{"id":12289,"date":"2017-07-24T11:43:41","date_gmt":"2017-07-24T09:43:41","guid":{"rendered":"http:\/\/blogs.sun.ac.za\/it\/?p=12289"},"modified":"2017-10-11T10:36:31","modified_gmt":"2017-10-11T08:36:31","slug":"warning-phishing-e-mail-about-exceeded-mailbox-limit","status":"publish","type":"post","link":"https:\/\/blogs.sun.ac.za\/it\/2017\/07\/warning-phishing-e-mail-about-exceeded-mailbox-limit\/","title":{"rendered":"[:en]PHISHING: Exceeded mailbox limit[:]"},"content":{"rendered":"

[:en]<\/p>\n

This week’s Monday morning phishing scam is in the form of a rather poorly worded \u201cWARNING\u201d about exceeding the limit of your email.<\/p>\n

The three exclamation marks (!!!) in the Subject line should immediately be a warning. Just because it comes from \u201cStellenbosch University Upgrade Team 2017\u201d doesn\u2019t guarantee that it is genuine!<\/p>\n

Here is what the phishing email looks like (With the dangerous parts removed):<\/p>\n

\n

From: Stellenbosch University Upgrade Team 2017 [mailto:forged_address@webmail.co.za<\/a>]<\/span><\/p>\n

Sent: Monday, 24 July 2017 10:49 AM<\/span><\/p>\n

Subject: Urgent Notification !!!<\/span><\/p>\n

Urgent <\/span>notification ,<\/p>\n

You have exceeded your <\/span>mail limit , Your account will be blocked from sending and receiving messages if your account is not been upgraded, upgrade your account free now Via the weblink <\/span>Below :<\/p>\n

http:\/\/dont_click.on.this.link<\/a><\/span><\/p>\n

If your account <\/span>have been upgraded please ignore this, this is for all student and <\/span>stafs please Thank you.<\/span><\/p>\n

Webmail \u00a9 2017<\/span><\/p>\n

Email: forged_address@webmail.co.za<\/a><\/span><\/p>\n

\n

Here are # tips below can help you spot a \u00a0phishing scam:<\/strong><\/p>\n

    \n
  1. Unofficial “From” address. Look out for a sender’s email address that is similar to, but not the same as, a company’s official email address. These email addresses are meant to fool you.<\/li>\n
  2. Urgent action required. Fraudsters often include urgent “calls to action” to try to get you to react immediately. Be wary of emails containing phrases like “your account will be closed,” “your account has been compromised,” or “urgent action required.” The fraudster is taking advantage of your concern to trick you into providing confidential information.<\/li>\n
  3. Generic salutation. Fraudsters often send thousands of phishing emails at one time. They may have your email address, but they seldom have your name. Be sceptical of an email sent with a generic greeting such as “Dear Customer” or “Dear Member”.<\/li>\n
  4. Link to a fake web site. To trick you into disclosing your user name and password, fraudsters often include a link to a fake web site that looks like (sometimes exactly like) the sign-in page of a legitimate web site. Just because a site includes a company’s logo or looks like the real page doesn’t mean it is!<\/li>\n
  5. Spelling errors, poor grammar, or inferior graphics.<\/li>\n
  6. Requests for personal information such as your password, user name, or bank account or credit card number. Legitimate companies will never ask you to verify or provide confidential information in an unsolicited email.<\/li>\n
  7. Attachments (which usually contain viruses, malware or ransomware).<\/li>\n<\/ol>\n

    If you have received mail that looks like this please immediately report it to the Information Technology Security Team using the following method:<\/p>\n

    Send the spam\/phishing mail to the following addresses<\/p>\n

    help@sun.ac.za<\/a>\u00a0and sysadm@sun.ac.za<\/a> as well.<\/p>\n

    Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe): http:\/\/stbsp01.stb.sun.ac.za\/innov\/it\/it-help\/Wiki%20Pages\/Spam%20sysadmin%20Eng.aspx<\/a><\/p>\n

      \n
    1. Start up a new email addressed to sysadm@sun.ac.za<\/a> (CC: csirt@sun.ac.za<\/a> and help@sun.ac.za<\/a><\/li>\n
    2. Use the Title \u201cSPAM\u201d (without quotes) in the Subject.<\/li>\n
    3. With this New Mail window open, drag the suspicious spam\/phishing mail from your Inbox into the New Mail Window. It will attach the email as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.<\/li>\n
    4. Send the email.<\/li>\n<\/ol>\n

      If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http:\/\/www.sun.ac.za\/useradm<\/a> and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private email accounts (especially if you use the same passwords on these accounts.)<\/p>\n

      [Article by David Wiles]<\/p>\n

       <\/p>\n

      [:]<\/p>\n","protected":false},"excerpt":{"rendered":"

      [:en] This week’s Monday morning phishing scam is in the form of a rather poorly worded \u201cWARNING\u201d about exceeding the limit of your email. The three exclamation marks (!!!) in the Subject line should immediately be a warning. Just because it comes from \u201cStellenbosch University Upgrade Team 2017\u201d doesn\u2019t guarantee that it is genuine! Here […]<\/p>\n","protected":false},"author":259,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20382,20381,29187],"tags":[20381],"class_list":["post-12289","post","type-post","status-publish","format-standard","hentry","category-email","category-phishing","category-security-2","tag-phishing"],"publishpress_future_action":{"enabled":false,"date":"2026-05-09 18:30:43","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"category","extraData":[]},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/12289","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/users\/259"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/comments?post=12289"}],"version-history":[{"count":9,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/12289\/revisions"}],"predecessor-version":[{"id":12500,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/12289\/revisions\/12500"}],"wp:attachment":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/media?parent=12289"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/categories?post=12289"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/tags?post=12289"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}