%PDF-1.3 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R /F3 10 0 R /F4 11 0 R >> /XObject << /I1 12 0 R >> >> /MediaBox [0.000 0.000 612.000 792.000] >> endobj 4 0 obj [/PDF /Text /ImageC ] endobj 5 0 obj << /Creator (DOMPDF) /CreationDate (D:20250619124050+00'00') /ModDate (D:20250619124050+00'00') /Title (Report 06-2025) >> endobj 6 0 obj << /Type /Page /Parent 3 0 R /Contents 7 0 R >> endobj 7 0 obj << /Length 3910 >> stream 0.702 0.800 0.816 rg 34.016 34.016 543.969 723.969 re f 1.000 1.000 1.000 rg 45.266 233.675 521.469 513.059 re f 0.773 0.773 0.773 RG 0.75 w 0 J [ ] 0 d 45.641 234.050 520.719 512.309 re S 0.773 0.773 0.773 rg 61.016 249.425 m 550.984 249.425 l 550.984 250.175 l 61.016 250.175 l f 0.200 0.200 0.200 rg BT 61.016 693.716 Td /F1 14.4 Tf [(NO, SARS DOESNT REALLY WANT TO GIVE YOU A REFUND AND )] TJ ET BT 61.016 676.134 Td /F1 14.4 Tf [(OTHER PHISHING TALES)] TJ ET 0.400 0.400 0.400 rg BT 61.016 647.326 Td /F2 9.0 Tf [(Posted on )] TJ ET BT 104.045 647.326 Td /F3 9.0 Tf [(June 02,2013)] TJ ET BT 160.079 647.326 Td /F2 9.0 Tf [( by )] TJ ET BT 174.587 647.326 Td /F3 9.0 Tf [(IT Communications)] TJ ET 0.153 0.153 0.153 rg BT 61.016 619.837 Td /F4 9.0 Tf [(Every year we send out literally dozens of warninge-mails, and continue to do so, )] TJ ET BT 61.016 608.848 Td /F4 9.0 Tf [(because despite the frequent warnings, people still get caught falling for these )] TJ ET BT 61.016 597.859 Td /F4 9.0 Tf [(tricks.)] TJ ET BT 61.016 577.870 Td /F4 9.0 Tf [(Take noteof the following scam from fraudsters claiming to be from SARS.)] TJ ET BT 61.016 566.881 Td /F4 9.0 Tf [()] TJ ET BT 61.016 555.892 Td /F4 9.0 Tf [(Emails are going out touniversity \(and private addresses\)seeminglycoming from )] TJ ET BT 61.016 544.903 Td /F4 9.0 Tf [(SARS informing them that they have a refund waiting for them. \(Wow! a tax )] TJ ET BT 61.016 533.914 Td /F4 9.0 Tf [(refund\) Clicking on the hyperlink in the email takes you to a fake e-filing site that )] TJ ET BT 61.016 522.925 Td /F4 9.0 Tf [(has hyperlinks for the four big South African banks and instructions to log on to your )] TJ ET BT 61.016 511.936 Td /F4 9.0 Tf [(Internet banking site for confirmation of your details. When you follow the Nedbank )] TJ ET BT 61.016 500.947 Td /F4 9.0 Tf [(link \(as an example\), you are taken to a copy of the Nedbank internet banking site )] TJ ET BT 61.016 489.958 Td /F4 9.0 Tf [(that asks for profile, pin and password. Supplying these takes you to a second page )] TJ ET BT 61.016 478.969 Td /F4 9.0 Tf [(that asks you for your mobile number. Submitting information on this page takes you )] TJ ET BT 61.016 467.980 Td /F4 9.0 Tf [(to a page that requests the reference number sent to your cellphone.)] TJ ET BT 61.016 456.991 Td /F4 9.0 Tf [()] TJ ET BT 61.016 446.002 Td /F4 9.0 Tf [(Do not authorise anycellphone message that comes through if you end up in the )] TJ ET BT 61.016 435.013 Td /F4 9.0 Tf [(above situation. Furthermore, do not click on any hyperlinks in emails or divulge )] TJ ET BT 61.016 424.024 Td /F4 9.0 Tf [(your account or mobile number details to anyone over the phone or via email.Banks )] TJ ET BT 61.016 413.035 Td /F4 9.0 Tf [(will never ask you to access internet banking through a link in an email, neither will )] TJ ET BT 61.016 402.046 Td /F4 9.0 Tf [(banks ever ask for your mobile number when you access internet banking.)] TJ ET BT 61.016 382.057 Td /F4 9.0 Tf [(Another particulary sneaky phishing attack surfaced today.)] TJ ET BT 61.016 362.068 Td /F4 9.0 Tf [(It comes from Linda Perez and has a subject line of Administrator \(Sorry for the inconvenience\))] TJ ET BT 61.016 342.079 Td /F4 9.0 Tf [(It asks you to contact the sender with your username and password so they can expand your mailbox manually)] TJ ET BT 61.016 322.090 Td /F4 9.0 Tf [(Of course this is a phishing attack, and you should never respond to such mails.)] TJ ET BT 61.016 302.101 Td /F4 9.0 Tf [(Do not respond, flag the sender as Junk Mail and delete the message.)] TJ ET BT 437.953 282.112 Td /F4 9.0 Tf [(ARTICLE BY DAVID WILES)] TJ ET 0.400 0.400 0.400 rg BT 61.016 263.623 Td /F2 9.0 Tf [(Posted in:E-mail,General,Security | Tagged:Phishing,Spam | With 0 comments)] TJ ET q 149.250 0 0 225.000 401.734 403.628 cm /I1 Do Q endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Oblique /Encoding /WinAnsiEncoding >> endobj 10 0 obj << /Type /Font /Subtype /Type1 /Name /F3 /BaseFont /Helvetica-BoldOblique /Encoding /WinAnsiEncoding >> endobj 11 0 obj << /Type /Font /Subtype /Type1 /Name /F4 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 12 0 obj << /Type /XObject /Subtype /Image /Width 199 /Height 300 /ColorSpace /DeviceRGB /Filter /DCTDecode /BitsPerComponent 8 /Length 3351>> stream JFIF;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80 C   %# , #&')*)-0-(0%()(C   (((((((((((((((((((((((((((((((((((((((((((((((((((," }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?)(h((((JZ((((((J(h(JZ(((((JZ((J(h((((((((bIbIY]C) EQEQEQEQEQEQERR@Q@Q@Q@Q@Ck`+sƧ9z8ǧ~(s;;: ǘzp;߆k_l//r${aZQV ((()h 1EQEQEQEQERR@Q@_ĻtM=o,Ck1w?"9bOξ@>":fd%66CRƏhQ@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@UHg@3^S)ޣg&Wwx;S'c"d?'x4{QQ@Q@Q@Q@Q@Q@%-QEQEQEQE0n_?g8oPciSn?|\3b5 eU.ݧALhJ(QEQEQERR@ E-RR@ E-QEQ@ KER@%]-_7|;BHo-^#_ξݡ_o_6|6ٸ,LhBQKE%-PQKERQ@ F(J\QIM)2P \?PQ@()k:-V=(dzWΑ|?&f@h$!$:je.(b)(qF( ( ( ( ( tK5[Eo+D%qAB?Zͼ=pަim]aЏI4QE0 ( ( ()S▊vfXށWZ]?_/xh1 AS->*QEQEQE%PQKE%PWizȃ %i|$ʾ'kCzUמ$K8.a9hE>fQ@ E-R@_M|?t<5׭}AhIA*4nH@ nabDCG|ӜIrp WW>|7 ^0M~So4o" mcqtHAES((vX~b`i~*h)"X _Lƾg <ufcL-NФg*d4}7EfAEf ( (QIE-PIEdxgQbp<^2#$"{׈- jZX]@|H>3#v?rܤ}mE27YcY#`2AN J(hJ([3G̕FO{cZ< ;97~U^[o]&GR*~ x y\VϦ8݌褢BIE-RPIE-Q@hPEP_/nмO5ʗ[K=xnJo. Bj+x꺅A}?++ԏX_|KkVہ@cھy?M$1Z( )S(4z%QT ,l(f8W3C<eI YHSA>|NҢ{})ķ' Tiޥs,lԒ{64?prG$zEV9';t$XHP*X^ ѢkKy>s5B@4QE13EP(Z((Z((9/xMu-ˆo~G=3_4.ɻkU?%C+|OҾæMsF̉$l0U .=P>I!Լy{d+㶫TҬdlr?J{g b1%W5/o7{\+gge@#WZLj5^;)<&v-{ J^kNp~?v|9m7IU+.l5b/4|Oyi$R_EN |'}7?gbd>=E4 E-%PQKE%PQK( )( )(PE%.(((JZ((J(h(((((((((((((((((((8((((((b((Q@((1EPEPEPF( 1EQEb( endstream endobj xref 0 13 0000000000 65535 f 0000000008 00000 n 0000000073 00000 n 0000000119 00000 n 0000000332 00000 n 0000000369 00000 n 0000000507 00000 n 0000000570 00000 n 0000004532 00000 n 0000004644 00000 n 0000004759 00000 n 0000004879 00000 n 0000004987 00000 n trailer << /Size 13 /Root 1 0 R /Info 5 0 R >> startxref 8506 %%EOF spam « Informasietegnologie
Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

spam

« Older Entries
Newer Entries »

Scam warning: UPS Parcel Receipt with infected attachment

Wednesday, November 30th, 2016

The holiday season is upon us and there is a lot of activity around this time of the year with parcels being delivered both at home and at the university. This is being exploited by the scammers.

There is currently a UPS scam making its rounds in university mailboxes, where victims are lured into clicking a download link.

If you have received a package via the parcel company like UPS or DHL, you might be tempted open up an e-mail that seems to come from them, saying they have a package for you. There might be an attachment that you are asked to open to confirm your address or to fill in your personal details for “verification”.

The whole thing is a scam. Clicking on the attachment will download a Trojan virus onto your computer which will just sit there doing its nefarious work — reading your files, including confidential information, then transmitting the details to a server somewhere that is controlled by the criminals.

It seems there are two main variations of this “parcel delivery” scam – both looking like a genuine notification.

  • The first one tells you the parcel service tried, but was unable to deliver a package to you because of an incorrect address. The subject heading usually has a phony tracking number. The attachment is supposedly a copy of a waybill or invoice for you to print and use to collect the parcel from a UPS office.
  • The second is a customs notification and may even seem to come from “US Customs Service” rather than UPS. It says you have an international package (usually from Europe) and that you need to complete the attached customs form so it can be delivered.

In both these cases, the attachment is a compressed ZIP file (that is, one with a name that ends in “.zip”), even though the icon may look like a Word document. As soon as you double click on it, it will install a program onto your computer will then download and install several files on your system. These may disable your firewall, look for and steal credit card and bank account details, make screen snapshots and allow hackers full access to your machine.

This attack underlines the danger of opening an attached file in an email, even if it appears to come from a person or organization you know or frequently deal with.

Here is an example of one such mail.

 

 

From: Usps Parcel [mailto:shipment@uspc.com]

Sent: 28 November 2016 07:29 AM

To: Recipients <shipment@uspc.com>

Subject: Parcel Receipt

 

USPS Shipment Notification

A parcel was sent to our office for you and we have tried to deliver it several times to your address on file.

Attached is the receipt via Dropbox, used in sending you the parcel. We advise you DOWNLOAD the document and reconfirm the address on receipt if its your valid address.

For further assistance, please call USPS Customer Service.

For International Customer Service, please use official USPS site.

 

Copyright © 2016 USPS. All Rights Reserved.

This message has been scanned for viruses and dangerous content by Fair Distribution MailScanner, and is believed to be clean. 

 

So do not succumb to the temptation of opening up attachments in emails, especially if it comes from couriers and parcel delivery companies like UPS or DHL. It is the end of the year. Our energy and concentration is ebbing and we are all more vulnerable, making us all potential targets of the cyber-criminal.

[ARTICLE BY DAVID WILES]

Email

Tags: , ,
Posted in E-mail, Security | Comments Off on Scam warning: UPS Parcel Receipt with infected attachment

Whatsapp scams

Wednesday, November 23rd, 2016

WhatsApp is a popular communication tool, used by students and personnel every day. On the downside, it provides cyber criminals with another way to convince you to part with your well-earned money and unfortunately it’s usually quite convincing.

WhatsApp scams come in many different forms and are often very convincing. Just make sure that you stay vigilant and don’t fall for anything that seems too good or too worrying to be true. Just because a friend or a family member sends you something, it doesn’t mean that it is safe.

Voucher scams

A message arrives in your WhatsApp from someone who looks like your friend, recommending a deal they’ve found. The messages usually come with a link that actually takes you to another website and tricks you into giving your personal information. Don’t ever click a link you’re not sure of and certainly don’t ever hand over personal information to a website you haven’t checked.

WhatsApp shutting down

There are many fake messages claiming that WhatsApp is going to end unless enough people share a certain message. The messages often look convincing, claiming to come from the CEO or another official. They’re written using the right words and phrases and look like an official statement. Any official statement wouldn’t need users to send it to everyone like a round robin. You would either see it in the news or it’ll come up as a proper notification in the app from the actual WhatsApp team.

WhatsApp threatening to shut down your account

This is very similar to the previous scam. It looks like an official message that claims that people’s WhatsApp accounts are being shut down for being inactive. Sending the message on will prove that it’s actually being used and often instructs people to pass it along.

WhatsApp forcing you to pay

Similar to the previous scam, with the only difference being that the message supposedly exempts you from having to pay for your account – if you send it on to other people.

WhatsApp Gold or WhatsApp Premium

The claim suggests that people pay for or download a special version of WhatsApp, usually called Gold or Premium. It offers a range of exciting-sounding features, like the ability to send more pictures, use new emoji or add extra security features. The problem is that it is far from secure. Downloading the app infects people’s phones with malware that use the phone to send more fake messages at the cost of the original victim.

Emails from WhatsApp

Spam e-mails are bad enough. E-mails plus WhatsApp is even worse. There’s a range of scams out there that send people e-mails that look like they’ve come from WhatsApp, usually looking like a notification for a missed voice call or voicemail. But when you click through, you will end up getting tricked into giving over your information, passphrases etc. Don’t ever click on an e-mail from a questionable sender. WhatsApp doesn’t send you e-mails including information about missed calls or voicemails.

Fake WhatsApp spying apps

Currently, it is not possible to let people spy on other’s conversations on WhatsApp, because it has end-to-end encryption enabled, which ensures that messages can only be read by the phones that send and receive them. These scam apps encourage people to download something that isn’t actually real and force people to pay money for malware, or actually read your chats once they’ve got onto your phone.

Lastly – 

Hopefully, you have  already blocked sharing your WhatsApp details with Facebook (telephone number, name etc. and allowing Facebook to suggest phone contacts as friends) and Facebook will not be able to  make your WhatsApp account accessible to the 13 million South African Facebook users.

There are some details about this controversial policy change by WhatsApp on the following page: http://www.mirror.co.uk/tech/you-can-stop-whatsapp-sharing-8893949

 

[ARTICLE BY DAVID WILES]

 

 

Email

Tags: , , , ,
Posted in Apps, Communication | Comments Off on Whatsapp scams

Spam = blocked accounts

Thursday, October 6th, 2016

A fast-spreading spam e-mail caused problems on campus last week. Some students and staff clicked on a malicious link in a phishing e-mail and subsequently gave a hacker access to their Outlook cloud e-mail accounts. The criminal proceeded to use their e-mail addresses and mailbox to spam all their contacts. Since it was sent from a @sun address, receivers of the spam didn’t suspect anything. (An example of the e-mail, with dangerous links removed, is shown below)

Unfortunately, due to the mass e-mails sent from these mailboxes, Microsoft automatically blocked the users’ accounts and they were unable to access e-mail. 

Please remember to look for the general characteristics of a phishing e-mail before you click on links in e-mail. Just because it’s sent from a @sun address , it does not mean it’s safe.

If you suddenly don’t have access to your e-mail, contact the IT helpdesk (x4367). If you’ve clicked on a suspicious link, change your password immediately.

 

From: Known address <knownaddress1@sun.ac.za>
Sent: 05 October 2016 12:26 PM
To: SU address <knownaddress@sun.ac.za>
Subject: PI Doc copy

 

Please confirm PI doc copy below using Google documents
for your account to be credited.

Continue to Gdocs

Kind regards

Email

Tags: , ,
Posted in E-mail, Security | Comments Off on Spam = blocked accounts

How to avoid spam

Thursday, March 17th, 2016

Spam is unsolicited and often profitable bulk email. Spammers can send millions of emails in a single campaign for very little money. If even one recipient out of 10,000 makes a purchase, the spammer can turn a profit. Unfortunately spam is more than a mere nuisance. It is also used to distribute malware. 

Here are a few tips to prevent your mailbox from being flooded with unwanted, dubious e-mails.

Never make a purchase from an unsolicited email.
By making a purchase, you are funding future spam. Spammers may add your email address to lists to sell to other spammers and you will receive even more junk email. Worse still, you could be the victim of a fraud.

If you do not know the sender of an unsolicited email, delete it.
Spam can contain malware that damages or compromises the computer when the email is opened.

Don’t use the preview mode in your email viewer.
Spammers can track when a message is viewed, even if you don’t click on it. The preview setting effectively opens the email and lets spammers know that you receive their messages. When you check your email, try to decide whether a message is spam on the basis of the subject line only.

Don’t overexpose your email address.
How much online exposure you give your email address is the biggest factor in how much spam you receive. Here are some bad habits that expose your email address to spammers:
– Posting to mailing lists that are archived online
– Submitting your address to online services with questionable privacy practices
– Exposing your address publicly on social networks (Facebook, LinkedIn, etc.)
– Using an easily guessable address based on first name, last name and company
– Not keeping your work and personal email separate

Use the bcc field if you email many people at once.
The bcc or blind carbon copy field hides the list of recipients from other users. If you put the addresses in the To field, spammers may harvest them and add them to mailing lists.

Use one or two secondary email addresses.
 If you fill out web registration forms or surveys on sites from which you don’t want further information, use a secondary email address. 

Opt out of further information or offers.
When you fill out forms on websites, look for the checkbox that lets you choose whether to accept further information or offers. Uncheck if you don’t want to receive any more correspondence.

Take note that information below is an extract from the Sophos Threatsaurus, compiled by Sophos, a security software and hardware company.

Email

Tags: ,
Posted in E-mail, Security | Comments Off on How to avoid spam

SARS e-mail may fool users

Tuesday, October 15th, 2013

For some lucky people, it is time for the tax returns from SARS. The criminals know it too and every year at this time, users will get emails allegedly from SARS promising tax returns and asking you to click on a link, log in and provide your bank account details and password so they can pay you money!

This is a scam, and you should never respond or go to the site or open up the attached file, as this could compromise your banking security.

  1. SARS has your banking details on record and these are stored in secure and encrypted form. They do not need you to confirm or enter your banking details.
  2. SARS would always either SMS or send you a registered letter in the post to inform you of tax returns, etc. They would never contact you via unsecured e-mail, and furthermore they have enough of your data to address the mail to you PERSONALLY and not via some vague “Dear Taxpayer” salutation.
  3. There is no returnfund@sars.co.za address
  4. The attached file is usually a html (webpage) file that gives you a forged webpage sitting on the criminals server somewhere overseas.
  5. The amount that they promise to pay you is always something like R9,250.75
  6. Unless you have added your university e-mail address as the primary contact address on the SARS system you should never get mail on your university account.

If you do go to this site and you do enter in your banking account details, credit card details, passwords etc, this will allow the criminals to log into your bank account via the internet, and take control over your bank account. They will create themselves as beneficiaries and then transfer all your money to their account, and then delete all the evidence pointing to their account.

These scam e-mails will never stop. It is always difficult to block them too because scammers change their addresses, details and methods on a daily basis. So it is always best to dump these mails in the junk mail folder, blacklist the sending domain and delete the mail immediately.

Why do these criminals continue to send their mail? Because they catch people regularly. In 2012 South Africa was the 5th most phished country in the world behind India, Canada, the USA and the UK, with estimated figures of R14 million being stolen from South Africans last year alone.

 

[ARTICLE BY DAVID WILES]

Email

Tags: , , ,
Posted in E-mail, Security | Comments Off on SARS e-mail may fool users

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.