Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

spear phishing

Newer Entries »

Phishing and whaling

Friday, February 5th, 2016

Recently we gave you some pointers on identifying phishing e-mails. So now that you know all the signs and how to outwit the criminals, there’s another variant – spear phishing. But don’t panic, it’s almost the same, with a bit of a twist.

Spear phishing is an e-mail that seems to be sent from an individual or business you know. Of course it’s really from hackers attempting to obtain you credit card, bank account numbers, passwords and financial information.

These types of attacks focus on a single user or department within an organisation and use another staff member from the organisation’s name to gain the victim’s trust. (Also see our recent article on the incident at Finance.)

They often appear to be from your company’s human resources or IT department, requesting staff to update information, for example passwords or account details. Alternatively the e-mail might contain a link, which will execute spyware when clicked on.

But wait, there are even more fishing comparisons.

When a phishing attack is directed specifically at senior executives, other high profile staff or seemingly wealthy people, it’s called whaling. By whaling cyber criminals are trying to catch the “big phish”, or whale.

phishing

[SOURCE: http://www.webopedia.com]

 
 
 
 
Email

Tags: , ,
Posted in E-mail, General, Security | Comments Off on Phishing and whaling

New cyber crime e-mail targets individuals

Wednesday, January 13th, 2016

Over the past two weeks a new e-mail scam has reared its head on campus. Scammers use contact information, available on the internet, to target individuals at the university.

One example is an e-mail which has been sent to various staff at the Finance department with a request to transfer money. (see e-mail with inactive addresses below)

The e-mail is sent from a gmail address, but the display name is a SU staff member’s name. Since the cyber criminal also saw the contact person’s name on the website (in this case Finance’s website), they address the receiver personally as, for example, Karin.

Similar scams use fax numbers available on the internet and then a fax is sent directly to the contact person.

Do not, under any circumstances, react to these e-mails. It is clearly an attempt to attract your attention and convince you to conduct a financial transaction. Delete and ignore the e-mail.

Report suspicious e-mail to sysadm@sun.ac.za and also read our articles on security on our blog, as well as the fortnightly newsletter, Bits & Bytes.

 

FROM: Stellenbosch University staff member name<example@gmail.com>
TO: Stellenbosch University staff member name<example@sun.ac.za>

Karin, 

Let me know if you can process a same day domestic bank transfer to a client. You will code it to professional services

The amount is R870,000, kindly confirm so i can forward the appropriate beneficiary details to enable instant clearance.

Regards

Sent from my iPhone

Email

Tags: ,
Posted in E-mail, Security | Comments Off on New cyber crime e-mail targets individuals

Newer Entries »
 

© 2013-2024 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.