{"id":13898,"date":"2019-07-17T14:11:44","date_gmt":"2019-07-17T12:11:44","guid":{"rendered":"http:\/\/blogs.sun.ac.za\/it\/?p=13898"},"modified":"2019-08-06T14:15:09","modified_gmt":"2019-08-06T12:15:09","slug":"phishing-scam-sent-from-compromised-gov-za-account","status":"publish","type":"post","link":"https:\/\/blogs.sun.ac.za\/it\/2019\/07\/phishing-scam-sent-from-compromised-gov-za-account\/","title":{"rendered":"[:en]Phishing scam sent from compromised GOV.ZA account[:]"},"content":{"rendered":"<p>[:en]<\/p>\n<p class=\"MsoNormal\">Please be aware of the following phishing e-mail which is now starting to be sent to university accounts and might be thought to be legitimate especially if the department has dealings with the Gauteng Government.<\/p>\n<p class=\"MsoNormal\">The Subject of the mail is \u201cPayment Notification\u201d and asks its victims to click on a link to \u201cVIEW PROOF OF PAYMENT\u201d.<\/p>\n<p class=\"MsoNormal\">Firstly the link is not a gov.za website and government departments do not usually send out\u00a0 e-mails asking you to click on unverified links.<\/p>\n<p><a href=\"http:\/\/blogs.sun.ac.za\/it\/files\/2019\/07\/gov.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft  wp-image-13899\" src=\"http:\/\/blogs.sun.ac.za\/it\/files\/2019\/07\/gov.jpg\" alt=\"\" width=\"638\" height=\"454\" srcset=\"https:\/\/blogs.sun.ac.za\/it\/files\/2019\/07\/gov.jpg 805w, https:\/\/blogs.sun.ac.za\/it\/files\/2019\/07\/gov-300x214.jpg 300w, https:\/\/blogs.sun.ac.za\/it\/files\/2019\/07\/gov-768x547.jpg 768w, https:\/\/blogs.sun.ac.za\/it\/files\/2019\/07\/gov-500x356.jpg 500w\" sizes=\"auto, (max-width: 638px) 100vw, 638px\" \/><\/a><\/p>\n<p class=\"MsoNormal\">\u00a0<\/p>\n<p class=\"MsoNormal\">The suspicious mail takes you to a site that asks you to download a file. This file has a encoded script (malware) that looks like an ordinary web page that asks you to enter your username,password and your cell number to \u201cconfirm\u201d your details and \u201callow\u201d you to view the encrypted PDF file. Of course this malware, now sitting on your PC sends your login details and password to another server overseas controlled by the scammers, which they will<br \/>\nthen use to break into your account at the university in order to do all sorts of nasty things.<\/p>\n<p class=\"MsoNormal\">So please be very careful, especially in the light of the compromised university accounts that were used earlier this week to launch a phishing attack from within the university.<\/p>\n<p class=\"MsoNormal\">The university is now a very popular target for phishers because they can easily gain access to personnel and student accounts as the users are not often aware of the dangers of phishing and are not informed about how to spot them.<\/p>\n<div style=\"mso-element: para-border-div; border: none; border-bottom: solid windowtext 3.0pt; padding: 0cm 0cm 1.0pt 0cm;\">\n<p class=\"MsoNormal\" style=\"border: none; padding: 0cm;\">\u00a0<\/p>\n<\/div>\n<p class=\"MsoNormal\"><span style=\"color: black;\">\u00a0<\/span><span style=\"color: black;\">You can report phishing scams and spam in two ways:\u200b<\/span><\/p>\n<p class=\"MsoNormal\"><span style=\"color: black;\">\u00a0<\/span><\/p>\n<p class=\"MsoNormal\"><span style=\"color: black;\">1.<strong> By reporting it on the ICT Partner Portal.\u200b\u200b<\/strong><\/span><\/p>\n<ul type=\"disc\">\n<li class=\"MsoNormal\" style=\"color: black; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l1 level1 lfo1;\">Go to <a href=\"https:\/\/servicedesk.sun.ac.za\/jira\/servicedesk\/customer\/portal\/6\/create\/115\"><br \/>\nhttps:\/\/servicedesk.sun.ac.za\/jira\/servicedesk\/customer\/portal\/6\/create\/115<\/a>.\u200b\u200b<\/li>\n<li class=\"MsoNormal\" style=\"color: black; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l1 level1 lfo1;\">Fill in your information and add the email as an attachment. Your request will automatically be logged on the system.\u200b\u200b \u200b\u200b<\/li>\n<\/ul>\n<p class=\"MsoNormal\"><strong><span style=\"color: black;\">2. By sending an email.\u200b\u200b<\/span><\/strong><\/p>\n<ul type=\"disc\">\n<li class=\"MsoNormal\" style=\"color: black; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l0 level1 lfo2;\">Start up a new mail addressed to <a href=\"mailto:csirt@sun.ac.za\">csirt@sun.ac.za<\/a>.\u200b\u200b<\/li>\n<li class=\"MsoNormal\" style=\"color: black; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l0 level1 lfo2;\">Use the Title \u201cSPAM\u201d (without quotes) in the Subject.\u200b\u200b<\/li>\n<li class=\"MsoNormal\" style=\"color: black; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l0 level1 lfo2;\">With this New Mail window open, drag the suspicious spam\/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the \u2013 New Mail.\u200b\u200b<\/li>\n<li class=\"MsoNormal\" style=\"color: black; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-list: l0 level1 lfo2;\">Send the mail.\u200b\u200b \u200b\u200b<\/li>\n<\/ul>\n<p class=\"MsoNormal\"><span style=\"color: black;\">If you have accidentally clicked on the link and already given any personal details to the phishers it is vitally important that you immediately go to the USERADM page (either<br \/>\n<a href=\"http:\/\/www.sun.ac.za\/password\">http:\/\/www.sun.ac.za\/password<\/a> or <a href=\"http:\/\/www.sun.ac.za\/useradm\">www.sun.ac.za\/useradm<\/a> and change your password immediately.) Make sure the new password is completely different, and is a strong password that will not be easily guessed, as well as changing the passwords on your social media and private e-mail accounts, especially if you use the same passwords on these accounts. Contact the IT Service Desk if you are still unsure.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p>[:]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[:en] Please be aware of the following phishing e-mail which is now starting to be sent to university accounts and might be thought to be legitimate especially if the department has dealings with the Gauteng Government. The Subject of the mail is \u201cPayment Notification\u201d and asks its victims to click on a link to \u201cVIEW [&hellip;]<\/p>\n","protected":false},"author":61,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20381,29187],"tags":[20381],"class_list":["post-13898","post","type-post","status-publish","format-standard","hentry","category-phishing","category-security-2","tag-phishing"],"publishpress_future_action":{"enabled":false,"date":"2026-05-08 03:16:50","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"category","extraData":[]},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/13898","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/users\/61"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/comments?post=13898"}],"version-history":[{"count":10,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/13898\/revisions"}],"predecessor-version":[{"id":13909,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/posts\/13898\/revisions\/13909"}],"wp:attachment":[{"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/media?parent=13898"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/categories?post=13898"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.sun.ac.za\/it\/wp-json\/wp\/v2\/tags?post=13898"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}