Phishing attacks remain a constant threat. Whether they are sent to large numbers of students and staff or target the systems and services we use daily, ICTS and the UCT Computer Security Incident Response Team are constantly having to address these attacks as they arise.

To help you stay updated on these ongoing threats, we have created a central location that you can check if the IT Helpdesk is aware of a suspicious email that you have received.View a list of the type of phishing tactics that cybercriminals use to access your personal information.

Latest phishing attacks investigated by the UCT CSIRT

  • 6 February: An email sent by Customer ZA <> entitled Post ZA:: Ref#987894103 has been identified as a phishing attempt.
  • 3 February: An email sent from Jeffery Hoffmann <> entitled Re: Jeffery contained the following information:

        I have an urgent proposal for you, email me

    Waiting for your responds


  • 30 January: An email sent from South African Post Office <> entitled “Your parcel could not be delivered because no customs duties were paid ” has been identified as a phishing attempt.
  • 26 January: An email sent by Lim Fun <> entitled Did you receive my last email, contained the following: 

    I had sent you an e-mail which was unanswered , can you please confirm if this email address is still active and please kindly get back to me today

    Kind Regards. 

  • 25 January: A spear phishing email was sent by <> pretending to be an Executive Director at UCT. The email entitled FW: Important task contained the following: ᴀʀᴇ ʏᴏᴜ ᴀᴛ ᴡᴏʀᴋ? ʟᴇᴛ ᴍᴇ ʜᴀᴠᴇ ʏᴏᴜʀ ᴘᴇʀsᴏɴᴀʟ ᴡʜᴀᴛsᴀᴘᴘ ɴᴜᴍʙᴇʀ, ɪ ɴᴇᴇᴅ ʏᴏᴜ ᴏɴ ᴀ ᴛᴀsᴋ ᴜʀɢᴇɴᴛʟʏ. 
  • 24 January:  Email received from ZA Customer <> entitled Post ZA: Package REF#52779010
  • 23 January: 
    • Email received from UCT Admin <> entitled Your UCT Email Account password will RESET in 2 days as a phishing attempt
    • Email received from  entitled “Baby grand piano” as a phishing attempt
    • Email received from DEVESTELE JESSICA <> entitled RE: UCT NEW PAYROLL ADJUSTMENT!!!! as a phishing attempt
  • 18 January: Email received from entitled "Hello or Re: Hello"
  • 17 January: Email sent by State Treasury Law Firm <> entitled “I await your response” 
  • 13 January: Email received during the festive season from using various subject lines 
  • 9 January: Email sent by david owies <> entitled “Notice_Of_Payment or
  • 28 December:
    • From: Postoffice <
    • From: Ram Hand-To-Hand-Couriers 
  • 28 November: from entitled “RE: SAPO is informing you with....” 
  • 3 November: from ram hand to hand couriers < entitled “Your Parcel Number RL001097064 is on the way"
  • 3 October: from Kukkuk,Emsie (GPDRT) <>  entitled “Office-PO”
  • 27 September:
  • 16 September: from entitled “Health Survey no. CDC/404890” 
  • 23 August: from entitled “RE: B2B Email Lists-2022” as Inbound Spam
  • 22 August: from entitled “RE : B2B Email List -2022” as Inbound Spam
  • 19 August: from entitled “Scholars at Risk 2022-Attendees list” as Inbound Spam.
  • 15 August: from south african Post office <> as a Phishing attempt

View more phishing attacks that were doing the rounds on campus

Latest security vulnerabilities affecting software/systems used at UCT

View the latest security advisories

Report it

If you receive such a phishing email, please do not respond to the sender, instead send the message to the IT Helpdesk ( for investigation.

Steps to follow if you're using Outlook Web App
  1. Navigate to and log on with your UCT staff/student number and password.
  2. Open a new email message. 
  3. Drag and drop the suspicious email in the message you created.
  4. Enter in the To field. Enter any additional information and click Send.
Instructions to follow when using the Outlook desktop client
  1. Select the email you want to forward, then go to the Home/Message tab.
  2. In the Respond group, select 
      More Respond Actions.
  3. Select Forward as Attachment.
  4. In the To field, enter the email address
  5. Click Send.

Useful security tips

To protect yourself against becoming phishing bait, be sure to follow these recommendations:

  • Don't ever reply to emails, messages, or calls that request personal information – especially usernames and passwords.
  • NEVER share your password or PIN with anyone – not even an ICTS representative, or representatives of your bank, mobile network, or other service providers.
  • Ensure your passwords are complex by using a phrase, different languages or numbers, and symbols in place of letters.
  • Ensure your anti-virus, operating system, software, browsers and apps are always up to date. McAfee Web Control checks and blocks sites that have a bad reputation. Ensure that you run this feature on your desktop so that you limit the number of suspicious websites that you visit.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Re-check links before clicking Search.
  • Don't reply to spammers asking them to remove you from their mailing list.  Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Please check the announcements on the ICTS and CSIRT websites for the latest alerts. If your suspicious email differs to the one in the announcement, please report it to the IT Helpdesk at You can report any other cybersecurity issues to the CSIRT at
  • If something feels phishy, trust your gut and avoid the message or action. Report it to the IT Helpdesk