FAQs Spam and Phishing
Within seconds of being received by the UCT mail gateways, email messages pass through a number of security checks before being delivered to your mailbox. This is to prevent as much spam as possible from coming into the organisation.
UCT has to deal aggressively with spam because higher education institutions are one of the most spammed sectors in the world. However, sometimes these aggressive spam controls prevent legitimate messages from getting through to your mailbox. There are a number of reasons that this happens, but to help you retrieve those messages, UCT has enlisted the services of the Mimecast online email management tool for all UCT email addresses. The Mimecast service is only available for @uct.ac.za email addresses (i.e. UCT staff, third parties and post doctoral fellows).
If the Mimecast tool suspects that a message is spam, instead of removing it from the system, you will receive an email telling you that a message has been placed in the Mimecast On Hold queue. This gives you the opportunity to either Release, Block or Permit the message.
- Release: allows the message to be delivered to your mailbox, but does not automatically allow any other messages from the same sender to reach you.
- Block: rejects the message and blocks this sender from sending emails to you in future.
- Permit: delivers the message to your mailbox and you allows this sender to email you in future.
You will only receive an email if there are spam messages in your Personal On Hold queue. Hopefully over time you will receive less and less spam as the system "learns" what you do and don't allow through.
No, phishing relies on you to activate the attempt. ICTS provides protection from viruses and other malicious code by providing a desktop anti-virus program (McAfee EndPoint Security) and ensuring that regular patches are released via the network to protect your PC.
UCT cannot protect you if you decide to :
- Provide your information over the phone
- Fill out an unsecured web form (phishing)
- Access a malicious website that harvests information/keystrokes from your computer
- Respond to false emails (phishing / spam)
When a malicious email (e.g. a phishing attempt) is reported and recognised, ICTS will take all possible steps to minimise the risk to staff and students at UCT. However, ICTS cannot guarantee total protection against such messages - hence it is your responsibility to be cautious and to protect yourself from falling victim to such messages.
1. Recognise legitimate emails
ICTS uses a standard email template when sending out messages to staff and students at UCT. The template can help you to distinguish between legitimate messages from ICTS and phishing messages from fraudsters. To see an example of the template, check your UCT mailbox for a recent message from ICTS.
2. Protect your personal information
Don't give out personal information that may compromise you - whether this is by email, phone or online. Most major banks have publicly stated that they will NOT ask you to divulge confidential information over the phone or via email - unless you have phoned them to query or activate a service.
Figure 1: A phishing message claiming to be from ABSA bank.
3. Analyse the details
If you are unsure about a message's authenticity, check the email header - which shows you the From, To, and Subject information. In most cases, there are either spelling mistakes, or the message isn't even from the company referred to in the email. For example, in Figure 1 above, note that the sender's email address contains an extra "s" in the organisation's name (i.e. the address ends in "abssa.co.za") - a spelling anomaly that clearly indicates it is not from ABSA bank.
Phishing messages are often badly-written (using poor English) or the link provided is for a completely different website - which indicates that the legitimate company did not send you the message.
4. Look for warning signs
- Websites that are not secure:
- In a web address (URL), http indicates that the website is not secure. A secure URL will begin with https.
- You do not see a closed lock symbol in your browser. (A closed lock indicates a secure site, while an open or absent lock indicates an unsecured site.) Any website where you are expected to exchange personal information (a banking site or an online store) should be secure.
- Websites that do not offer signed certificates. Security Certificates contain information about who it belongs to, who it was issued by, a unique serial number or other unique identification, valid dates and an encrypted "fingerprint" that can be used to verify the content of the certificate. If your browser warns you that the certificate can't be verified, be wary of the site.
- Websites that request information that is out of context with the action to be performed. For example, why do you need to supply your ID number or street address to read a document?
- Email messages (supposedly sent to you by a bank, email provider or online store) that ask you to provide personal information or click on a link in the email body.
- Email messages that appear to be IT-related (asking you to verify your account details or warning you of some dire consequence should you fail to comply) often ask you to click on a link and ask for sensitive information. For example, an email from "System admin" may claim that there has been a breach of security on your account and that the company needs you to submit personal information. These emails are fake. No reputable IT organisation will send you emails of this kind.
- Public computers (at Internet cafes or other public spaces) may often be sources of illegally installed software to capture your computer keystrokes.
- Pop-ups that appear and request personal information - after you’ve gained access to a website that you trust.
- Pharming attempts - where a hacker redirects a legitimate website's traffic to a bogus site. Malware or a virus takes over your web browser and then, when you try to access a legitimate website, directs you to a fake one. Once you provide your personal information on the site, hackers access this information and use it fraudulently.
- Email attachments that you are not expecting.
- Telephone calls where the caller asks you to provide or verify personal information.
- Any emails claiming that there has been a breach of security on your account and that the company needs you to submit personal information.