TL;DR: Red flags: urgent SU notices, odd domains, requests for password/MFA codes, or attachments. If you clicked, isolate, change passwords/MFA on a clean device, remove malicious mailbox rules, then clean the PC. We can help remotely, fast.

Spot the fakes (Stellenbosch examples)

Email tells

From name ≠ address (e.g., “IT Help” random@gmail.com), or look-alike domains (sun-support.co instead of sun.ac.za).
Links go to URL shorteners or mismatched domains (hover to preview).
Threats of immediate account closure, exam lockout, or bursary loss.
Attachments that demand macros: .zip, .rar, .docm, .xlsm.

WhatsApp “IT help” tells

Unsolicited offers to “verify your SU account” or “fix MFA” if you send a code.
Profile photos using SU branding but non-official numbers.
Payment requests for “remote cleanup” via voucher/instant EFT.

When unsure, forward the message (as an attachment/screenshot) to your trusted admin or ask us to review.

If you clicked or opened a file (what to do now)

Disconnect network (Wi-Fi off, pull Ethernet).
On a clean device, change your email/IDP password first, then banking/socials.
Re-enrol MFA and regenerate recovery codes; remove unknown devices/sessions.
On the affected machine, run a malware scan; if it keeps flagging items or performance tanks, stop DIY.
Mailbox sweep: delete suspicious rules (auto-forward, move-to-Archive), clear malicious delegates, and confirm “Reply-To” isn’t altered.
Inform teammates/housemates if their addresses were scraped; advise them to ignore similar messages you didn’t send.
Back up key files and apply updates before reconnecting.

Need hands-on help? Book Remote support or Malware removal & tune-up.

Harden in under 30 minutes (low-effort wins)

MFA everywhere (especially email/admin). Store recovery codes safely.
Disable legacy auth (POP/IMAP/SMTP AUTH) where possible.
Filtering: enable “External” banners; quarantine spoofed domains.
Password manager: unique credentials; share via vaults, not WhatsApp.
Browser hygiene: remove shady extensions; update browsers automatically.
Backups: set a 3-2-1 plan so you can restore cleanly after incidents.

We can set a baseline via Cybersecurity hardening and confirm mailbox/domain controls later.

Residence/office quick tips

Shared PCs: add standard (non-admin) accounts for day-to-day use.
Wi-Fi: prefer 5 GHz near the router; don’t share your WPA key in group chats.
Printers/routers: change default passwords; disable WPS.

Services & quick links (local to Stellenbosch)

Clean & stabilise now → Malware removal & tune-up
Harden accounts/devices → Cybersecurity hardening baseline
Backups that restore → Cloud backup setup
Urgent help → Remote support session

Final word

Phishing works because it’s fast and emotional. Slow it down: check the sender domain, don’t share MFA codes, and clean up in the right order if you slip. We’ll help you contain, clean, and prevent repeat incidents—POPIA-aware from start to finish.