SEARCH

  • [:en]Recent Posts[:af]Onlangse bydraes

  • [:en]Categories[:af]Kategorieë

  • [:en]Archives[:af]Argiewe

malware

« Older Entries

[:en]How do I report phishing?[:]

Tuesday, October 5th, 2021

[:en]

You’ve received a suspicious email, what should you do with it? Firstly, don’t click on any links. But just as important, send it to us so we can prevent more staff and students falling prey to the scam. We encourage our customers to submit potential phishing examples for review. Using these submissions, the Cyber Security Incident Response Team (CSIRT) can learn from the analysis of these messages. This collectively helps to improve the level of virus and spam detection.

What is phishing?

Phishing attacks are designed to steal a person’s login and password details so that the cyber criminal can assume control of the victim’s social network, email, and online bank accounts. Seventy percent of internet users choose the same password for almost every web service they use. This is why phishing is so effective, as the criminal, by using the same login details, can access multiple private accounts and manipulate them for their own good. 

More on how to recognise a phishing email. 

Report phishing

On the ICT Partner Portal:

*Spam or phishing examples must be sent in either.EML or .MSG format as an attachment and must not be forwarded. This ensures the original email can be analysed with its full Internet message headers intact. Alternatively, use the mail application to save the email (usually located under File | Save As) as an .EML or .MSG format to a folder location, and attach the saved file to a new email.

[:]

Email

Tags: , , , ,
Posted in Security, Tips | Comments Off on [:en]How do I report phishing?[:]

[:en]Malware warning[:af]Malware-waarskuwing[:]

Tuesday, April 16th, 2019

[:en]

Emails with the subjects “Have you received your payment” and “Apply for a loan” are being distributed to students and staff. Please do not open these since they could contain an embedded file which will infect your device with malware.

When you receive emails with attachments from unknown senders, keep in mind that you should never open attachments as they could contain malicious content.

If you think your account or device has been compromised or you notice suspicious activity:

  1. Immediately change your password on www.sun.ac.za/password.
  2. Contact the IT Service Desk by logging a request or calling 808 4367.
  3. More information is available on our blog and Twitter.

[:af]

E-pos met die onderwerpe “Have you received your payment” en “Apply for a loan” word tans aan studente en personeel versend. Moet asb. nie hierdie e-posse oopmaak nie aangesien dit leêrs met malware bevat wat jou toestel sal besmet.

Wanneer jy e-posse met aanhangsels ontvang van onbekende versenders, hou in gedagte dat jy nie die aanhangsels moet oopmaak nie aangesien dit skadelike inhoud kan bevat.

Indien jy vermoed dat jou rekening of toestel gekompromitteer is of jy agterdogtige aktiwiteite oplet:

  1. Verander dadelik jou wagwoord by www.sun.ac.za/password.
  2.  Kontak die IT Dienstoonbank deur ʼn versoek aan te meld of 808 4367 te skakel.
  3. Meer inligting is beskikbaar op ons blog en Twitter.

[:]

Email

Tags:
Posted in E-mail, Security | Comments Off on [:en]Malware warning[:af]Malware-waarskuwing[:]

[:en]Learn What It Takes to Refuse the Phishing Bait![:]

Wednesday, February 1st, 2017

[:en]

Cybercriminals know the best strategies for gaining access to your institution’s sensitive data. In most cases, it doesn’t involve them rappelling from a ceiling’s skylight and deftly avoiding a laser detection system to hack into your servers; instead, they simply manipulate one staff member or student.

According to IBM’s 2014 Cyber Security Intelligence Index, human error is a factor in 95 percent of security incidents. Following are a few ways to identify various types of social engineering attacks and their telltale signs.

  • Phishing isn’t relegated to just e-mail! Cyber criminals will also launch phishing attacks through phone calls, text messages, or other online messaging applications. Don’t know the sender or caller? Seem too good to be true? It’s probably a phishing attack.
  • Know the signs. Does the e-mail contain a vague salutation, spelling or grammatical errors, an urgent request, and/or an offer that seems impossibly good? Click that delete button.
  • Verify the sender. Check the sender’s e-mail address to make sure it’s legitimate. If it appears that our help desk is asking you to click on a link to increase your mailbox quota, but the sender is “UniversityHelpDesk@yahoo.com,” it’s a phishing message.
  • Don’t be duped by aesthetics. Phishing e-mails often contain convincing logos, links to actual company websites, legitimate phone numbers, and e-mail signatures of actual employees. However, if the message is urging you to take action — especially action such as sending sensitive information, clicking on a link, or downloading an attachment — exercise caution and look for other telltale signs of phishing attacks. Don’t hesitate to contact the company directly; they can verify legitimacy and may not even be aware that their name is being used for fraud.
  • Never, ever share your password. Did we say never? Yup, we mean never.Your password is the key to your identity, your data, and your classmates’ and colleagues’ data. It is for your eyes only. The IT department will never ask you for your password.
  • Avoid opening links and attachments from unknown senders. Get into the habit of typing known URLs into your browser. Don’t open attachments unless you’re expecting a file from someone. Give them a call if you’re suspicious.
  • When you’re not sure, call to verify. Let’s say you receive an e-mail claiming to be from someone you know — a friend, colleague, or even the rector of the university. Cyber criminals often spoof addresses to convince you, then request that you perform an action such as transfer funds or provide sensitive information. If something seems off about the e-mail, call them at a known number listed in the university’s directory to confirm the request.
  • Don’t talk to strangers! Receive a call from someone you don’t know? Are they asking you to provide information or making odd requests? Hang up the phone and report it to the helpdesk.
  • Don’t be tempted by abandoned flash drives. Cyber criminals may leave flash drives lying around for victims to pick up and insert, thereby unknowingly installing malware on their computers. You might be tempted to insert a flash drive only to find out the rightful owner, but be wary — it could be a trap.
  • See someone suspicious? Say something. If you notice someone suspicious walking around or “tailgating” someone else, especially in an off-limits area, call campus safety.

[ARTICLE FROM Educause]

[:af]

 

[:]

Email

Tags: , ,
Posted in E-mail, General, Security | Comments Off on [:en]Learn What It Takes to Refuse the Phishing Bait![:]

[:en]Whatsapp scams[:af]Whatsapp-verblindery[:]

Wednesday, November 23rd, 2016

[:en]

WhatsApp is a popular communication tool, used by students and personnel every day. On the downside, it provides cyber criminals with another way to convince you to part with your well-earned money and unfortunately it’s usually quite convincing.

WhatsApp scams come in many different forms and are often very convincing. Just make sure that you stay vigilant and don’t fall for anything that seems too good or too worrying to be true. Just because a friend or a family member sends you something, it doesn’t mean that it is safe.

Voucher scams

A message arrives in your WhatsApp from someone who looks like your friend, recommending a deal they’ve found. The messages usually come with a link that actually takes you to another website and tricks you into giving your personal information. Don’t ever click a link you’re not sure of and certainly don’t ever hand over personal information to a website you haven’t checked.

WhatsApp shutting down

There are many fake messages claiming that WhatsApp is going to end unless enough people share a certain message. The messages often look convincing, claiming to come from the CEO or another official. They’re written using the right words and phrases and look like an official statement. Any official statement wouldn’t need users to send it to everyone like a round robin. You would either see it in the news or it’ll come up as a proper notification in the app from the actual WhatsApp team.

WhatsApp threatening to shut down your account

This is very similar to the previous scam. It looks like an official message that claims that people’s WhatsApp accounts are being shut down for being inactive. Sending the message on will prove that it’s actually being used and often instructs people to pass it along.

WhatsApp forcing you to pay

Similar to the previous scam, with the only difference being that the message supposedly exempts you from having to pay for your account – if you send it on to other people.

WhatsApp Gold or WhatsApp Premium

The claim suggests that people pay for or download a special version of WhatsApp, usually called Gold or Premium. It offers a range of exciting-sounding features, like the ability to send more pictures, use new emoji or add extra security features. The problem is that it is far from secure. Downloading the app infects people’s phones with malware that use the phone to send more fake messages at the cost of the original victim.

Emails from WhatsApp

Spam e-mails are bad enough. E-mails plus WhatsApp is even worse. There’s a range of scams out there that send people e-mails that look like they’ve come from WhatsApp, usually looking like a notification for a missed voice call or voicemail. But when you click through, you will end up getting tricked into giving over your information, passphrases etc. Don’t ever click on an e-mail from a questionable sender. WhatsApp doesn’t send you e-mails including information about missed calls or voicemails.

Fake WhatsApp spying apps

Currently, it is not possible to let people spy on other’s conversations on WhatsApp, because it has end-to-end encryption enabled, which ensures that messages can only be read by the phones that send and receive them. These scam apps encourage people to download something that isn’t actually real and force people to pay money for malware, or actually read your chats once they’ve got onto your phone.

Lastly – 

Hopefully, you have  already blocked sharing your WhatsApp details with Facebook (telephone number, name etc. and allowing Facebook to suggest phone contacts as friends) and Facebook will not be able to  make your WhatsApp account accessible to the 13 million South African Facebook users.

There are some details about this controversial policy change by WhatsApp on the following page: http://www.mirror.co.uk/tech/you-can-stop-whatsapp-sharing-8893949

 

[ARTICLE BY DAVID WILES]

 

 

[:af]

WhatsApp word deur studente en personeel gebruik as belangrike kommunikasiemiddel. Ongelukkig bied dit aan kuberdiewe nog ʼn platform om hul aktiwiteite op uit te oefen. 

WhatsApp kuberstreke kom in verskeie formate voor en is dikwels besonder oortuigend.  Maak seker jy bly oplettend en word nie geflous deur iets wat te goed of te problematies om waar te wees lyk nie. Net omdat ʼn familielid of vriend vir jou iets aanstuur, beteken nie dis veilig nie.

Koepon-truuks

Jy kry ʼn boodskap via Whatsapp van (wat lyk soos) een van jou vriende en hy beveel ʼn aanbod waarop hy afgekom het, aan. Gewoonlik is daar ʼn skakel in die boodskap wat jou na ʼn ander webwerf neem en waar jy jou persoonlike inligting invul. Moet nooit op ʼn skakel kliek waaroor jy nie seker is nie en moet definitief nooit persoonlike inligting gee op ʼn webwerf wat jy nie ken nie. 

WhatsApp maak toe

Daar is heelwat vals boodskappe wat beweer dat Whatsapp gaan toemaak indien genoeg mense nie ʼn spesifieke boodskap deel nie. Die boodskappe lyk dikwels heel oortuigend en gebruik die regte woorde en frases vir die konteks, asof dit deur ʼn direkteur van ʼn maatskappy of iemand amptelik gestuur is. 

ʼn Amptelike verslag sal egter nie van kliënte verwag om dit heen en weer te stuur nie. Dit sou deur middel van normale nuuskanale verkondig word of as ʼn kennisgewing in die toepassing self deur die Whatsapp-span.

WhatsApp dreig om jou rekening te sluit

Hierdie voorbeeld is soortgelyk aan die vorige een. Dit lyk soos ʼn amptelike boodskap wat beweer dat jou Whatsapp-rekening gesluit gaan word omdat dit nie aktief gebruik word nie. Dit versoek dat jy die boodskap aanstuur om te bewys dat dit wel gebruik word.

WhatsApp dwing jou om te betaal

Ook soortgelyk aan die vorige kuberdiefstalpoging. Die enigste verskil is dat jy blykbaar vrygeskeld word van betaling indien jy die boodskap aanstuur na ander persone.

WhatsApp Gold of WhatsApp Premium

Dié boodskap stel voor dat jy ʼn spesiale weergawe van Whatsapp, gewoonlik genoem Gold of Premium, koop of aflaai. Blykbaar bied hierdie nuwe weergawes opwindende ekstra kenmerke, soos die vermoeë om meer fotos te stuur, nuwe emojis te gebruik of ekstra sekuriteitsopsies. Ongelukkig is hierdie verbeterde weergawes glad nie veilig nie. Wanneer die toepassing aflaai word, word die foon besmet met malware, wat opsigself meer vals boodskappe genereer op jou onkoste.

Whatsapp e-posse 

Gemorspos e-posse is erg genoeg, maar saam met Whatsapp raak dit onbeheerbaar. Daar is ʼn verskeidenheid kuberdiefstalpogings daar buite wat e-posse uitstuur wat soos Whatsapp-kennisgewings lyk – gewoonlik ʼn kennisgewing van ʼn verlore oproep of stempos. Maar wanneer jy daarop kliek, word jy oortuig dat jou inligting, wagwoord, ens. moet verklap.

Moet nooit op ʼn e-pos van ʼn twyfelagtige sender kliek nie. Whatsapp stuur nie e-posse oor verlore oproepe of stempos nie. 

Onegte WhatsApp afloer-toepassings

Whatsapp gebruik end-to-end enkripsie en gevolglik is dit nie moontlik om iemand anders se boodskappe te lees nie. Boodskappe kan slegs gelees word deur die fone wat dit stuur en ontvang.

Hierdie pogings moedig jou aan om iets af te laai wat nie bestaan of moontlik is nie. Jy betaal eintlik vir malware wat jou eie boodskappe lees wanneer jy dit op jou foon laai.

Laastens –

Hopelik het jy reeds die verstelling verander wat jou Whatsapp-details (telefoonnommer, naam, ens.) met Facebook deel en sal Facebook nie jou Whatsapp-rekening toeganklik maar vir 13 miljoen Facebook-gebruikers nie. 

Meer inligting oor dié kontroversiële beleidsverandering deur Whatsapp kan op die volgende bladsy gelees word:  http://www.mirror.co.uk/tech/you-can-stop-whatsapp-sharing-8893949

[ARTICLE DEUR DAVID WILES]

[:]

Email

Tags: , , , ,
Posted in Apps, Communication | Comments Off on [:en]Whatsapp scams[:af]Whatsapp-verblindery[:]

[:en]How to avoid spam[:af]Hoe om gemorspos te voorkom[:]

Thursday, March 17th, 2016

[:en]

Spam is unsolicited and often profitable bulk email. Spammers can send millions of emails in a single campaign for very little money. If even one recipient out of 10,000 makes a purchase, the spammer can turn a profit. Unfortunately spam is more than a mere nuisance. It is also used to distribute malware. 

Here are a few tips to prevent your mailbox from being flooded with unwanted, dubious e-mails.

Never make a purchase from an unsolicited email.
By making a purchase, you are funding future spam. Spammers may add your email address to lists to sell to other spammers and you will receive even more junk email. Worse still, you could be the victim of a fraud.

If you do not know the sender of an unsolicited email, delete it.
Spam can contain malware that damages or compromises the computer when the email is opened.

Don’t use the preview mode in your email viewer.
Spammers can track when a message is viewed, even if you don’t click on it. The preview setting effectively opens the email and lets spammers know that you receive their messages. When you check your email, try to decide whether a message is spam on the basis of the subject line only.

Don’t overexpose your email address.
How much online exposure you give your email address is the biggest factor in how much spam you receive. Here are some bad habits that expose your email address to spammers:
– Posting to mailing lists that are archived online
– Submitting your address to online services with questionable privacy practices
– Exposing your address publicly on social networks (Facebook, LinkedIn, etc.)
– Using an easily guessable address based on first name, last name and company
– Not keeping your work and personal email separate

Use the bcc field if you email many people at once.
The bcc or blind carbon copy field hides the list of recipients from other users. If you put the addresses in the To field, spammers may harvest them and add them to mailing lists.

Use one or two secondary email addresses.
 If you fill out web registration forms or surveys on sites from which you don’t want further information, use a secondary email address. 

Opt out of further information or offers.
When you fill out forms on websites, look for the checkbox that lets you choose whether to accept further information or offers. Uncheck if you don’t want to receive any more correspondence.

Take note that information below is an extract from the Sophos Threatsaurus, compiled by Sophos, a security software and hardware company.

[:af]

Gemorspos is ongewensde massa e-pos. Dis dikwels winsgewend vir die versenders aangesien miljoene e-posse in `n enkele veldtog gestuur kan word teen `n lae koste. As slegs een ontvanger uit 10,000 `n aankoop maak, kan die versender `n wins maak. Ongelukkig is gemorspos meer as net `n irritasie. Dit word ook gebruik om malware te versprei. 

Hier is `n paar wenke om te verhoed dat jou posbus oorloop van ongewensde, twyfelagtige e-posse.

Moet nooit iets koop deur gemorspos nie.
Deur iets te koop, befonds jy toekomstige gemorspos. Jy bevestig daarmee dat jou e-pos geldig is en jou e-posadres word dan bygevoeg op `n lys om te herverkoop aan ander gemorsposversenders. Jy sal derhalwe nog meer ontvang en stel jouself bloot aan moontlike bedrog.

Ken jy die persoon wat dit stuur? Nie? Vee dit uit.
Gemorspos kan malware bevat wat jou rekenaar besmet as jy die e-pos oopmaak.

Moenie die voorskou-opsie in jou e-posprogram gebruik nie.
Versenders van gemorspos kan sien of jy na die boodskap gekyk het, al maak jy dit nie oop nie. Die voorskou-verstelling maak inderwaarheid die e-pos oop en laat weet die versender dat die boodskap ontvang is. Wanneer jy e-pos lees, kyk na die onderwerpreël en probeer daarvolgens bepaal of dit gemorspos is.

Moenie jou e-pos onnodig blootstel nie.
Die grootste faktor wat bepaal hoeveel gemorspos jy kry, is hoeveel jy self jou e-posadres aanlyn blootstel. Hier is `n paar slegte gewoontes wat jou risiko verhoog:
– Jy stuur e-posse na adreslyste wat aanlyn gestoor word.
– Jy gee jou adres vir aanlyndienste waarvan die privaatheidspraktyke twyfelagtig is.
– Jy stel jou adres op sosiale netwerke bloot (Facebook, LinkedIn, ens.)
– Jy gebruik `n adres wat gebaseer is op jou naam, van en maatskappy.
– Jy gebruik een e-posadres vir werk en persoonlike sake. 

Gebruik die bcc-veld as jy vir `n groep mense e-pos stuur.
Die bcc of blind carbon copy veld steek die lys ontvangers weg. As jy al die adresse in die To veld sit, kan almal, ook gemorsposversenders, dit lees, en by hul eie adreslyste voeg.  

Gebruik een of twee sekondêre e-posadresse.
Wanneer jy webgebaseerde registrasievorms of opnames invul en daarna nie weer gepla wil word met inligting nie, gebruik `n ander, sekondêre adres vir die doel.

Kies om nie inligting of aanbiedinge te ontvang nie. 
Wanneer jy vorms op webwerwe invul, kyk vir die boksie wat jou die opsie gee om nie verdere inligting of aanbiedinge te ontvang nie. Verwyder die merkie af as jy nie gepla wil wees nie.

Neem kennis dat al hierdie inligting geneem is van die Sophos Threatsaurus, saamgestel deur Sophos, `n sekuriteit sagte- en hardwaremaatskappy. 

[:]

Email

Tags: ,
Posted in E-mail, Security | Comments Off on [:en]How to avoid spam[:af]Hoe om gemorspos te voorkom[:]

« Older Entries