{"id":11273,"date":"2016-08-11T09:03:41","date_gmt":"2016-08-11T07:03:41","guid":{"rendered":"http:\/\/blogs.sun.ac.za\/it\/?p=11273"},"modified":"2016-08-26T08:50:05","modified_gmt":"2016-08-26T06:50:05","slug":"phishing-scam-disguised-as-a-mail-about-a-web-mail-update","status":"publish","type":"post","link":"https:\/\/blogs.sun.ac.za\/it\/2016\/08\/phishing-scam-disguised-as-a-mail-about-a-web-mail-update\/","title":{"rendered":"[:en]Phishing scam disguised as a mail about a &#8220;Web-mail update&#8221;"},"content":{"rendered":"<p>The scammers never stop trying to fool people and this particular version of a phishing scam is NOT new. This is the third time this year that this version of a typical phishing scam has arrived in university mail accounts. Last time it fooled several people, personnel and students alike, so there IS a danger.<\/p>\n<p>I have attached a screenshot of the scam and highlighted the tricks that the criminals use to fool us. See if you can spot them yourselves\u2026<\/p>\n<ol>\n<li>Sent from a compromised account, not in South Africa (In this case a university in the USA)<\/li>\n<li>It is not addressed to you\u2026 Just a \u201cDear Webmail user\u201d<\/li>\n<li>The amounts displayed that Webmail account have are incorrect. Stellenbosch Students have 1Tb of storage on their Office365 accounts. Personnel currently has 500Mb by default.<\/li>\n<li>Large letters telling you the \u201cCLICK HERE\u201d to \u201c\u201dupdate\u201d your account. The link does not go to a Stellenbosch site, but a server under the control of the scammers elsewhere.<\/li>\n<li>Threatening language to bully you into complying with their scam.<\/li>\n<\/ol>\n<p><a href=\"http:\/\/blogs.sun.ac.za\/it\/files\/2016\/08\/webmail-scam.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-11274\" src=\"http:\/\/blogs.sun.ac.za\/it\/files\/2016\/08\/webmail-scam.png\" alt=\"webmail-scam\" width=\"650\" height=\"247\" srcset=\"https:\/\/blogs.sun.ac.za\/it\/files\/2016\/08\/webmail-scam.png 1414w, https:\/\/blogs.sun.ac.za\/it\/files\/2016\/08\/webmail-scam-300x114.png 300w, https:\/\/blogs.sun.ac.za\/it\/files\/2016\/08\/webmail-scam-768x292.png 768w, https:\/\/blogs.sun.ac.za\/it\/files\/2016\/08\/webmail-scam-500x190.png 500w\" sizes=\"auto, (max-width: 650px) 100vw, 650px\" \/><\/a><\/p>\n<p>So how do you tell the difference between a phishing message and a legitimate message? Unfortunately, there is no one single technique that works in every situation, but there are 10 things that you can look for:<\/p>\n<ol>\n<li><strong>The message contains a mismatched URL<\/strong> &#8211; If the hyperlinked address is different from the address that is displayed, the message is probably fraudulent or malicious.<\/li>\n<li><strong>URLs contain a misleading domain name<\/strong> &#8211; The last part of a domain name is the most telling. If the links do NOT end with SUN.AC.ZA, then it is a phishing scam.<\/li>\n<li><strong>The message contains poor spelling and grammar<\/strong> \u2013 with the growth of SMS, WhatsApp and social media, poor spelling and grammar have become the norm, but bad grammar will never come from Information Technology.<\/li>\n<li><strong>The message asks for personal information<\/strong> &#8211; No matter how official an email message might look, it is always a bad sign if the message asks for personal information. Your bank doesn&#8217;t need you to send them your account number. They already know what that is.<\/li>\n<li><strong>The offer seems too good to be true<\/strong> &#8211; There is an old saying that <em>if something seems too good to be true, it probably is<\/em>. If you receive a message from someone unknown to you who is making big promises, the message is probably a scam.<\/li>\n<li><strong>You didn&#8217;t initiate the action<\/strong> &#8211; If you get a message informing you that you have won a contest you did not enter, you can be sure that the message is a scam.<\/li>\n<li><strong>You&#8217;re asked to send money to cover expenses<\/strong> &#8211; One telltale sign of a phishing email is that you will eventually be asked for money. If that happens, you can be sure that it&#8217;s a scam.<\/li>\n<li><strong>The message makes unrealistic threats<\/strong> &#8211; If a message makes unrealistic threats, it&#8217;s probably a scam.<\/li>\n<li><strong>The message appears to be from a government agency<\/strong> &#8211; Phishing artists who want to use intimidation don&#8217;t always pose as a bank. Sometimes they&#8217;ll send messages claiming to have come from a law enforcement agency, SARS, or the SA Police , or just about any other entity that might scare the average law-abiding citizen.<\/li>\n<li><strong>Something just doesn&#8217;t look right<\/strong> &#8211; casino security teams are taught to look for anything that JDLR\u2014Just Doesn&#8217;t Look Right. This same principle almost always applies to email messages.<\/li>\n<\/ol>\n<p style=\"text-align: right;\">[ARTICLE BY DAVID WILES]<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The scammers never stop trying to fool people and this particular version of a phishing scam is NOT new. This is the third time this year that this version of a typical phishing scam has arrived in university mail accounts. Last time it fooled several people, personnel and students alike, so there IS a danger. [&hellip;]<\/p>\n","protected":false},"author":259,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20382,29187],"tags":[],"class_list":["post-11273","post","type-post","status-publish","format-standard","hentry","category-email","category-security-2"],"publishpress_future_action":{"enabled":false,"date":"2026-05-08 04:01:15","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"category","extraData":[]},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/11273","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/users\/259"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/comments?post=11273"}],"version-history":[{"count":6,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/11273\/revisions"}],"predecessor-version":[{"id":11280,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/11273\/revisions\/11280"}],"wp:attachment":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/media?parent=11273"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/categories?post=11273"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/tags?post=11273"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}