system. These may disable your firewall, look for and steal credit card and bank account details, make screen snapshots and allow hackers full access to your machine.

This attack underlines the danger of opening an attached file in an email, even if it appears to come from a person or organization you know or frequently deal with.

Here is an example of one such mail.

 

 

From: Usps Parcel [mailto:shipment@uspc.com]

Sent: 28 November 2016 07:29 AM

To: Recipients <shipment@uspc.com>

Subject: Parcel Receipt

 

USPS Shipment Notification

A parcel was sent to our office for you and we have tried to deliver it several times to your address on file.

Attached is the receipt via Dropbox, used in sending you the parcel. We advise you DOWNLOAD the document and reconfirm the address on receipt if its your valid address.

For further assistance, please call USPS Customer Service.

For International Customer Service, please use official USPS site.

 

Copyright © 2016 USPS. All Rights Reserved.

This message has been scanned for viruses and dangerous content by Fair Distribution MailScanner, and is believed to be clean. 

 

So do not succumb to the temptation of opening up attachments in emails, especially if it comes from couriers and parcel delivery companies like UPS or DHL. It is the end of the year. Our energy and concentration is ebbing and we are all more vulnerable, making us all potential targets of the cyber-criminal.

[ARTICLE BY DAVID WILES]

Email

Tags: , ,
Posted in E-mail, Security | Comments Off on Scam warning: UPS Parcel Receipt with infected attachment

Whatsapp scams

Wednesday, November 23rd, 2016

WhatsApp is a popular communication tool, used by students and personnel every day. On the downside, it provides cyber criminals with another way to convince you to part with your well-earned money and unfortunately it’s usually quite convincing.

WhatsApp scams come in many different forms and are often very convincing. Just make sure that you stay vigilant and don’t fall for anything that seems too good or too worrying to be true. Just because a friend or a family member sends you something, it doesn’t mean that it is safe.

Voucher scams

A message arrives in your WhatsApp from someone who looks like your friend, recommending a deal they’ve found. The messages usually come with a link that actually takes you to another website and tricks you into giving your personal information. Don’t ever click a link you’re not sure of and certainly don’t ever hand over personal information to a website you haven’t checked.

WhatsApp shutting down

There are many fake messages claiming that WhatsApp is going to end unless enough people share a certain message. The messages often look convincing, claiming to come from the CEO or another official. They’re written using the right words and phrases and look like an official statement. Any official statement wouldn’t need users to send it to everyone like a round robin. You would either see it in the news or it’ll come up as a proper notification in the app from the actual WhatsApp team.

WhatsApp threatening to shut down your account

This is very similar to the previous scam. It looks like an official message that claims that people’s WhatsApp accounts are being shut down for being inactive. Sending the message on will prove that it’s actually being used and often instructs people to pass it along.

WhatsApp forcing you to pay

Similar to the previous scam, with the only difference being that the message supposedly exempts you from having to pay for your account – if you send it on to other people.

WhatsApp Gold or WhatsApp Premium

The claim suggests that people pay for or download a special version of WhatsApp, usually called Gold or Premium. It offers a range of exciting-sounding features, like the ability to send more pictures, use new emoji or add extra security features. The problem is that it is far from secure. Downloading the app infects people’s phones with malware that use the phone to send more fake messages at the cost of the original victim.

Emails from WhatsApp

Spam e-mails are bad enough. E-mails plus WhatsApp is even worse. There’s a range of scams out there that send people e-mails that look like they’ve come from WhatsApp, usually looking like a notification for a missed voice call or voicemail. But when you click through, you will end up getting tricked into giving over your information, passphrases etc. Don’t ever click on an e-mail from a questionable sender. WhatsApp doesn’t send you e-mails including information about missed calls or voicemails.

Fake WhatsApp spying apps

Currently, it is not possible to let people spy on other’s conversations on WhatsApp, because it has end-to-end encryption enabled, which ensures that messages can only be read by the phones that send and receive them. These scam apps encourage people to download something that isn’t actually real and force people to pay money for malware, or actually read your chats once they’ve got onto your phone.

Lastly – 

Hopefully, you have  already blocked sharing your WhatsApp details with Facebook (telephone number, name etc. and allowing Facebook to suggest phone contacts as friends) and Facebook will not be able to  make your WhatsApp account accessible to the 13 million South African Facebook users.

There are some details about this controversial policy change by WhatsApp on the following page: http://www.mirror.co.uk/tech/you-can-stop-whatsapp-sharing-8893949

 

[ARTICLE BY DAVID WILES]

 

 

Email

Tags: , , , ,
Posted in Apps, Communication | Comments Off on Whatsapp scams

Lose your cellphone, lose your info

Friday, October 24th, 2014

If you lost your cellphone today, what would a criminal have access to? Your smses? Your banking details? Your private documents saved in your e-mail? Or sensitive work documents even?

And yet, we carry this invaluable information with us every day. We absentmindedly wander around talking in public while we’re within reaching distance of any opportunistic criminal. But there are also other ways to access information on your phone by means of spyware and other suspicious software.

We use our cellphones more and more to organise and plan our lives and at the same time, make ourselves more vulnerable.

However, there are a few measures you can take to ensure you don’t become a victim.

1. PASSWORD OR PIN

This is your most important first line of defense. Without a PIN or password, anyone can get hold of your cellphone, access your e-mail, bank details, sms and personal information.

smartphone-icon-1340911-mAnd Microsoft’s head of online security agrees.”Using a PIN or unique password is the single most important thing to do as a user of a smartphone to protect the device, the data and your reputation.” According to Beauchere the data on your phone is also more recent than the data on your desktop or laptop. This increases the risk even more.

Last year Microsoft conducted a worldwide online survey regarding the usage of PINs. 10 000 desktop and mobile device users from 20 countries took part. Only 28% of these used a PIN on a device.

2.CELLPHONE APPS

Be very careful which apps you download and where you download them from. It’s great having an app to streamline your life or one to entertain you, but weigh the pros and cons against each other.

Even if an app looks nifty, rather download a similar one from renowned app shops like iTunes, Google Play and Amazon. So some research. Read other readers’ comments, how they rate the app and if they experienced any problems with it.

3. DUBIOUS LINKS

According to research people are 3 times more likely to click on a link on their phone than one on their PCs. The fact that the screen is smaller and dubious links not as easily recognised could be the reason. Be suspicious of request for personal information you receive via links in sms, e-mail or social networks. By clicking on them, you run the risk of identity theft.

4. UNPROTECTED WI-FI

When you use an open WI-FI network in coffee shops, malls and other public places you information isn’t securely sent through the air. Any other person can intercept it during transmission. If you have to do banking on your phone or work with sensitive information, rather wait till your at work or home and have access to a secure WI-FI network.

5. SPYWARE

Without a password cyber criminals can load spyware on your phone and track your sms records, e-mails, banking transactions and location. To prevent this from happening, activate a password or PIN on your phone or download an app from a reputable store to scan for and remove spyware and viruses.

If you’d like to read more on cellphone security, wikipedia has extensive information.

[SOURCES: www.rd.com, www.computerworld.com]

Email

Tags: ,
Posted in E-mail, Security | Comments Off on Lose your cellphone, lose your info

Hackers and crackers

Friday, October 18th, 2013

We all remember Lisbeth Salander from the The Girl with the Dragon tattoo movie or Neo in The Matrix – both hackers.

Earlier this week even SU websites were targeted by the 747crew, who used it to proclaim their political and religious convictions. 

But apparently there’s a difference between hackers and crackers. In the context of computer security a hacker is seen as someone who pinpoints the weaknesses in a computer system or network and exploits them. His motivation can be financial gain, a platform for protest or purely because it’s a challenge.

Over time, and partly thanks to the media, the association with the word “hacker” predominantly became a negative one. Eric S. Raymond (author of The New Hacker’s Dictionary) believes that members of the computer underground should be called crackers.  According to R.D. Clifford (2006) a cracker is someone who illegally gained access to a computer with the intent of committing a crime, for example destroying data on a particular system.

 More recently the word hacker has been reclaimed by computer programmers who agree with Raymond that those who hack with criminal intent, should be called a cracker. Several subgroups of this subculture have different approaches and also use different terms to distinguish themselves from others.

A white hat won’t break into a system with malicious intent, but rather to test their own security or for a company manufacturing security software. The term white hat in internet slang refers to an ethical hacker.

A black hat hacker violates computer security for his own benefit. These are the stereotypical characters we see depicted in popular culture, like movies. Black hats break into secure networks to destroy data or to render the network unusable for those who need to access it.

A grey hat surfs the internet and breaks into a system only to notify it’s administrator that it has a security defect and then offer to fix it at a price.

A blue hat assists with the testing of a system before it’s launched to establish it’s weaknesses. Usually he’s not part of a computer security company.

Other terms include a script kiddie (someone who’s not an expert and uses other people’s software to hack) and a neophyte, “n00b”, or “newbie” is a novice who’s still in training.  

A Hacktivist is a hacker who misuses technology to convey his social, ideological and political message. The defacement of the SU webpages earlier this week is an example of hactivism.

[SOURCE: www.wikipedia.org]

 

Email

Tags:
Posted in Security | Comments Off on Hackers and crackers

Beware of SIM card swap fraud

Friday, February 22nd, 2013

 

Although it is a known scam, when it hits one of your colleagues, it makes you aware that there are very real dangers out there. A SIM card swap fraud occurs when criminals obtain and utilise a replacement SIM card to acquire security messages and one-time passwords (OTP) sent to you by the bank. Using the OTP, criminals are able to change, add beneficiaries and transfer money out of your account using your personal information that they would have obtained through phishing. One of our colleagues lost R20 000 over the holidays and asked us to warn other staff as well:

How does a SIM swap scam work?

  • The SIM swap takes place after the fraudsters have received a your bank logon details as a result of the you responding to, for example, a Phishing e-mail. (this is why phishing e-mails are so dangerous and you should never ever respond or click on links contained in these phishing e-mails.)
  • Once the fraudsters have the your cell phone number and other personal information, the fraudster can pose as you, requesting a new SIM card from a cellular service provider.
  • The cellular service provider transfers the your SIM card identity to the new SIM card, cancelling your old SIM card in the process.
  • The result is that there is no signal on the old SIM card, which means the you cannot receive / make phone calls or send SMS messages. (This ought to be the first sign of something wrong, so if you get  “SIMCARD INVALID” error on your cell phone)
  • The SMS authorisation reference number, which is normally sent to the client, reaches the fraudster instead of you, the legitimate owner, and the fraudster is able to make once-off payments and create beneficiaries fraudulently

What should I do if I suspect an unlawful SIM swap?

  • If you fall prey to an unlawful SIM swap, or suspect that you have, contact your cellular service provider for assistance.
  • Also contact the internet banking helpdesk to request that your internet banking access be suspended with immediate effect. This will prevent fraudsters from gaining access and transacting on your accounts.

What can I do to prevent SIM swap fraud?

  • Protect your information – all your information.
  • Do not disclose your ID number on websites unless you have verified the legitimacy of the site. The bank already knows your ID number and will not require you to give it to us again.
  • Do not disclose your cell number on websites unless you have verified the legitimacy of the site. Phishing sites often request for information such as ID Number, email address and email address password, physical address, etc.
  • Always make sure that your contact details on Internet banking are valid and correct. You know when your details have changed, so when you are ready, you can update the information on Internet banking or at a local bank branch.

[INFORMATION SUPPLIED BY DAVID WILES]

 

Email

Tags: , ,
Posted in Communication, Security | Comments Off on Beware of SIM card swap fraud

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.