![\"\"](\"http:\/\/blogs.sun.ac.za\/gergablog\/files\/2019\/03\/SpearPhishing.jpg\")
For a large enterprise like Stellenbosch University phishing attacks are the most common cybercrime.<\/p>\n[:en]<\/p>\n
For a large enterprise like Stellenbosch University phishing attacks are the most common cybercrime.<\/p>\n
In the late 1990s and early 2000s, we were all inundated with spam emails, selling everything from fake pharmaceuticals to cheap perfumes. With spam, cybercriminals use a blanket approach sending emails to as many people as possible, hoping a few gullible customers will be funding further spam emails.<\/p>\n
General “shotgun” phishing is still a problem today, but the past 18 months have seen a rise in a more sinister form of cyberattack,\u00a0 spearphishing, which is much more targeted to an individual or an enterprise’s email system.<\/p>\n
Spearphishing is similar to phishing, it’s also a vector for identity theft where cybercriminals try to get users to hand over personal and sensitive information without their knowledge.<\/p>\n
Cybercriminals view phishing attacks as a profitable and an easy way to gain access to an enterprise enabling them to launch more sophisticated attacks, for example, spearphishing attacks. Humans are, after all,\u00a0 the weakest link and thus the most effective target for criminals looking to infiltrate a network like the university.<\/p>\n
Even though spearphishing is more focused than its less-sophisticated relative phishing, everyone can apply the following principles\u00a0to protect yourself and the university against cybercriminal activity:<\/p>\n
Use common sense when it comes to phishing attacks<\/strong> Watch out for shortened links<\/strong> Does the email look suspicious? Read it again<\/strong> Be wary of threats and urgent deadlines<\/strong> Browse securely with HTTPS<\/strong> Never use public, unsecured Wi-Fi,\u00a0including MatiesWiFi,\u00a0for banking, shopping or entering personal information online. Convenience should never be more important than safety.<\/em>\u00a0When in doubt, use your mobile\u2019s 3\/4G or LTE connection.<\/p>\n [ARTICLE by\u00a0<\/em>David Wiles]<\/em><\/p>\n [:]<\/p>\n","protected":false},"excerpt":{"rendered":" [:en] For a large enterprise like Stellenbosch University phishing attacks are the most common cybercrime. In the late 1990s and early 2000s, we were all inundated with spam emails, selling everything from fake pharmaceuticals to cheap perfumes. With spam, cybercriminals use a blanket approach sending emails to as many people as possible, hoping a few […]<\/p>\n","protected":false},"author":61,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20381,29187,48737],"tags":[20381,48692],"class_list":["post-13673","post","type-post","status-publish","format-standard","hentry","category-phishing","category-security-2","category-tips-2","tag-phishing","tag-spear-phishing"],"publishpress_future_action":{"enabled":false,"date":"2026-05-08 03:43:10","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"category","extraData":[]},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/13673","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/users\/61"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/comments?post=13673"}],"version-history":[{"count":11,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/13673\/revisions"}],"predecessor-version":[{"id":13685,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/13673\/revisions\/13685"}],"wp:attachment":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/media?parent=13673"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/categories?post=13673"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/tags?post=13673"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nBe sensible and smart while browsing online and checking your emails. Never click on links, download files or open attachments in email or social media, even if it appears to be from a known, trusted source. You should never click on links in an email to a website unless you are absolutely sure it’s authentic. If you have any doubt, open a new browser window and type the address into the address bar. Always be wary of emails asking for confidential information \u2013 especially if it asks for personal details or banking information. The university and your bank will never request sensitive information via email. They do not need it. They have it all already.<\/p>\n
\nPay particularly close attention to shortened links, especially on social media. Cybercriminals often use Bit.ly, Tinyurl.com, Goo.gl or Tr.im to trick you into thinking you are clicking a legitimate link when in fact, you are being inadvertently directed to a fake site. Always place your mouse over a web link in an email (known as “hovering”)<\/em> to see if you\u2019re being sent to the right website.<\/p>\n
\nMany phishing emails are obvious. They will be filled with plenty of spelling mistakes, CAPITALISATION and exclamation marks. They will also have impersonal salutations \u2013 e.g. \u2018Dear Valued Customer\u2019 or \u2018Dear Sir\/Madam\u2019 salutations \u2013 and will have implausible and generally suspicious content. Cybercriminals will often intentionally make mistakes in their emails bypass spam filters and improve responses.\u00a0<\/p>\n
\nSometimes the university does need you to do something urgently, however, this is an exception rather the rule. For example, you all have been getting reminders to reactivate your network account by the end of March. Threats and urgency, especially coming from what claims to be a legitimate company, are a giveaway sign of phishing. Some of these threats may include notices of a fine or advising you to take action to stop your account from being closed. Ignore the scare tactics and rather contact the company via phone.<\/p>\n
\nYou should always, where possible, use a secure website,\u00a0indicated by https:\/\/ and a security \u201clock\u201d icon in the browser\u2019s address bar,<\/i> to browse. This is particularly important when submitting sensitive information online, such as credit card details.<\/p>\n