Warning: severe phishing attacks underway on campus

21 Jul 2017 - 15:15

There is currently a severe phishing attack doing the rounds on campus, affecting both computers and mobile devices. The attack specifically targets staff and student email accounts with messages such as this one:

At present, there are at least 5 different variants of this email. All variants contain an attachment that leads to a phishing web page that looks like this:


  • If you did click the attachment in the email, DO NOT type your details into the page.
  • Students, please warn all your friends and staff please warn all your colleagues about this phishing attack.
  • If you received the email but took no action, delete the message immediately.


What happens if I clicked the attachment?

If you clicked the attachment and you did not enter your details into the phishing site, please run a full antivirus scan of your device.


What happens if I entered my details?

If you entered your details, your account may be compromised. This puts the UCT network and UCT assets at risk. It also means that your email account could be used to send out spam or phishing messages. If your account has been compromised, you might not be able to access any UCT services as we may have blocked the account.


If your account has been blocked If your account has not been blocked
  • You will not be able to log into your UCT email or other UCT services.
  • When you return to campus, you'll need to come into the ICTS Front Office to get your machine checked and have your UCT account unblocked.
  • If you require assistance with any issues relating to the attack, contact the IT Helpdesk via email or by calling 021 650 4500.
  • Change your UCT password immediately via Password Self-Service.
  • If you entered login details to a non-UCT service, such as your Gmail, change that password immediately.


Other phishing emails currently in circulation

In addition to the above phishing emails that come with attachments, a new strand of phishing messages are being sent to UCT email addresses. These messages could come with the subject line:

  • Recent Phishing Messages - fix issue now
  • System Upgrade

In both cases, the messages may come from a UCT email address, and they ask you to reply with your username and password. Other variations may also exist, so it’s best to be on the lookout for all suspicious messages of this kind.


If you have already, sent your login details, go to Password Self-Service and change your UCT password immediately.


Safety precautions

To keep your devices, account, and data safe, take the following precautions:

Report incidents to CSIRT
Report all suspicious cyber security incidents to the CSIRT (UCT Computer Security
Incident Response Team) at csirt@uct.ac.za.

Use an antivirus package
You must have an up-to-date anti-virus application, such as McAfee Endpoint Security,
installed before connecting to the UCT network. All UCT students and staff members may download and use are entitled to a site-licensed copy of McAfee Endpoint Security software.

For mobile phones, tablets, and other devices, be sure to install an anti-virus app. Good, free examples include Avast and AVG.

Back up your data
A backup is a copy of the data on your computer, which is placed on a storage medium, such as an external hard drive. Find out how to back up your data.


Be careful with your email

  • Don't reply to emails that request personal information.
  • Don't open email of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list. By replying, you are confirming your email address as valid. This will encourage them to send you more spam.
  • Don't forward chain letters or marketing material.
  • Don't respond to emailed competitions.

Read these articles for more about cyber security:

Watch these cybersecurity videos: