Phishing is a cyber crime through which criminals contact their victims via email, phone calls, text messages or fraudulent websites. They pose as legitimate institutions and lure people into giving sensitive data such as banking and credit cards details, usernames, IDs and passwords.
Once they have fraudulently obtained your password, there is nothing to stop them from signing into networks and systems to gain access to sensitive and privileged information.
eish! spoke to Boeta Pretorius, chief director of IT, about the dangers of phishing scams in particular.
Don’t get reeled in
“Educause, an international non-profit association that helps higher education elevate the impact of IT, has identified cyber security and privacy as the number one and two issues for universities entering the new digital era,” says Boeta.
“On average, approximately 40 million attacks take place every day globally and damage related to cyber crime will hit USD 6 trillion annually by 2021, according to Cybersecurity Ventures.
“It is very profitable for them and this is why these cyber criminals will go to any lengths to attack organisations such as universities. Phishing is one of their most common methods.”
Boeta gives these important tips:
- Never give your password to anyone. The university will ask you every three months to change your password, which you can only do in one way and that is by going to https://password.nwu.ac.za.
- Remember, the longer your password is, the better and safer it is.
- Make sure you have a good antivirus program and update it regularly. Also ensure that you run software and Windows updates when prompted to do so.
- Don't give out personal information that may compromise you - whether this is by email, phone or online.
- Always be aware of the sender’s address in emails. Criminals are very innovative when it comes to addresses. For instance: boeta.pretorius@nwu.co.za, absa@abssa.co.za.
- Never click on any link if you are not 100% sure it is legitimate. When hovering over a link you can see the address to which you will be taken. Usually it will tell you the whole story of the sender’s credentials.
- Most phishing emails have spelling mistakes or use poor English.
It is important for all staff and students to be extra careful and avoid the phishing sharks. For one-stop IT support, click here.
The “seas” of the internet and email have become increasingly dangerous as cyber pirates take every opportunity to cause havoc and inflict major damage on companies and individuals.
Don’t get caught in the ‘phishing’ net
Fortunately, the NWU’s very capable Information Technology (IT) team have put several measures in place to protect staff and students from falling victim to cyber criminals. In the end, however, it is up to every person to make sure they don’t walk the plank when it comes to cyber fraud.
Boeta Pretorius is the chief director of IT.
Click on each tab to find out how you can identify insecure websites.
1
2
3
4
5
These websites are not secure:
- In a web address (URL), http indicates that the website is not secure. A secure URL will begin with https.
- You do not see a closed lock symbol in your browser. A closed lock indicates a secure site, while an open or absent lock indicates an unsecured site. Any website where you are expected to exchange personal information (a banking site or an online store) should be secure.
- Websites that do not offer signed certificates. Security certificates contain information about who owns it, who issued it, a unique serial number or other unique identification, valid dates and an encrypted "fingerprint" that can be used to verify the content of the certificate. If your browser warns you that the certificate can't be verified, be wary of the site.
Be wary of:
- Websites that request information that is not congruent with the action to be performed. For example, why do you need to supply your ID number or street address to read a document?
- Email messages (supposedly sent to you by a bank, email provider or online store) that ask you to provide personal information or click on a link in the email body.
Be wary of:
- Email messages that appear to be IT-related (asking you to verify your account details or warning you of some dire consequence should you fail to comply) often ask you to click on a link and ask for sensitive information.
For example, an email from "System admin" may claim that there has been a breach of security on your account and that the company needs you to submit personal information. These emails are fake. No reputable IT organisation will send you emails of this kind.
Be wary of:
- Public computers (at Internet cafes or other public spaces) may often be sources of illegally installed software to capture your computer keystrokes.
- Pop-ups that appear and request personal information – after you’ve gained access to a website that you trust.
- Pharming attempts – where a hacker redirects a legitimate website's traffic to a bogus site. Malware or a virus takes over your web browser and then, when you try to access a legitimate website, directs you to a fake one. Once you provide your personal information on the site, hackers access this information and use it fraudulently.
Be wary of:
- Email attachments that you are not expecting.
- Telephone calls where the caller asks you to provide or verify personal information.
- Any emails claiming that there has been a breach of security on your account and that the company needs you to submit personal information.
<
>