{"id":13565,"date":"2019-01-30T12:11:16","date_gmt":"2019-01-30T10:11:16","guid":{"rendered":"http:\/\/blogs.sun.ac.za\/it\/?p=13565"},"modified":"2019-01-31T10:46:48","modified_gmt":"2019-01-31T08:46:48","slug":"sars-phishing-scam","status":"publish","type":"post","link":"https:\/\/blogs.sun.ac.za\/it\/2019\/01\/sars-phishing-scam\/","title":{"rendered":"[:en]SARS phishing scam[:]"},"content":{"rendered":"<p>[:en]<\/p>\n<p>Please be on the lookout for the next phishing attack on the university network. This time (as occurred several times in 2018) it comes with a subject of \u201cSARS eFiling Letter Notification\u201d<\/p>\n<p>This is an obvious phishing scam using a website to attempt to steal your login details.<\/p>\n<ol>\n<li>SARS will\u00a0not send you an email with the salutation: \u201cDear Tax Payer\u201d, they&#8217;ll address you personally.<\/li>\n<li>The sender is a compromised email address from an estate agent in Pretoria and not a SARS email address.<\/li>\n<li>The link takes you to a site that is not the SARS eFiling Server address.<\/li>\n<li>Apart from department admin who deals with SARS directly, university email addresses are not (and should not be) used for SARS communication.<\/li>\n<\/ol>\n<p>Here is an example of the email that several of our observant colleagues and students have already reported:<\/p>\n<p><a href=\"http:\/\/blogs.sun.ac.za\/it\/files\/2019\/01\/sars1.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-large wp-image-13566\" src=\"http:\/\/blogs.sun.ac.za\/it\/files\/2019\/01\/sars1-500x387.jpg\" alt=\"\" width=\"500\" height=\"387\" srcset=\"https:\/\/blogs.sun.ac.za\/it\/files\/2019\/01\/sars1-500x387.jpg 500w, https:\/\/blogs.sun.ac.za\/it\/files\/2019\/01\/sars1-300x232.jpg 300w, https:\/\/blogs.sun.ac.za\/it\/files\/2019\/01\/sars1.jpg 704w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><\/a><\/p>\n<p>Here is the phishing website that will attempt to steal your login details:<\/p>\n<p><a href=\"http:\/\/blogs.sun.ac.za\/it\/files\/2019\/01\/sars2.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-large wp-image-13567\" src=\"http:\/\/blogs.sun.ac.za\/it\/files\/2019\/01\/sars2-500x347.jpg\" alt=\"\" width=\"500\" height=\"347\" srcset=\"https:\/\/blogs.sun.ac.za\/it\/files\/2019\/01\/sars2-500x347.jpg 500w, https:\/\/blogs.sun.ac.za\/it\/files\/2019\/01\/sars2-300x208.jpg 300w, https:\/\/blogs.sun.ac.za\/it\/files\/2019\/01\/sars2.jpg 706w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><\/a><\/p>\n<p>If you receive an email like this, please report it to IT Cyber Security as soon as possible.<\/p>\n<p>Once you have reported the spam or phishing mail, you can delete it immediately. You can report this in two ways:<\/p>\n<ol>\n<li>By reporting it on the ICT Partner Portal. Go to <a href=\"https:\/\/servicedesk.sun.ac.za\/jira\/servicedesk\/customer\/portal\/6\/create\/115\">https:\/\/servicedesk.sun.ac.za\/jira\/servicedesk\/customer\/portal\/6\/create\/115<\/a>. Fill in your information and add the email as an attachment. Your request will automatically be logged on the system.<\/li>\n<li>By sending an email.\u00a0\n<ol>\n<li>Start up a new mail addressed to <a href=\"mailto:csirt@sun.ac.za\">csirt@sun.ac.za<\/a>.<\/li>\n<li>Use the Title \u201cSPAM\u201d (without quotes) in the Subject.<\/li>\n<li>With this New Mail window open, drag the suspicious spam\/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the \u2013 New Mail.<\/li>\n<li>Send the mail.<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<p style=\"text-align: right;\">[ARTICLE BY DAVID WILES]<\/p>\n<p>[:]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[:en] Please be on the lookout for the next phishing attack on the university network. This time (as occurred several times in 2018) it comes with a subject of \u201cSARS eFiling Letter Notification\u201d This is an obvious phishing scam using a website to attempt to steal your login details. SARS will\u00a0not send you an email [&hellip;]<\/p>\n","protected":false},"author":259,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20382,20381,29187],"tags":[],"class_list":["post-13565","post","type-post","status-publish","format-standard","hentry","category-email","category-phishing","category-security-2"],"publishpress_future_action":{"enabled":false,"date":"2026-05-08 03:16:52","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"category","extraData":[]},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/13565","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/users\/259"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/comments?post=13565"}],"version-history":[{"count":5,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/13565\/revisions"}],"predecessor-version":[{"id":13572,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/13565\/revisions\/13572"}],"wp:attachment":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/media?parent=13565"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/categories?post=13565"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/tags?post=13565"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}