To SHSU Faculty and Staff
IT@Sam is excited to announce that on Friday, February 1st, we will be implementing Microsoft Forefront Online Protection for Exchange (FOPE), which will replace our in-house e-mail filtering service. The FOPE service will incorporate multiple filters to actively help protect SHSU’s inbound and outbound e-mails from spam, viruses, phishing scams, and e-mail policy violations.
What this means to SHSU students, faculty, and staff:
- 1. Faster E-mail delivery – SHSU recipients should get e-mail delivered from an external server to their inbox faster. Average delivery should be 80% faster than our current rate of outside mail delivery.
- 2. Outbound e-mail protection as well as inbound – All e-mail will be scanned by FOPE and any e-mail suspected of being spam (such as phishing e-mails sent from compromised accounts) will be sent through a separate pool of FOPE servers.
- 3. Transparent Protection to Users – E-mails will no longer be tagged with indicators for spam, phishing, fraud, and virus in the subject line, as this was a function of the SHSU Edge mail system.
- 4. Users can maintain a personal “Safe Senders” list – E-mails addressed to you from a sender on your “Safe Senders” list will bypass the FOPE anti-spam filters, providing quicker delivery of messages. Each user will be able to add external e-mail addresses to a “Safe Senders” list, so you will be guaranteed to receive e-mails from these senders.
- 5. Reporting Spam – You will now be able to report spam messages, which make it past the filters, by sending the complete message as an attachment to firstname.lastname@example.org.
Smart phones are great devices, but if lost or stolen there is a good chance that your email will be misused. Through Outlook Web Access (OWA) you can remotely delete all of the email in your smart phone.
This feature is only present in Internet Explorer. To access it, go to the SHSU webpage and click on the E-mail link at the top of the page. Once logged in, select the Options button on the right hand side of the screen.
From the side panel on the left choose the Mobile Devices option and you will see the list of devices that are attached to your account.
To wipe the device select if from the list and choose Wipe All Data from Device, to undo it you can select Cancel Wipe Request if it has not been able to connect to the device yet.
This will not wipe any documents or other items saved on your device, but it will wipe your work email from it
Last month we talked about some ways that you can help mitigate the likelihood of getting a virus, downloading malware or falling prey to a phishing attempt. This month we will touch on a few ways you can protect yourself from a phishing attempt.
For a bit of background on “phishing,” see Wikipedia.
“Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.”
E-mail and Phishing
E-mail is the main attack route for a phishing attempt, the goal of which is to steal your personal information. To help recognize a phishing attempt use these five guidelines.
- A non-specific or generic greeting.Internet criminals don’t normally setup mailing lists with users names autoloaded in, so their email messages usually start with:
- Dear Customer
- Dear Account Holder
- Dear PayPal user
- Fake links. A link in an email can be made to say anything in the text. Place the mouse cursor over the link and Outlook will display the actual link destination. In my example I made a link that displays as the Home Depot website but in reality is a link to the SHSU Homepage.
- Links to Non-secure login pages. All legitimate login pages will exist on a secure website. To see if the site you are on is secure look at the beginning of the address. Secure sites begin with “HTTPS:” not just “HTTP:”. The S at the end denotes that site as secure. If you are unsure about a page that claims to be secure you can click on the name of the company to the left of the URL address and see who has verified the website. For example SHSU’s SamWeb is located at HTTPS://SAMWEB.SHSU.EDU and we have been verified by GlobalSign as a secure site.
- Asking for personal information. The entire point of the phishing attempt is get you to give up your personal information (Social Security Number, Credit Card Number, Bank Account, Residential Address, etc.) so that they can either steal your identity or sell your contact information to companies around the world. Every company that you do business with probably already has all of the information that they need from you. If you think it might be a legitimate request for information then look up that company’s contact information online (not from the e-mail they sent you) and call them to confirm.
- Immediate Needs and Deadlines. Criminals don’t want to wait around for you to send them your vital information so they will put emergency notices and deadlines into their phishing attempts. They will frequently say that an account is going to expire within a few days if you don’t respond or that a service will be terminated and you will have to pay exorbinant reconnect fees. Don’t be fooled by this, take the time you need to verify that this is a real request before you give out any information, and whatever info you do give, do it over the phone and not via e-mail.
Your off-site e-mail address will enable you to take advantage of new self-service tools such as resetting your password when it expires, so it’s always important to have a current e-mail address on file. Follow the steps below if you need to update your off-site e-mail
Faculty and Staff:
- Log into My Sam Portal (mysam.shsu.edu) and look for the “Manage My Profile” channel on the right-side of the page.
- Click the “Manage Off-site Contact Information” Link
- Log into Sam Web
- Click the “IT@Sam” link in the left navigation menu
- Click the “Off-site Contact Preferences” link in the left navigation menu
Did you know that you can create an alias for your SHSU computer account? In order to add the alias, sign into SamWeb, select the IT@Sam tab, and click Account Alias Request. Here you can add an alias to your account, deactivate any other aliases you might have, and select which alias you would like to have as your primary. You can also view any deactivated aliases you have on file. Students can have one alias at a time, while faculty and staff can have up to three.