Phishing attacks remain a constant threat. Whether they are sent to large numbers of students and staff or target the systems and services we use daily, ICTS and the UCT Computer Security Incident Response Team are constantly having to address these attacks as they arise.

To help you stay updated on these ongoing threats, we have created a central location that you can check if the IT Helpdesk is aware of a suspicious email that you have received.View a list of the type of phishing tactics that cybercriminals use to access your personal information.

Latest phishing attacks investigated by the UCT CSIRT

2024
  • 28 October: An email sent by info@afrihost.com titled "Reminder: Domain names expire on Monday Octobre 28, 2024.
  • 23 October: An email received from no-reply@fastway.za <no-reply@fastway.za> titled “Pay custom fees to get your package” 
  • 20 October: An email sent by REDFERN FINANCE" <admin@sail-industrialsupply.com> titled "Ready to Turn Your Dreams into Reality?"
  • 18 October: An email sent by no-reply@fastway.za titled "Pay custom fees to get your package"
  • 14 October: An email sent by Sharepoint Support <support@onthespotdrycleanersbayonne.com<mailto:support@onthespotdrycleanersbayonne.com>> titled "Action required for"
  • 14 October: An email sent by from Steve Henry <abmc267@gmail.com>  titled “Invitation to Submit Abstracts for GCBMS-2024 in Dubai” 
  • 28 July: an email sent by conceicaolacerda@ipmjp.pb.gov.br titled
    "GRAND PIANO"
  • 23 July: an email received from Elizabeth Steve <svetlana_slaveva@overgas.bg> titled "Grand Piano" or "Ram couriers"
  • 19 July: An email sent by info@t9l.com titled “New proposal” 
  • 16 July: An email received from uct.ac.za team <mail-reply0987@19618.net> titled “Mailbox synchronization” 
  • 1 July: An email sent by A-lert Ram <jackson04@tpg.com.au> with varying titles
  • 14 July: An email sent by support@fsqll.zendesk.com entitled "Icts-feedback, Please Update Your Payment"
  • 26 June: An email received from LlewellynJ@globalroofs.co.za with varying titles
  • 19 June: An email received from  NKHANGWELENI MAGARI <220005654@student.uj.ac.za> titled “Memo 06/08/2024” 
  • 6 June: An email received from received from pundopatie@gmail.com with varying titles 
  • 20 May: An email received from Новосибирск <novosib@maz-rus.com titled “tracking” 
  • 10 May: An email sent by mrjtr11@outlook.com titled "payment Reference (TGF- CCM)"
  • 10 April: An email sent by lady.edna@wyrinx.com entitled Yamaha Baby Grand Piano Giveaway
  • 2 April: an email received from support@in-nerds.de with varying titles
  • 27 March: an email received from notifichediaccesso@posteid.poste.it with varying titles  
  • 26 March: email received from info@ecostal.fr<mailto:info@ecostal.fr> titled “RE: Action Required : Package cannot be delivered to your address” 
  • 25 March: email received from CourierIT ZA © <info@email.baaham.de> with varying titles 
  • 1 March: email received from yasmingaibie@gmail.com with varying titles 
  • 26 February: email received from noreply0rtracking@fuze1host.accelerit.co.za titled “RE: Client #RL001097064
  • 20 February: email received from NoreplyRtracking@fuze1host.accelerit.co.za titled “RE: Client #RL001097064”
  • 7 February: Beware of phishing emails related to signing documents
  • 6 February: an email received from DEPARTMENT OF POLICE <bongiwe.sibisi@govsaps.co.za< titled “RFQ” but the subject may vary
 
2023
  • 5 September: Beware of phishing email entitled Completed … Invoice & Remittance August 2023
  • 22 August: An email sent by <international.tracking@newdhl.net>  titled “Your parcel is awaiting delivery !” has been identified as a phishing attempt.
  • 18 August: An email received from RAM Hand-to-Hand Couriers <support-couriers@support-express.info> titled “Reminder : Order N°” has been identified as a phishing attempt.
  • 7 August: An email received from info.south@lauproperty.com titled “RAM - Delivery Notification” has been identified as suspicious.
  • 2 August: An email received from Hebrew Atkinson <hebrew.a01@gmail.com> titled “Re: About an unclaimed policy” has been identified as a phishing attempt.
  • 4 July: An email received from Musa Khanyile <Musa.Khanyile@ecdpw.gov.za> titled “JULY PURCHASE ORDER” has been identified as a phishing attempt.
  • 20 June: An email received from no-reply@boscustweb5804.eigbox.net titled “Notice: Ref#974200269” has been identified as a phishing attempt.
  • 19 June: An email received from Customer ZA <No-Reply@boscustweb5801.eigbox.net> titled “Notice: Ref#974200269” has been identified as a phishing attempt.
  • 12 June: An email received from Dave Morgan <davemorgan689@gmail.com>, aliumohamed98@gmail.com or Dr.Nelson Kelly <nelsonkelly1962@gmail.com> titled “Dr.Nelson Kelly” has been identified as a phishing attempt.
  • 6 June: An email received from: trackingza@antique-quilt.com titled “Unfortunately , Your Package Delivery Failed” has been identified as a phishing attempt.
  • 23 May: An email received from Vincent Matholo <officedesk9000@gmail.com> titled “Important task” has been identified as a whaling phishing attempt.
  • 10 May: An email received from amelia.marketingleadssolutions@gmail.com titled “RE: Industry List & Conference Attendees Email List-2023” has been identified as a phishing attempt.
  • 13 April: An email sent by event@samdex.net entitled
    SAMDEX 2023 - Postponement to October 2023
  • 13 April: An email sent by 622e6beb75cce013e93118c50f17f977@nakamura-siding.jp entitled RAM : Attempt to shipped your items has been failed
  • 12 April: An email sent by zayne@billdozer.com entitled
    New Debit order package
  • 10 April: An email sent by support@npesnam.freshdesk.com entitled 
    NoticeN°896659076ZA
  • 9 April: an email sent by adragna_stephnie@outlook.com entitled
    Akhona loan
  • 5 April: an email sent by Post ZA <supportza@boscustpro0202.eigbox.net> entitled Post ZA: Ref#987894104

    Dear Customer,
     
    Thank you for choosing us,
    ________________________________________
    Your Package was not delivered because no tax duties were paid.
    ________________________________________
    You must complete the payment of (29,75 R).
    ________________________________________
    Pay tax fees by clicking on the following link.
     
    Send My Package...

  • 4 April: an email sent by no-reply@boscustweb2906.eigbox.net entitled Post ZA: Package REF#93880121
  • 4 April: an email sent by support@preview.droitthemes.net entitled 
    Post ZA: Ref#987894103
  • 4 April: an email sent by raisam@ifal.uh.cu entitled
    Your UCT Email Account password will expire in 2 days.
  • 1 April: an email sent by Post Office (Azul Esportes) <support@azulesportes.zendesk.com> entitled Notice N°852290336

    Este ticket foi criado em seu nome.
    Para adicionar mais comentários, responda a este e-mail.
              dear customer
     
    Post office informs you that your shipment N° ZA904951986 is still waiting instructions from you.
    Fees to pay    12,99 ZAR
    Date    01/04/2023
     
    Payment of postal service bills

  • 30 March: an email sent by elsacapacitors@letter.hongdacapacitor.com entitled MLCC MFG--cross Murata GQM & GJM ----Elsa
  • 29 March: an email sent by Post Office (Optimizers B.V.) <support@optimizers.zendesk.com> entitled [Request received] Notice : 758313159 [Ticket: 181621]
    Dear 
    Your request (181621) has been received and has been taken into consideration by our employees
    If you have any additional remarks to add, please reply to this e-mail
    Post Office (App2Track) 
    Mar 29, 2023, 12:22 GMT+2 
      
    Dear customer,
    We tried to deliver your package but there is an unpaid customs fee.
    Please confirm the payment of the shipping costs by following the instructions below:
     
    Follow Here
     
    Thank you for the trust you place in us and we strive to always be your best
     
     
    Met vriendelijke groet,
    Post Office
    T: +31 (0)88 303 5733 | E: support@App2Track.com | W: www.App2Track.com
     
  • 22 February: An email sent by Post Office ZA | E-commerce (Delivery) <support@alfinet.zendesk.com> entitled Notice n°429222987ZA

    Post Office ZA | E-commerce (Alfinet) 
    22 de fev. de 2023 04:37 BRT 
     
    Dear customer,
    We tried to deliver your package but there is an unpaid customs fee.
    Please confirm the payment of the shipping costs by following the instructions below:
     
    Follow Here
     
    Thank you for the trust you place in us and we strive to always be your best
     
  • 24 March: an email sent by mayra.cruz@saludzona6.gob.ec entitled RE: Looking for a loan??
  • 24 March: an email sent by magda@agrieproject.co.za entitled
    The Advanced Budgeting and Forecasting NQF-04 Course 2023
  • 15 March: an email sent by info@dcstendersa.org entitled
    REQUEST FOR QUOTATION
  • 13 March: an email sent by info@xirl.live entitled
    good day
  • 10 March: An email sent by service@t-disena.com entitled 
    Your Card will be suspended
  • 10 March: An email sent by multichoicedstv1968@outlook.com entitled
    MultiChoice DStv Explora World Wide Reference Code Number: IS20/70901259547
  • 8 March: An email sent by mmasotti@canela.com.br entitled
    Congrat Bill/Gate
  • 8 March: An email entitled lulalend@npm.tpisent.org entitled
    Special Offer @ 5% Fixed Interest Rate*
  • 6 March: An email sent by alexajesmin23@naver.com entitled 
    WTS !!!
  • 6 March: An email sent by merchandise.srs@gmail.com entitled 
    INQUIRY
  • 4 March: An email sent by valeria.summo@istitutotumori.mi.it entitled
    Do you have any big plans for the Weekend?
  • 3 March: An email sent by group04z@outlook.com entitled
    3m/6m/12m GP Containers for Sale
  • 28 February: An email sent by service@pixelmoon.ro entitled
    Yоu hаvе а расkаgе thаt nееds to bе dеlivегеd
  • 24 February: An email sent by support@run.bhumi.ngo entitled
    FWD:Notification!
  • 24 February: An email sent by info@singheehuat.creaworld.sg entitled FWD:Notification!
  • 23 February: An email sent by ms.chen@njkmmc.asia entitled
    How can it be possible to become a supplier of your company?
  • 20 February: An email sent by Post Office za <support@straighttalkingtech.com> entitled “Your Package N°23796252828725564501ZA is on Hold ! 06:39:52 PM” has been identified as a Phishing attempt.
  • 20 February: An email sent by WC:Prov Auxilary Services:Mateza SB- Lt Col <MatezaSB@saps.gov.za> entitled Solver Property Services      

    Re:Invoice10119.doc
        131.5 KB
    Payment Proof-(POP1).pdf
        29.5 KB
     Receipt of Farm Purchase.pdf
    120.3KB

    Attached Documents

    Solver Property Services 
    Portfolio Administrator 
    For and on behalf of the PM Team (Support structure to PM)
     

  • 11 February: An email sent by Customer ZA <noreply@maz.mazoj.com> entitled Post ZA: Ref#987894109

    Dear Customer,
     
    Thank you for choosing us,
    ________________________________________
    Your Package was not delivered because no customs duties were paid.
    ________________________________________
    You must complete the payment of (29,75 R).
    ________________________________________
    Pay customs fees by clicking on the following link.
     
    Send My Package...

    Note: Our TEAM services send messages minutes after you finish the payment.

  • 8 February: An email sent by Microsoft Account <0utlook-Info@webname.com> entitled Security Info Replacement contained the following

    Microsoft account
    Security Info Replacement

    Someone started a process to replace all of the security info for the Microsoft account.

    If this was you, click the button below to bypass the waiting period by using your existing security info.
    This was me

    If this wasn't you, someone else might be trying to take over. Click here  and we'll help you protect this account.

    If you don't recognize the Microsoft account, you can  Click here to remove your email address from that account.

    Thanks,
    The Microsoft account team

     
  • 6 February: An email sent by Customer ZA <support@fuarlojistigi.com> entitled Post ZA:: Ref#987894103 has been identified as a phishing attempt.
  • 3 February: An email sent from Jeffery Hoffmann <johnbirmingham01@outlook.com> entitled Re: Jeffery contained the following information:

    Hello,
     
        I have an urgent proposal for you, email me jefferyhoffmann6023@gmail.com

    Waiting for your responds

    Hoffman. 

  • 30 January: An email sent from South African Post Office <customer.services-intlpostoffice.co.za@events.seriousfactory.com> entitled “Your parcel could not be delivered because no customs duties were paid ” has been identified as a phishing attempt.
  • 26 January: An email sent by Lim Fun <limfun982@gmail.com> entitled Did you receive my last email, contained the following: 

    Hello,    
    I had sent you an e-mail which was unanswered , can you please confirm if this email address is still active and please kindly get back to me today

    Kind Regards. 
     

  • 25 January: A spear phishing email was sent by <hausercello12304@gmail.com> pretending to be an Executive Director at UCT. The email entitled FW: Important task contained the following: ᴀʀᴇ ʏᴏᴜ ᴀᴛ ᴡᴏʀᴋ? ʟᴇᴛ ᴍᴇ ʜᴀᴠᴇ ʏᴏᴜʀ ᴘᴇʀsᴏɴᴀʟ ᴡʜᴀᴛsᴀᴘᴘ ɴᴜᴍʙᴇʀ, ɪ ɴᴇᴇᴅ ʏᴏᴜ ᴏɴ ᴀ ᴛᴀsᴋ ᴜʀɢᴇɴᴛʟʏ. 
  • 24 January:  Email received from ZA Customer <support@info1515.freshdesk.com> entitled Post ZA: Package REF#52779010
  • 23 January: 
    • Email received from UCT Admin <mubarakmuhammadgoje@gmail.com> entitled Your UCT Email Account password will RESET in 2 days as a phishing attempt
    • Email received from nataliya.sergiyenko@r.uniqa.ua  entitled “Baby grand piano” as a phishing attempt
    • Email received from DEVESTELE JESSICA <JDEVESTELE@ville-tourcoing.fr> entitled RE: UCT NEW PAYROLL ADJUSTMENT!!!! as a phishing attempt
  • 18 January: Email received from michraysav@gmail.com entitled "Hello or Re: Hello"
  • 17 January: Email sent by State Treasury Law Firm <hebrewatkinson01@gmail.com> entitled “I await your response” 
  • 13 January: Email received during the festive season from imcb@nshc.za using various subject lines 
  • 9 January: Email sent by david owies <tasted@hotmail.co.za> entitled “Notice_Of_Payment or
    EFT_Payment.pdf”     
2022
  • 28 December:
    • From: Postoffice <support@getgrilling.com
    • From: Ram Hand-To-Hand-Couriers 
  • 28 November: from support@yuure.freshdesk.com entitled “RE: SAPO is informing you with....” 
  • 3 November: from ram hand to hand couriers <ram-hand-to-hand-couriers.co.za...@em8375.magazinetopten.com entitled “Your Parcel Number RL001097064 is on the way"
  • 3 October: from Kukkuk,Emsie (GPDRT) <Emsie.Kukkuk@gauteng.gov.za>  entitled “Office-PO”
  • 27 September: notifications@em.teachable.com
  • 16 September: from claimwfb@gmail.com entitled “Health Survey no. CDC/404890” 
  • 23 August: from elizabeth.b2btopdataprovider@gmail.com entitled “RE: B2B Email Lists-2022” as Inbound Spam
  • 22 August: from janet.conferencelist@gmail.com entitled “RE : B2B Email List -2022” as Inbound Spam
  • 19 August: from becky.peters@prospectiveleads.us entitled “Scholars at Risk 2022-Attendees list” as Inbound Spam.
  • 15 August: from south african Post office <support@southafrica.za> as a Phishing attempt

View more phishing attacks that were doing the rounds on campus

Latest security vulnerabilities affecting software/systems used at UCT

View the latest security advisories

Report it

If you receive such a phishing email, please do not respond to the sender, instead send the message to the IT Helpdesk (icts-helpdesk@uct.ac.za) for investigation.

Steps to follow if you're using Outlook Web App
  1. Navigate to https://outlook.com/owa/uct.ac.za and log on with your UCT staff/student number and password.
  2. Open a new email message. 
  3. Drag and drop the suspicious email in the message you created.
  4. Enter icts-helpdesk@uct.ac.za in the To field. Enter any additional information and click Send.
Instructions to follow when using the Outlook desktop client
  1. Select the email you want to forward, then go to the Home/Message tab.
  2. In the Respond group, select 
      More Respond Actions.
  3. Select Forward as Attachment.
  4. In the To field, enter the email address icts-helpdesk@uct.ac.za.
  5. Click Send.

Useful security tips

To protect yourself against becoming phishing bait, be sure to follow these recommendations:

  • Don't ever reply to emails, messages, or calls that request personal information – especially usernames and passwords.
  • NEVER share your password or PIN with anyone – not even an ICTS representative, or representatives of your bank, mobile network, or other service providers.
  • Ensure your passwords are complex by using a phrase, different languages or numbers, and symbols in place of letters.
  • Ensure your anti-virus, operating system, software, browsers and apps are always up to date. McAfee Web Control checks and blocks sites that have a bad reputation. Ensure that you run this feature on your desktop so that you limit the number of suspicious websites that you visit.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Re-check links before clicking Search.
  • Don't reply to spammers asking them to remove you from their mailing list.  Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Please check the announcements on the ICTS and CSIRT websites for the latest alerts. If your suspicious email differs to the one in the announcement, please report it to the IT Helpdesk at icts-helpdesk@uct.ac.za. You can report any other cybersecurity issues to the CSIRT at csirt@uct.ac.za.
  • If something feels phishy, trust your gut and avoid the message or action. Report it to the IT Helpdesk aticts-helpdesk@uct.ac.za.