{"id":12283,"date":"2017-07-19T12:00:53","date_gmt":"2017-07-19T10:00:53","guid":{"rendered":"http:\/\/blogs.sun.ac.za\/it\/?p=12283"},"modified":"2017-10-11T10:37:02","modified_gmt":"2017-10-11T08:37:02","slug":"phishing-email-in-afrikaans","status":"publish","type":"post","link":"https:\/\/blogs.sun.ac.za\/it\/2017\/07\/phishing-email-in-afrikaans\/","title":{"rendered":"[:en]PHISHING: &#8220;Re: betaling aan jou rekening&#8221;[:]"},"content":{"rendered":"<p>[:en]<\/p>\n<p>About a year ago a new version of the ABSA Bank phishing email hit the university email server. What was new about this version was that the email was in Afrikaans. Although the Afrikaans was not perfect with some spelling and grammar mistakes, it still could have fooled many people, because of the \u201cfamiliarity\u201d component.<\/p>\n<p>Stellenbosch University still uses a lot of Afrikaans as its primary official communications medium, and many automated systems like the Financial system use Afrikaans to inform users of payments etc. While there is nothing wrong with this, phishing scammers have latched onto this and are now attempting to fool people into divulging their personal details using Afrikaans in their phishing e-mails.<\/p>\n<p>We were warned\u00a0early this morning about an email that was originating from UCT with dangerous content, and almost immediately the UCT phishing emails started arriving.<\/p>\n<p>Here is what to look out for:<\/p>\n<p>Mail will arrive from a forged or compromised \u201cUCT address\u201d that will look like this:<\/p>\n<hr \/>\n<p><strong>From:<\/strong> Anna Huang [<a href=\"mailto:forged_address@myuct.ac.za\">mailto:forged_address@myuct.ac.za<\/a>] <br \/>\n <strong>Sent:<\/strong> 19 July 2017 10:53 AM<br \/>\n <strong>To:<\/strong> Recipients &lt;<a href=\"mailto:forged_address@myuct.ac.za\">forged_address@myuct.ac.za<\/a>&gt;<br \/>\n <strong>Subject:<\/strong> Re: betaling aan jou rekening<\/p>\n<p><strong>Goeiemore,<\/strong><\/p>\n<p><strong>Vind aangehegte betalingsbewys.<\/strong><\/p>\n<p><strong>Dankie<\/strong><\/p>\n<p><em>Disclaimer &#8211; <\/em>University<em> of Cape Town This e-mail is subject to UCT policies and e-mail disclaimer published on our website at <a href=\"http:\/\/www.uct.ac.za\/about\/policies\/emaildisclaimer\/\">http:\/\/www.uct.ac.za\/about\/policies\/emaildisclaimer\/<\/a> or obtainable from +27 21 650 9111. If this e-mail is not related to the business of UCT, it is sent by the sender in an individual capacity. Please report security incidents or abuse via <a href=\"mailto:csirt@uct.ac.za\">csirt@uct.ac.za<\/a><\/em><\/p>\n<hr \/>\n<p>The disclaimer from the University and the Afrikaans could fool some people if they are not careful.<\/p>\n<p>The dangerous part is actually an attached html files (sometimes it might look like a PDF) that will present you with a login page where you will be asked to give your e-mail address and your password to \u201cview this payment\u201d<\/p>\n<p>The login page will look like this, in this version:<\/p>\n<p><a href=\"http:\/\/blogs.sun.ac.za\/it\/files\/2017\/07\/phishing.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" src=\"http:\/\/blogs.sun.ac.za\/it\/files\/2017\/07\/phishing-300x219.jpg\" alt=\"\" width=\"300\" height=\"219\" \/><\/a><\/p>\n<p>The actual server\u2019s address is also hidden by encoding it, so to the untrained eye, nothing will look suspicious. This is a typical phishing scam, but with the \u201csender\u201d coming from a neighbouring academic institution, and the language being Afrikaans, we need to be even more alert.<\/p>\n<p style=\"text-align: right;\">[Article by David Wiles]<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>[:]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[:en] About a year ago a new version of the ABSA Bank phishing email hit the university email server. What was new about this version was that the email was in Afrikaans. Although the Afrikaans was not perfect with some spelling and grammar mistakes, it still could have fooled many people, because of the \u201cfamiliarity\u201d [&hellip;]<\/p>\n","protected":false},"author":259,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20382,20381,29187],"tags":[20381],"class_list":["post-12283","post","type-post","status-publish","format-standard","hentry","category-email","category-phishing","category-security-2","tag-phishing"],"publishpress_future_action":{"enabled":false,"date":"2026-05-10 00:03:36","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"category","extraData":[]},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/12283","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/users\/259"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/comments?post=12283"}],"version-history":[{"count":5,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/12283\/revisions"}],"predecessor-version":[{"id":12501,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/12283\/revisions\/12501"}],"wp:attachment":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/media?parent=12283"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/categories?post=12283"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/tags?post=12283"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}