Beware. Phishing emails are on the rise

15 May 2020
15 May 2020

We have seen a spate of phishing emails being sent to campus with the most recent attempt requesting staff to click a link to approve a salary increase. Upon clicking the link, either a PDF file is downloaded or the sender is redirected to a malicious website where they are required to enter their UCT username and password.

Other phishing emails that have also been doing the rounds include:

  • Some students have been contacted by people pretending to be mobile service provider employees. The caller claims that their mobile number is being used by someone else on their system, and to rectify the error, students are asked to create a new PIN.
  • Some academic staff have also received spear phishing emails from a malicious individual who pretends to be a person in authority. In most cases, the spoofed email is that of a Dean. Most of the time, the spoofed email address contains some aspects of the senior leader’s UCT email address, such as name.surname, but ends with or Upon responding to their email, the sender indicates that they urgently need the person to buy some form of voucher.

Tell-tale signs of a phishing email

  • The email address is not legitimate.
  • The cautious banner that appears in the header of external emails, is visible in an email from an alleged or email address.
  • The message may be poorly written.
  • The nature of the request is highly unusual and is emphasised as being urgent.

View our phishing infographic for more signs.

Managing unusual or suspicious email messages

All of these emails require you to either download an attachment or click a link and enter your UCT username and password.

In the case of an email attachment:

  • If you did click the attachment in the email, DO NOT enter your details on the page. Instead, please close the attachment and run a full anti-virus scan of your machine.

Where links are provided:

  • DO NOT CLICK THE LINK. Instead, delete the email.
  • If you clicked the link and/or entered your details, your account may be compromised. This puts the UCT network and UCT assets at risk. Please do the following:
  1. Change your password immediately, on a device that you know to be free of malware and infection.
  2. Run a full anti-virus scan of your machine.
  3. Send an email to the IT Helpdesk informing them that your details may have been compromised, but that you’ve changed your password and completed the scan.

Please remember:

  • Don't ever reply to emails, messages, or calls that request personal information – especially usernames and passwords.
  • NEVER share your password or PIN with anyone – not even an ICTS representative, or representatives of your bank, mobile network, or other service providers.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list.  Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Don't forward chain letters or marketing material.
  • Please check the announcements on the ICTS and CSIRT websites for the latest alerts. If your suspicious email differs to the one in the announcement, please report it to the IT Helpdesk at You can report any other cybersecurity issues to the CSIRT at