{"id":13233,"date":"2018-09-03T09:55:41","date_gmt":"2018-09-03T07:55:41","guid":{"rendered":"http:\/\/blogs.sun.ac.za\/it\/?p=13233"},"modified":"2018-11-19T11:53:47","modified_gmt":"2018-11-19T09:53:47","slug":"office-365-verification-phishing-scam-from-compromised-student-account","status":"publish","type":"post","link":"https:\/\/blogs.sun.ac.za\/it\/2018\/09\/office-365-verification-phishing-scam-from-compromised-student-account\/","title":{"rendered":"“Office 365 verification” phishing scam from compromised student account"},"content":{"rendered":"

[:en]<\/p>\n

Please be on the lookout for the following phishing scam coming this morning from a compromised student account:<\/p>\n

The subject will be \u201cOffice365 E-mail Verification\u201d (or a variation) and says that \u201cyou recently made a request to terminate your Office365 mail\u201d and to click on a link to cancel this termination.<\/p>\n

The mail should be immediately suspicious to most people with common sense and awareness of phishing scams, but here are a few signs:<\/p>\n

    \n
  1. Why is a student account<\/u><\/strong> sending you mail about your \u201ctermination\u201d of an Office365 account?<\/li>\n
  2. Why are they threatening<\/u><\/strong> you to verify or lose your account?<\/li>\n
  3. Why does the link point to a site that is not in the university network<\/u><\/strong> and is in Brazil of all places?<\/li>\n
  4. Why is something as \u201cimportant\u201d as this being sent in a non-secure email?<\/u><\/strong>\u00a0<\/li>\n<\/ol>\n

    Here is an example of one of these phishing emails that several observant students and colleague have sent me this morning already!<\/p>\n

    \"\"<\/a><\/p>\n

    If you have accidentally clicked on the link and given your login details to the phishers it is vitally important that you immediately go to the USERADM page (either http:\/\/www.sun.ac.za\/password<\/a> or www.sun.ac.za\/useradm<\/a> and change your password immediately. (Make sure the new password is completely different and is a strong password that will not be easily guessed, as well as changing the passwords on your social media and private e-mail accounts, especially if you use the same passwords on these accounts.)<\/em><\/p>\n

    If you have received mail that looks like the one above, please immediately report it to the Information Technology Security Team using the following method: (especially if it looks like it comes from a university address) Once you have reported it, delete it immediately.<\/p>\n

      \n
    1. Start up a new mail addressed to csirt@sun.ac.za (CC: sysadm@sun.ac.za<\/a>)<\/li>\n
    2. Use the Title \u201cSPAM\u201d (without quotes) in the Subject.<\/li>\n
    3. With this New Mail window open, drag the suspicious spam\/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.<\/li>\n
    4. Send the mail.<\/li>\n<\/ol>\n

      [ARTICLE BY DAVID WILES]<\/p>\n

       <\/p>\n

      [:af]<\/p>\n

      Please be on the lookout for the following phishing scam coming this morning from a compromised student account:<\/p>\n

      The subject will be \u201cOffice365 E-mail Verification\u201d (or a variation) and says that \u201cyou recently made a request to terminate your Office365 mail\u201d and to click on a link to cancel this termination.<\/p>\n

      The mail should be immediately suspicious to most people with common sense and awareness of phishing scams, but here are a few signs:<\/p>\n

        \n
      1. Why is a student account<\/u><\/strong> sending you mail about your \u201ctermination\u201d of an Office365 account?<\/li>\n
      2. Why are they threatening<\/u><\/strong> you to verify or lose your account?<\/li>\n
      3. Why does the link point to a site that is not in the university network<\/u><\/strong> and is in Brazil of all places?<\/li>\n
      4. Why is something as \u201cimportant\u201d as this being sent in a non-secure email?<\/u><\/strong>\u00a0<\/li>\n<\/ol>\n

        Here is an example of one of these phishing emails that several observant students and colleague have sent me this morning already!<\/p>\n

        \"\"<\/a><\/p>\n

        If you have accidentally clicked on the link and given your login details to the phishers it is vitally important that you immediately go to the USERADM page (either http:\/\/www.sun.ac.za\/password<\/a> or www.sun.ac.za\/useradm<\/a> and change your password immediately. (Make sure the new password is completely different and is a strong password that will not be easily guessed, as well as changing the passwords on your social media and private e-mail accounts, especially if you use the same passwords on these accounts.)<\/em><\/p>\n

        If you have received mail that looks like the one above, please immediately report it to the Information Technology Security Team using the following method: (especially if it looks like it comes from a university address) Once you have reported it, delete it immediately.<\/p>\n

          \n
        1. Start up a new mail addressed to sysadm@sun.ac.za<\/a> (CC: help@sun.ac.za<\/a>)<\/li>\n
        2. Use the Title \u201cSPAM\u201d (without quotes) in the Subject.<\/li>\n
        3. With this New Mail window open, drag the suspicious spam\/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.<\/li>\n
        4. Send the mail.<\/li>\n<\/ol>\n

          [ARTICLE BY DAVID WILES]<\/p>\n

           <\/p>\n

          [:]<\/p>\n","protected":false},"excerpt":{"rendered":"

          [:en] Please be on the lookout for the following phishing scam coming this morning from a compromised student account: The subject will be \u201cOffice365 E-mail Verification\u201d (or a variation) and says that \u201cyou recently made a request to terminate your Office365 mail\u201d and to click on a link to cancel this termination. The mail should […]<\/p>\n","protected":false},"author":259,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20381,149],"tags":[61988,20381],"class_list":["post-13233","post","type-post","status-publish","format-standard","hentry","category-phishing","category-students","tag-cyber-aware","tag-phishing"],"publishpress_future_action":{"enabled":false,"date":"2026-05-08 03:43:04","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"category","extraData":[]},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/13233","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/users\/259"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/comments?post=13233"}],"version-history":[{"count":7,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/13233\/revisions"}],"predecessor-version":[{"id":13446,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/13233\/revisions\/13446"}],"wp:attachment":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/media?parent=13233"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/categories?post=13233"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/tags?post=13233"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}