We have to hand it to cybercriminals: they are extremely innovative and creative in developing cyberattacks. Just this year alone, we have seen an increase in emails pretending to be from the South African Post Office and Transnet. We have even seen someone willing to give you a Yamaha baby grand piano – just for knowing their deceased loved one. And do you remember those messages pretending to be from the Vice-Chancellor and from executive management asking you to do them a favour?
Though the storylines differ each time, most attacks employ one or more of these common strategies:
- They request that you urgently perform some task.
- The email is sent from an address completely unrelated to the organisation they claim to represent.
- The message is brief and may be poorly worded.
If you spot any of these tell-tale signs, know that something is amiss, and you should be cautious. The thing is, cybercriminals know that we’re constantly getting emails and that we often speed read and take action without too much thought – just so that we can keep up with the incoming flood.
However, this is just one reason why it’s crucial that you take the time to check who the sender is and whether their email address is correct, before taking any sort of action.
If anything seems suspicious, trust your gut and don’t click the link or the included attachment. Chances are that it could be an attack which could put your data and the UCT network at risk.
So, next time you receive an email, rather take those few extra seconds to scrutinise it and ensure that it is legitimate. If in doubt, forward it to the IT Helpdesk and a consultant will conduct the necessary investigations.
Remember these security tips:
- Keep track of the latest phishing attempts on campus via the UCT Phish Bowl.
- NEVER share your password or PIN with anyone – not even an ICTS representative, or representatives of your bank, mobile network, or other service providers.
- Don’t ever reply to emails, messages, or calls that request personal information – especially usernames and passwords.
- If you receive a call, message, or email out of the blue from your bank or a service provider indicating that there is a problem with your account, thank the caller then hang up. Call the institution directly using the number listed on their website and verify if the call is legitimate or a scam. Never call back using details provided by the caller. You never know who will be on the other side. Some hackers run professional cybercrime companies, including helpdesk centres that sound very convincing.
- If you receive a call about an issue that you didn’t log, and you’re asked to give the caller remote access, do not take any action. Rather hang up and report the issue to your service provider.
- Make sure you have anti-virus installed on your devices. At UCT, you have access to Trellix which you can install on your UCT-owned and personal computers.
- Always keep your operating system, software, and anti-virus up to date. The latest security updates contain patches and fixes to keep your devices and information secure.
- Please do not forward suspect messages to your contacts. instead, report them to the IT Helpdesk (firstname.lastname@example.org) who will then conduct the necessary investigations.