Service Announcements

Monday, 13 August 2018
Beware of latest SARS phishing attack

There is currently a South African Revenue Services (SARS) phishing attack doing the rounds on campus. Emails entitled “SARS eFiling” are being sent by various @sun.ac.za email addresses asking you to login to your eFiling account to view an EMP Statement of Account.  

The UCT Computer Security Incident Response Team have put the necessary security measures in place, and have blocked the links. Additionally, the UCT CSIRT team has been in contact with Stellenbosch University’s CSIRT to inform them of the phishing attack, and they are taking steps to stop it from happening.

What do I do?

  • DO NOT CLICK THE LINK IN THE EMAIL.
  • If you did click the attachment in the email, DO NOT enter your details on the page. Instead, please close the page and run a full antivirus scan of your machine. Then, on a device that you know to be free of malware and infection, change your SARS eFiling password. 

What happens if I clicked the attachment and entered my details?

If you've entered your details, your account may be compromised. Please:

  1. On a device that you know to be free of malware and infection, change your SARS eFiling password. 
  2. Inform SARS about this phishing attack and that you have provided your details.
  3. Run a full antivirus scan on the machine you used to enter your details.

Please remember:

  • Don't ever reply to emails that request personal information – especially usernames and passwords.
  • NEVER share your password with anyone – not even an ICTS representative.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list.  Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Don't forward chain letters or marketing material.
  • Report any incidence of this or other phishing attacks of cyber security issues to the UCT CSIRT at csirt@uct.ac.za. You can also report any other cybersecurity issues to the same address.

 

Monday, 13 August 2018
Shaming scam just another way to get access to your money

In recent days, media outlets have been reporting on the Belarus shame scam in which cybercriminals target individuals – asking them to pay a hefty ransom fee to avoid “compromising” personal information being made public.

How it works

A potential victim receives an email, WhatsApp, or Facebook message from a cybercriminal. The message claims that the criminal used malware to get incriminating or embarrassing information about the victim. If the victim doesn’t immediately pay a ransom fee, the criminal threatens to publish the information online, or share the information with the victim’s contacts.

To make the scam seem even more legitimate, the criminal includes the victim’s username and password for an online account. In actual fact, they have taken these login details from a previous security breach – where the victim’s account has been compromised. That account might not even be used by the victim anymore.

Safeguard yourself

These kinds of attacks are becoming more common in South Africa, so it’s crucial to always remain vigilant.

One of the most important ways you can protect yourself from such attacks is to use a different password for each of your accounts. That way, if one account is compromised, the others will remain secure. You can use a password manager to help you remember your passwords.

In addition, please remember these security tips:

  • Don't ever reply to emails that request personal information – especially usernames and passwords.
  • NEVER share your password with anyone – not even an ICTS representative.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list. By replying, you are confirming your email address as valid and will only encourage more spam.
  • Don't forward chain letters or marketing material.
  • Don't respond to emailed competitions.
Wednesday, 8 August 2018
Beware of latest Standard Bank phishing attack

We are aware of a new Standard Bank phishing attack which is currently doing the rounds. The cybercriminals are spoofing Standbard Banks’s ibsupport@standardbank.co.za email address, to make this attack seem legitimate. However, the links provided in the email will take you to malicious websites.

The subject lines used in this attack include:

  • Payment confirmation
  • YOU A PENDING DEPOSIT

A screenshot of a social media postDescription generated with very high confidence

The UCT Computer Security Incident Response Team have put the necessary security measures in place, and have blocked the links.

What do I do?

  • DO NOT CLICK THE LINK IN THE EMAIL.
  • If you did click the attachment in the email, DO NOT enter your details on the page. Instead, please close the page and run a full antivirus scan of your machine. Then, on a device that you know to be free of malware and infection, change your online banking password. 

What happens if I clicked the attachment and entered my details?

If you've entered your details, your account may be compromised. Please:

  1. On a device that you know to be free of malware and infection, change your online banking password. 
  2. Inform your bank about this phishing attack and that you have provided your details.
  3. Run a full antivirus scan on the machine you used to enter your details.

Please remember:

  • Don't ever reply to emails that request personal information – especially usernames and passwords.
  • NEVER share your password with anyone – not even an ICTS representative.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list.  Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Don't forward chain letters or marketing material.
  • Report any incidence of this or other phishing attacks of cyber security issues to the UCT CSIRT at csirt@uct.ac.za. You can also report any other cybersecurity issues to the same address.

 

Friday, 27 July 2018
New phishing attacks underway

There are currently several phishing attacks doing the rounds on campus. An email titled “Validate your Email” claims that you need to upgrade your Office365 email now, to avoid your account from being terminated.

A different attack is titled “Current Results Notification”, and claims to be a newsletter with updates about last semester's exams.

A different variation is titled "REMINDER: UCT GRANT APPLICATION".

After clicking the link, you are taken to a web page which asks you to enter your UCT credentials.

What do I do?

  • DO NOT CLICK THE LINK IN THE EMAIL.
  • If you did click the attachment in the email, DO NOT enter your details on the page. Instead, please close the page and run a full antivirus scan of your machine. Then, on a device that you know to be free of malware and infection, change your password

What happens if I clicked the attachment and entered my details?

If you've entered your details, your account may be compromised. This puts the UCT network and UCT assets at risk. Please:

  1. On a device that you know to be free of malware and infection, change your password
  2. Send an email to the IT Helpdesk informing them that your details were compromised, but that you have changed your password.
  3. Run a full antivirus scan on the machine you used to enter your details.

Please remember:

  • Don't ever reply to emails that request personal information – especially usernames and passwords.
  • NEVER share your password with anyone – not even an ICTS representative.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list.  Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Don't forward chain letters or marketing material.
  • Please check the announcements on the ICTS and CSIRT websites for the latest alerts. If your suspicious email differs to the one in the announcement, please report it to the CSIRT at csirt@uct.ac.za. You can also report any other cybersecurity issues to the same address.
Monday, 16 July 2018
Network renewal and monthly maintenance this weekend

As part of the UCT Network Renewal project, several services will be unavailable this weekend. ICTS's regular maintenance slot will also be in effect this Sunday.

Details and impact

  • Dates: Saturday 21st July (08:00 a.m.) until Sunday 22nd July (11:00 p.m.)
  • Services: The following services may be unavailable during this time:
    • eduroam
    • All internet connectivity (including wired)
    • All services hosted in the Upper Campus Data Centre

What you need to do

Please plan ahead so that you can minimise any inconvenience. For example, if you rely solely on eduroam for internet access, please arrange alternate connectivity – such as mobile data.

Going forward, please review the schedule of work so that you have an idea of further interruptions that may occur in the coming months.

We thank you for your patience and understanding as we undertake this crucial project to improve network performance and equip UCT to meet the challenges of the coming years.

Monday, 9 July 2018
New malware attack: don’t open attachments from unknown senders

Dear UCT colleagues and students,

We are aware of a new malware attack currently doing the rounds on campus. This attack usually comes from a Gmail address, and could be entitled Receipt for payment or something similar.

When you open the attachment, a blank screen is shown. You won’t immediately see any result, and you won’t be asked to enter any details – but malicious code will begin running in the background.

The UCT Computer Security Incident Response Team (CSIRT) is working together with our service provider to put the necessary security measures in place to prevent further spreading of this message.

What do I do?

  • DO NOT CLICK THE ATTACHMENT IN THE EMAIL.
  • Send an email to the UCT Cybersecurity Incident Response Team, informing them that you received this email.
  • Delete the message from your Inbox, then delete it from your Deleted Items folder.

What happens if I clicked the attachment?

If you opened the attachment, your account may be compromised. This puts the UCT network and UCT assets at risk. Please:

  1. Disconnect your computer / device from the UCT network. You could shut down the computer, pull out the network cable (if you’re on a wired connection), or disable wireless communication (if you’re using WiFi).
  2. Using a device that you know to be free of malware and infection, immediately change your UCT password using Password Self-Service.
  3. Send an email to the UCT Cybersecurity Incident Response Team informing them that you have opened the attachment, but that you have disconnected the compromised computer / device, and changed your UCT password.

Please remember

  • Don't ever reply to emails that request personal information – especially usernames and passwords.
  • NEVER share your password with anyone – not even an ICTS representative.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list. Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Don't forward chain letters or marketing material.
  • Report any incidence of this or other phishing attacks of cyber security issues to the UCT CSIRT at uctcsirt@uct.ac.za. You can also report any other cybersecurity issues to the same address.
Tuesday, 7 August 2018
Certain ICT services unavailable this weekend

As part of the UCT Network Renewal project, some services will be unavailable this Sunday.

Details and impact

  • Sunday 12th August (08:00 a.m. to 11:00 p.m.):
    • Eduroam
    • All internet connectivity (including wired)
    • All services hosted in the Upper Campus Data Centre

What you need to do

Please plan ahead so that you can minimise any inconvenience. For example, if you rely solely on eduroam for internet access, please arrange alternate connectivity – such as mobile data.

Going forward, please review the schedule of work so that you have an idea of further interruptions that may occur in the coming months.

We thank you for your patience and understanding as we undertake this crucial project to improve network performance and equip UCT to meet the challenges of the coming years.

Tuesday, 19 June 2018
New malware attack: Don't open attachment from compromised alumni account

Dear UCT colleagues and students,

There is currently a malware attack doing the rounds on campus. This attack, which contains a malicious attachment, specifically targets staff and student email accounts. Upon clicking on the attachment, you are redirected to a malware site, pretending to be Microsoft OneDrive, where your UCT credentials may be compromised.

The UCT Computer Security Incident Response Team (CSIRT) has blocked the account to prevent further spreading of the message.

The message is currently being sent from a compromised alumni account with the subject line “Review Docs”. The message may appear as follows:

Email from Duduzile Dlamini, with the subject line "Review Docs". The attachment is a PDF named "DOC18062018.pdf". The message text says: "Please see the attached. If you have any questions please email me and I will be happy to respond.  Kind Regards,  Duduzile"

What do I do?

  • DO NOT CLICK THE ATTACHMENT IN THE EMAIL.
  • If you did click the attachment in the email, DO NOT enter your details on the page. Instead, please close the attachment and run a full antivirus scan of your machine. Then, on a device that you know to be free of malware and infection, change your password.

What happens if I clicked the attachment and entered my details?

If you've entered your details, your account may be compromised. This puts the UCT network and UCT assets at risk. Please:

  1. On a device that you know to be free of malware and infection, change your password.    
  2. Send an email to the UCT Cybersecurity Incident Response Team informing them that your details were compromised, but that you have changed your password.
  3. Run a full antivirus scan on the machine you used to enter your details.

Please remember:

  • Don't ever reply to emails that request personal information – especially usernames and passwords.
  • NEVER share your password with anyone – not even an ICTS representative.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list.  Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Don't forward chain letters or marketing material.
  • Report any incidence of this or other phishing attacks of cyber security issues to the UCT CSIRT at csirt@uct.ac.za. You can also report any other cybersecurity issues to the same address.
Monday, 28 May 2018
UCT CSIRT investigating life threatening phishing email

The UCT Computer Security Incident Response Team (CSIRT) is aware of a phishing email that has been sent to some UCT staff members indicating that their lives are at risk. The necessary security measures have been put in place to block this sender, and to prevent any replies from being sent to this email address.

We take these sort of phishing emails very seriously and will be conducting the necessary investigations. If you receive any future suspicious emails, please forward them to uctcsirt@uct.ac.za.

Please remember:

  • Don't ever reply to emails that request personal information – especially usernames and passwords.
  • NEVER share your password with anyone – not even an ICTS representative.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list.  Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Don't forward chain letters or marketing material.
  • Report any incidence of this or other phishing attacks of cyber security issues to the UCT CSIRT at uctcsirt@uct.ac.za. You can also report any other cybersecurity issues to the same address.
Thursday, 17 May 2018
New phishing attacks: Don't give out your username and password

Dear UCT colleagues and students,

There are currently a number of phishing attacks doing the rounds on campus. These attacks, which contain a malicious attachment, specifically targets staff and student email accounts with messages such as this one:

 

 

What do I do?

  • DO NOT CLICK THE ATTACHMENT IN THE EMAIL.
  • If you did click the attachment in the email, DO NOT enter your details on the page. Instead, please close the attachment and run a full antivirus scan of your machine.

What happens if I clicked the attachment and entered my details?

If you've entered your details, your account may be compromised. This puts the UCT network and UCT assets at risk. Please:

  1. Change your password immediately on a device that you know to be free of malware and infection.    
  2. Send an email to the UCT Cybersecurity Incident Response Team informing them that your details were compromised, but that you have changed your password.

Please remember:

  • Don't ever reply to emails that request personal information – especially usernames and passwords.
  • NEVER share your password with anyone – not even an ICTS representative.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list.  Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Don't forward chain letters or marketing material.
  • Report any incidence of this or other phishing attacks of cyber security issues to the UCT CSIRT at csirt@uct.ac.za. You can also report any other cybersecurity issues to the same address.

Pages