Search

Home > News > Notice board

Notice board

Thursday, 14 October 2021
Beware of SMSs pretending to be from UCT senior management

Cybercriminals use various ways to get access to your information or even the UCT network. A recent example being investigated by the UCT Computer Security Incident Response Team (CSIRT) involves an SMS that appears to be from a senior UCT manager. Those who receive the message are asked to contact the individual using the provided email address.

In this case, even though the message appeared to be from a UCT staff member, an @gmail.com email address was used. In addition, the mobile number used to send the SMS does not belong to the UCT manager.

What should I do?

It is highly unlikely that a senior member of the UCT community will contact you directly via SMS. If you get such an SMS, do not respond to it. Verify it by directly contacting the individual using their officially-listed UCT contact details, instead of those provided in the message.

Remember these security tips

  • Never reply to emails, messages, or calls that request personal information – especially usernames and passwords.
  • If you receive a call, message, or email out of the blue from your bank or a service provider indicating that there is a problem with your account, thank the caller then hang up. Call the institution directly using the number listed on their website and verify if the call is legitimate or a scam. Never call back using details provided by the caller. You never know who will be on the other side. Some hackers run professional cybercrime companies, including helpdesk centres that sound very convincing.
  • If you receive a call about an issue that you never logged and you’re asked to give the caller remote access, do not take any action. Rather hang up and report the issue to your service provider.
  • Make sure you have anti-virus installed on your devices. At UCT, you have access to McAfee which you can install on your UCT-owned and personal computers.
  • Keep your operating system, software, and anti-virus up to date at all times. The latest security updates contain patches and fixes to keep your devices and information secure.
  • Please do not forward the message to your contacts. Report it to the IT Helpdesk at icts-helpdesk@uct.ac.za, who will then conduct the necessary investigations.
Tuesday, 5 October 2021
Credit on account phishing attempt

The UCT Computer Security Incident Response Team (CSIRT) is investigating a new phishing attempt that asks you to click a link in an email entitled Credit on account. The email sent from an @gmail.com email address is written in Afrikaans and requires you to click a payfast.com link to access an invoice.

What do I do?

If you receive such an unexpected email request, even if it looks like it is from one of your contacts or a legitimate company, please do not click the links. First contact the individual to verify that they sent it.

If they did not send it, please inform the IT Helpdesk immediately by sending the email on to icts-helpdesk@uct.ac.za. You can then delete the email. The same advice applies to any suspicious emails you receive on your UCT account.

If you have already clicked the link in the email, DO NOT enter your details if prompted. Instead, run a full antivirus scan of your machine. Then, on a device that you know to be free of malware and infection, change your UCT password. Send an email to the IT Helpdesk informing them that your details were compromised, but that you have changed your password.

Please remember:

  • Don't ever reply to emails, messages, or calls that request personal information – especially usernames and passwords.
  • NEVER share your password or PIN with anyone – not even an ICTS representative, or representatives of your bank, mobile network, or other service providers.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list.  Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Don't forward chain letters or marketing material.
  • Please check the announcements on the ICTS and CSIRT websites for the latest alerts. If your suspicious email differs to the one in the announcement, please report it to the IT Helpdesk at icts-helpdesk@uct.ac.za. You can report any other cybersecurity issues to the CSIRT at csirt@uct.ac.za.
Tuesday, 5 October 2021
Latest phishing attempt entitled "Bewys van betaling"

The UCT Computer Security Incident Response Team (CSIRT) is investigating a new phishing attempt that asks you to click a link in an email entitled Bewys van betaling. It was sent from a @gmail.com email address. 

What do I do?

If you receive such an unexpected email request, even if it looks like it is from one of your contacts or a legitimate company, please do not click the links. First contact the individual to verify that they sent it.

If they did not send it, please inform the IT Helpdesk immediately by sending the email on to icts-helpdesk@uct.ac.za. You can then delete the email. The same advice applies to any suspicious emails you receive on your UCT account.

If you have already clicked the link in the email, DO NOT enter your details if prompted. Instead, run a full antivirus scan of your machine. Then, on a device that you know to be free of malware and infection, change your UCT password. Send an email to the IT Helpdesk informing them that your details were compromised, but that you have changed your password.

Please remember:

  • Don't ever reply to emails, messages, or calls that request personal information – especially usernames and passwords.
  • NEVER share your password or PIN with anyone – not even an ICTS representative, or representatives of your bank, mobile network, or other service providers.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list.  Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Don't forward chain letters or marketing material.
  • Please check the announcements on the ICTS and CSIRT websites for the latest alerts. If your suspicious email differs to the one in the announcement, please report it to the IT Helpdesk at icts-helpdesk@uct.ac.za. You can report any other cybersecurity issues to the CSIRT at csirt@uct.ac.za.
Friday, 10 September 2021
Spam email entitled "i12"

We have investigated and identified a message you have received from Emily <ken-0d@xingyaokeji073.site titled i12 as spam. 

The From email address as well as the one included in the email have been blocked and reported.

What do I do?

  • Do not respond or forward the email. You can ignore or delete.
  • For further guidance or assistance with this please Contact the ICTS Helpdesk on 021 650 4500 or icts-helpdesk@uct.ac.za

Always remember these security tips

  • Don't ever reply to emails that request personal information – especially usernames and passwords.
  • NEVER share your password with anyone – not even an ICTS representative.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise the URL that  the link directs you to.
  • Don't reply to spammers asking them to remove you from their mailing list.  Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Don't forward chain letters or marketing material.
  • Report any incidence of this or other phishing attacks of cyber security issues to the UCT CSIRT at UCTcsirt@uct.ac.za. You can also report any other cybersecurity issues to the same address.
Thursday, 26 August 2021
Remote access scams on the rise

Beware of any requests to install or run unknown software on your devices

There appears to be an increase in remote access scams, which means that you need to be on your guard when receiving unexpected communication from so-called service providers.

A cybercriminal makes initial contact with you via email, phone call or message. They then inform you that there is an issue or unusual activity on one of your accounts (e.g., banking, social media, online shopping, etc.), or that they’re picking up an error on your device. The message could contain a phone number you need to call to get the necessary assistance.

When you call the number, you are asked to install or run remote access software that will supposedly allow them to investigate and resolve the issue. Alternatively, you may be required to navigate to a website and enter your login details. That website may be a fake copy of a banking, university or other corporate site. Both methods could allow the caller to take control of your device(s) and perform various activities. It could lead to financial loss, as they may gain access to your device, banking account and/or any other accounts. This event may also cause reputational damage as they could use your mailbox or social media accounts to send spam or phishing messages. They could even gain access to the UCT network and perform illegal activities in your name.

The security threat is real. These types of scams are constantly evolving and becoming more sophisticated, making it difficult to differentiate what is real and an attack. It is important that you constantly stay alert to prevent becoming the next victim.

What should I do?

  • Don't ever reply to emails, messages, or calls that request personal information – especially usernames and passwords.

  • If you receive a call out of the blue from your bank or a service provider indicating that there is a problem with your account, thank the caller then hang up. Call the institution directly using the number listed on their website and verify if the call is legitimate or a scam. Never call back using details provided by the caller. You never know who will be on the other side. Some hackers run professional cybercrime companies, including helpdesk centres that sound very convincing.

  • If you receive a call about an issue that you never logged and you’re asked to give the caller remote access, do not take any action. Rather hang up and report the issue to your service provider.

  • If you get a call from an organisation you deal with, and you’re asked for information that the organisation should already have, hang up and rather call back using their listed contact details. If you cannot find their number, use their listed email address and explain what happened. Remember not to provide any personal information in the email – just the facts about what happened.

  • Be wary of the software and applications you install. Always get these from reputable sources.

  • Make sure you have anti-virus installed on your devices. At UCT, you have access to McAfee which you can install on your UCT-owned and personal computers.

  • Keep your operating system, software, and anti-virus up to date at all times. The latest security updates contain patches and fixes to keep your devices and information secure.

  • Do not open attachments unless you can verify the sender and the nature of the attachment.

  • Don't open emails of unknown origin.

  • Don't click on links in emails if you cannot recognise where the link directs you.

  • Regularly check the announcements on the ICTS and CSIRT websites for the latest alerts. If your suspicious email differs to the one in the announcement, please report it to the IT Helpdesk at icts-helpdesk@uct.ac.za. You can report any other cybersecurity issues to the CSIRT at csirt@uct.ac.za.

Together we can fight cybercrime.

Friday, 20 August 2021
Beware of phishing attempt entitled "Proposal"

We have investigated and identified a message you have received from noreply-service@ucsf.edu titled PROPOSAL as a phishing attempt.

What do I do?

  • If you have clicked on the link in the email, please urgently reset your password on a known clean device and run a full anti-virus scan on your machine or mobile device.
  • For further guidance or assistance with this please Contact the ICTS Helpdesk on 021 650 4500 or icts-helpdesk@uct.ac.za

Always remember these security tips

  • Don't ever reply to emails that request personal information – especially usernames and passwords.
  • NEVER share your password with anyone – not even an ICTS representative.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise the URL that  the link directs you to.
  • Don't reply to spammers asking them to remove you from their mailing list.  Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Don't forward chain letters or marketing material.
  • Report any incidence of this or other phishing attacks of cyber security issues to the UCT CSIRT at UCTcsirt@uct.ac.za. You can also report any other cybersecurity issues to the same address.
Thursday, 10 June 2021
Beware of purchase order phishing attempt

The UCT Computer Security Incident Response Team (CSIRT) is investigating a new phishing attempt that asks you to open a shared file. The email entitled purchase order is sent from an @myuct.ac.za email address and contains two links. One to view a purchase order and the second to submit a quote. 

What do I do?

If you receive such an unexpected email request, even if it looks like it is from one of your contacts or a legitimate company, please do not click the links. First contact the individual to verify that they sent it.

If they did not send it, please inform the IT Helpdesk immediately by sending the email on to icts-helpdesk@uct.ac.za. You can then delete the email. The same advice applies to any suspicious emails you receive on your UCT account.

If you have already clicked the link in the email, DO NOT enter your details if prompted. Instead, run a full antivirus scan of your machine. Then, on a device that you know to be free of malware and infection, change your UCT password. Send an email to the IT Helpdesk informing them that your details were compromised, but that you have changed your password.

Please remember:

  • Don't ever reply to emails, messages, or calls that request personal information – especially usernames and passwords.
  • NEVER share your password or PIN with anyone – not even an ICTS representative, or representatives of your bank, mobile network, or other service providers.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list.  Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Don't forward chain letters or marketing material.
  • Please check the announcements on the ICTS and CSIRT websites for the latest alerts. If your suspicious email differs to the one in the announcement, please report it to the IT Helpdesk at icts-helpdesk@uct.ac.za. You can report any other cybersecurity issues to the CSIRT at csirt@uct.ac.za.
Wednesday, 28 April 2021
Beware of latest spear phishing attempt

The UCT Computer Security Incident Response Team (CSIRT) is investigating a new spear phishing attempt, where a malicious individual pretends to be a person in authority, and sends an urgent request that often contains the following signs: 

  1. The email address is not legitimate.
  2. The message may be poorly-written.
  3. The nature of the request is highly unusual, and is emphasised as being urgent.

In this instance the email entitled Payment to Vendor pretends to be from the SRC president, but an @gmail.com email address is used instead.

 

Report it

If you receive such an email, please do not respond to the sender, instead send the message to the IT Helpdesk (icts-helpdesk@uct.ac.za) for investigation.

You will need to send a copy of the original email or the header information in the original email.

 

Steps to follow if you have a myUCT email address
  1. Navigate to https://outlook.com/owa/uct.ac.za and log on with your UCT student number and password.
  2. On the selected email, navigate to and click on the ellipse to access More actions

  1. From the More actions fly-out menu, select View message details

  1. Select all of the message content and copy this into a new email address to icts-helpdesk@uct.ac.za

Instructions to follow if using the Outlook desktop client
  1. Double-click the email message to open it.
  2. Click File in the top left corner > Save as.
  3. Select a location to save the email and click Save.

Send the saved file as an attachment to icts-helpdesk@uct.ac.za.

Monday, 19 April 2021
Beware of latest file sharing phishing attempt 20 April 2021

The UCT Computer Security Incident Response Team (CSIRT) is investigating a new phishing attempt that asks you to open a shared file. The email entitled ...is inviting you to collaborate on PROJECT 2022 is sent from an @myuct.ac.za email address and contains a SharePoint link that wants you to download a PDF document. By clicking the link you’re redirected to a webpage that resembles the Microsoft login page.

What do I do?

If you receive such an unexpected email request, even if it looks like it is from one of your contacts or a legitimate company, please do not click the link. First contact the individual to verify that they sent it.

If they did not send it, please inform the IT Helpdesk immediately by sending the email on to icts-helpdesk@uct.ac.za. You can then delete the email. The same advice applies to any suspicious emails you receive on your UCT account.

If you have already clicked the link in the email, DO NOT enter your details if prompted. Instead, run a full antivirus scan of your machine. Then, on a device that you know to be free of malware and infection, change your UCT password

What happens if I clicked the link and entered my details?

If you've entered your details, your account may be compromised. This puts the UCT network and UCT assets at risk. Please:

  1. On a device that you know to be free of malware and infection, change your password
  2. Send an email to the IT Helpdesk informing them that your details were compromised, but that you have changed your password.
  3. Run a full antivirus scan on the machine you used to enter your details.

Please remember:

  • Don't ever reply to emails, messages, or calls that request personal information – especially usernames and passwords.
  • NEVER share your password or PIN with anyone – not even an ICTS representative, or representatives of your bank, mobile network, or other service providers.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list.  Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Don't forward chain letters or marketing material.
  • Please check the announcements on the ICTS and CSIRT websites for the latest alerts. If your suspicious email differs to the one in the announcement, please report it to the IT Helpdesk at icts-helpdesk@uct.ac.za. You can report any other cybersecurity issues to the CSIRT at csirt@uct.ac.za.
Monday, 19 April 2021
Beware of latest file sharing phishing attempt 19 April 2021

The UCT Computer Security Incident Response Team (CSIRT) is investigating a new phishing attempt that asks you to open a shared file. The email entitled ...is inviting you to collaborate on SACOVID PROJECT 2022 is sent from an @mrc.ac.za email address and contains a SharePoint link that wants you to download a PDF document. By clicking the link you’re redirected to a webpage that resembles the Microsoft login page.

What do I do?

If you receive such an unexpected email request, even if it looks like it is from one of your contacts or a legitimate company, please do not click the link. First contact the individual to verify that they sent it.

If they did not send it, please inform the IT Helpdesk immediately by sending the email on to icts-helpdesk@uct.ac.za. You can then delete the email. The same advice applies to any suspicious emails you receive on your UCT account.

If you have already clicked the link in the email, DO NOT enter your details if prompted. Instead, run a full antivirus scan of your machine. Then, on a device that you know to be free of malware and infection, change your UCT password

What happens if I clicked the link and entered my details?

If you've entered your details, your account may be compromised. This puts the UCT network and UCT assets at risk. Please:

  1. On a device that you know to be free of malware and infection, change your password
  2. Send an email to the IT Helpdesk informing them that your details were compromised, but that you have changed your password.
  3. Run a full antivirus scan on the machine you used to enter your details.

Please remember:

  • Don't ever reply to emails, messages, or calls that request personal information – especially usernames and passwords.
  • NEVER share your password or PIN with anyone – not even an ICTS representative, or representatives of your bank, mobile network, or other service providers.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list.  Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Don't forward chain letters or marketing material.
  • Please check the announcements on the ICTS and CSIRT websites for the latest alerts. If your suspicious email differs to the one in the announcement, please report it to the IT Helpdesk at icts-helpdesk@uct.ac.za. You can report any other cybersecurity issues to the CSIRT at csirt@uct.ac.za.

Pages