SEARCH

  • [:en]Recent Posts[:af]Onlangse bydraes

  • [:en]Categories[:af]Kategorieë

  • [:en]Archives[:af]Argiewe

cyber security

[:en]How to avoid phishing scams[:af]Hoe om phishing-pogings te fnuik[:]

Friday, May 24th, 2019

[:en]

We are often asked by staff and students what they can do to stop phishing scams, and what software they should install to prevent them from becoming victims. In some cases students have asked us to fix their computers and to install software to block phishing scams.

Of course that request is impossible to fulfil. Phishing scams are like the common cold. Just like you cannot prevent the common cold, you can only adopt a lifestyle, and take precautionary measures to reduce your risk of infection. They will always be there and will always adapt and change. As long as there are people who are uninformed or careless who fall for these scams, phishing attacks will continue.

The best way to reduce your risk is to report all suspected phishing scams on ICT Partner Portal. (Full details at the end of this post). Here are some basic rules to help you to identify phishing scams:

  • Use common sense
    Never click on links, download files or open attachments in email or social media, even if it appears to be from a known, trusted source.
  • Watch out for shortened links
    Pay particularly close attention to shortened links. Always place your mouse over a web link in an email (known as “hovering”) to see if you’re being sent to the right website.
  • Does the email look suspicious?
    Read it again. Many phishing emails are obvious and will have implausible and generally suspicious content.
  • Be wary of threats and urgent deadlines
    Threats and urgency, especially coming from what claims to be a legitimate company, are a giveaway sign of phishing. Ignore the scare tactics and rather contact the company via phone.
  • Browse securely with HTTPS
    Always, where possible, use a secure website, indicated by https:// and a security “lock” icon in the browser’s address bar, to browse.
  • Never use public, unsecured Wi-Fi, including Maties Wi-Fi, for banking, shopping or entering personal information online
    Convenience should never be more important than safety.

If you do receive a phishing e-mail, please report it as soon as possible. Once you have reported the spam or phishing mail, you can delete it immediately.

You can report this on IT’s request logging system, the ICT Partner Portal.

  • Go to the ICT Partner Portal.
  • Fill in your information and add the email as an attachment. Your request will automatically be logged on the system and the appropriate measures will be taken by the system administrators to protect the rest of campus.

[ARTICLE BY DAVID WILES]

[:af]

Ons word dikwels deur personeel en studente gevra wat hulle kan doen om phishing-aanvalle te stop en watter sagteware hulle kan installeer om te voorkom dat hulle slagoffers daarvan word. In sommige gevalle het studente selfs versoek dat hulle rekenaars reggemaak moet word en sagteware installeer moet word om phishing-aanvalle te blok.

Ongelukkig is dit ʼn onmoontlike versoek. Net soos jy ʼn gewone verkoue nie kan voorkom nie, maar eerder ʼn spesifieke lewensstyl  en voorkomende maatreëls kan toepas om die risiko vir besmetting te voorkom, geld dieselfde vir phishing-aanvalle. En net soos verkoues, gaan kubersekuriteitsrisiko’s altyd daar wees en sal hulle aanpas en verander. Solank daar mense is wat oningelig of nalatig is, sal phishing-aanvalle voortduur.

Die beste manier om jou risiko te verminder is om alle agterdogtige phishing-pogings aan te meld op die ICT Partner Portal. (Meer volledige inligting aan die einde van hierdie artikel) Intussen is hier `n paar basiese reëls wat jou kan help om phishing uit te ken:

  • Gebruik logika
    Moet nooit op skakels kliek, lêers aflaai or aanhangsels oopmaak in e-pos of sosiale media nie, selfs al lyk dit of dit van ʼn bekende, betroubare bron kom. 
  • Oppas vir kort skakels
    Kyk veral krities na kort skakels. Hou altyd die muis oor `n webskakel in ʼn e-pos (bekend as “hovering”) om te kyk of jy na die regte webwerf herlei word. 
  • Lyk die e-pos verdag?
    Lees dit weer. Baie phishing e-posse is voor-die-hand-liggend en sal onoortuigende en algemeen verdagte inhoud bevat.
  • Wees versigtig vir dreigemente en dringende spertye
    Dreigemente en dringendheid, veral komende van ʼn skynbaar egte maatskappye, gee gou die phishing-poging weg. Ignoreer die bangmaaktruuks en kontak eerder die maatskappy telefonies. 
  • Navigeer eerder veilig met HTTPS
    Gebruik altyd, waar moontlik `n veilige webwerf, aangedui deur https:// en `n “slot” ikoon in die blaaier se adresstaaf.
  • Moet nooit publieke, onsekure Wi-Fi vir banksake, aankope of invoer van persoonlike inligting gebruik nie – dit sluit Maties Wi-Fi in
    Gerief behoort nooit meer belangrik as veiligheid te wees nie. 

Wanneer jy ʼn phishing e-pos ontvang, rapporteer dit so gou as moontlik. Daarna kan jy dit dadelik uitvee. 

Jy kan dit rapporteer op die IT se versoekaantekenstelsel, die ICT Partner Portal.

  • Gaan na die ICT Partner Portal.
  • Vul jou inligting in en heg die e-pos as ʼn aanhangsel aan. Jou versoek sal outomaties aangeteken word en die nodige maatreëls sal getref word deur ons stelseladministrateurs om die res van die kampus te beskerm.

[ARTIKEL DEUR DAVID WILES]

[:]

Email

Tags: , ,
Posted in Security, Tips | Comments Off on [:en]How to avoid phishing scams[:af]Hoe om phishing-pogings te fnuik[:]

[:en]Cybersecurity Awareness Month: Common passwords[:af]Kubersekuriteit-bewustheidsmaand: Algemene wagwoorde[:]

Wednesday, October 3rd, 2018

[:en]

The past two years have been particularly devastating for data security worldwide, with a number of well-publicised hacks, data breaches and extortion attempts.

Annually SplashData publishes a list of the most common passwords. The list is created using data from more than five million passwords that were leaked by hackers in 2018 and with a quick glance at the list, one thing is clear – we do not learn from our mistakes.

People continue to use easy-to-guess passwords to protect their information. For example, “123456” and “password” retain their top two spots on the list—for the fifth consecutive year and variations of these two “worst passwords” make up six of the remaining passwords on the list.

SplashData estimates almost 10% of people have used at least one of the 25 worst passwords on this year’s list, and nearly 3% of people have used the worst password – 123456.

Here is the list of the top 10 passwords of 2018:

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. letmein
  8. 1234567
  9. football
  10. iloveyou

Another typical example is 1q2w3e4r5t.  Although it seems very cryptic, one look at a computer keyboard and it’s easy to guess.

Not so clever passsword

It is a sobering fact that most people still underestimate the importance of having a secure password, and still make mistake to use simple words or numbers as a password.

“Passwords are the only control you have to secure your data with most systems these days. If your password is easily guessed by someone, then the person essentially becomes you. Use the same password across services and devices, and they can take over your digital identity.” Shaun Murphy, CEO of SNDR.

In the next post of our Cyber Aware Month series, we look at how to create a strong password you can remember.

 

[:af]

Datasekuriteit wêreldwyd is die afgelope twee jaar ʼn stewige knou toegedien met ʼn groot getal wyd-gepubliseerde kuberkraak-insident, databreuke en afpersing-insidente.

SplashData publiseer jaarliks ʼn lys van die algemeenste wagwoorde. Die lys word saamgestel deur data te gebruik van meer as vyf miljoen wagwoorde wat uitgelek is deur kuberkrakers in 2018. Die enigste gevolgtrekking waartoe ons kan kom as ons na die lys kyk, is dat ons steeds nie leer uit ons foute nie.

Wagwoorde wat maklik is om te raai word steeds deurlopend gebruik om belangrike inligting te beskerm. “123456” en “password” staan steeds sterk in die eerste en tweede plek op die lys — vir die vyfde jaar opeenvolgend. Daarbenewens maak die twee swakste wagwoorde ook deel uit van ses ander wagwoorde op die lys.  

SplashData raai dat ongeveer 10% mense ten minste een van die 25 swakste wagwoorde op dié jaar se lys gebruik en amper 3% gebruik die swakste een — 123456

Hier is die lys van die top 10 wagwoorde vir 2018:

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. letmein
  8. 1234567
  9. football
  10. iloveyou

ʼn Ander populêre keuse is 1q2w3e4r5t.Dit mag redelik kripties lyk, maar as jy na jou rekenaar se sleutelbord kyk is dit maklik om te raai.

Not so clever passsword

Die meeste rekenaargebruikers onderskat steeds die belangrikheid van ʼn sterk, veilige wagwoord en gebruik steeds eenvoudige woorde of nommers as hulle wagwoorde. 

“Passwords are the only control you have to secure your data with most systems these days. If your password is easily guessed by someone, then the person essentially becomes you. Use the same password across services and devices, and they can take over your digital identity.” Shaun Murphy, CEO of SNDR.

In die volgende artikel vir Kubersekuriteit-bewustheidsmaand kyk ons hoe om ʼn sterk wagwoord te kies wat jy ook maklik sal onthou. 

 

[:]

Email

Tags: , , ,
Posted in Security, Tips | Comments Off on [:en]Cybersecurity Awareness Month: Common passwords[:af]Kubersekuriteit-bewustheidsmaand: Algemene wagwoorde[:]

[:en]E-mail scam with subject: “morning”[:]

Wednesday, December 13th, 2017

[:en]

It seems that scammers are now attempting to use student e-mail addresses to send out spam. 

If you get mail with the subject of “morning”, supposedly coming from a student account (studentnumber@sun.ac.za) with the following content, please ignore and delete it.

We are conducting a  standard process investigation involving a late client who  shares the same surname with you and also the circumstances surrounding investments made by this client.Are you aware of  any relative/relation having the same surname? Send email to: scammer@scam.com

This is a typical Nigerian 419 Advance Fee scam. Do not respond to this mail. The scammers just want to see who will respond so they can con you out of some money.

A reminder again of how to correctly report spam and phishing scams:

Send the spam/phishing mail to the following addresses: 

help@sun.ac.za and sysadm@sun.ac.za.

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (which is safe): http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

IT has set up a website page with useful information on how to report and combat phishing and spam. The address is: https://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

As you can see the address has a sun.ac.za at the end of the domain name, so it is legitimate. We suggest bookmarking this.

[Article by David Wiles]

[:]

Email

Tags: ,
Posted in E-mail, Security | Comments Off on [:en]E-mail scam with subject: “morning”[:]