To SHSU Faculty and Staff
IT@Sam is excited to announce that on Friday, February 1st, we will be implementing Microsoft Forefront Online Protection for Exchange (FOPE), which will replace our in-house e-mail filtering service. The FOPE service will incorporate multiple filters to actively help protect SHSU’s inbound and outbound e-mails from spam, viruses, phishing scams, and e-mail policy violations.
What this means to SHSU students, faculty, and staff:
- 1. Faster E-mail delivery – SHSU recipients should get e-mail delivered from an external server to their inbox faster. Average delivery should be 80% faster than our current rate of outside mail delivery.
- 2. Outbound e-mail protection as well as inbound – All e-mail will be scanned by FOPE and any e-mail suspected of being spam (such as phishing e-mails sent from compromised accounts) will be sent through a separate pool of FOPE servers.
- 3. Transparent Protection to Users – E-mails will no longer be tagged with indicators for spam, phishing, fraud, and virus in the subject line, as this was a function of the SHSU Edge mail system.
- 4. Users can maintain a personal “Safe Senders” list – E-mails addressed to you from a sender on your “Safe Senders” list will bypass the FOPE anti-spam filters, providing quicker delivery of messages. Each user will be able to add external e-mail addresses to a “Safe Senders” list, so you will be guaranteed to receive e-mails from these senders.
- 5. Reporting Spam – You will now be able to report spam messages, which make it past the filters, by sending the complete message as an attachment to email@example.com.
Smart phones are great devices, but if lost or stolen there is a good chance that your email will be misused. Through Outlook Web Access (OWA) you can remotely delete all of the email in your smart phone.
This feature is only present in Internet Explorer. To access it, go to the SHSU webpage and click on the E-mail link at the top of the page. Once logged in, select the Options button on the right hand side of the screen.
From the side panel on the left choose the Mobile Devices option and you will see the list of devices that are attached to your account.
To wipe the device select if from the list and choose Wipe All Data from Device, to undo it you can select Cancel Wipe Request if it has not been able to connect to the device yet.
This will not wipe any documents or other items saved on your device, but it will wipe your work email from it
Last month we talked about some ways that you can help mitigate the likelihood of getting a virus, downloading malware or falling prey to a phishing attempt. This month we will touch on a few ways you can protect yourself from a phishing attempt.
For a bit of background on “phishing,” see Wikipedia.
“Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.”
E-mail and Phishing
E-mail is the main attack route for a phishing attempt, the goal of which is to steal your personal information. To help recognize a phishing attempt use these five guidelines.
- A non-specific or generic greeting.Internet criminals don’t normally setup mailing lists with users names autoloaded in, so their email messages usually start with:
- Dear Customer
- Dear Account Holder
- Dear PayPal user
- Fake links. A link in an email can be made to say anything in the text. Place the mouse cursor over the link and Outlook will display the actual link destination. In my example I made a link that displays as the Home Depot website but in reality is a link to the SHSU Homepage.
- Links to Non-secure login pages. All legitimate login pages will exist on a secure website. To see if the site you are on is secure look at the beginning of the address. Secure sites begin with “HTTPS:” not just “HTTP:”. The S at the end denotes that site as secure. If you are unsure about a page that claims to be secure you can click on the name of the company to the left of the URL address and see who has verified the website. For example SHSU’s SamWeb is located at HTTPS://SAMWEB.SHSU.EDU and we have been verified by GlobalSign as a secure site.
- Asking for personal information. The entire point of the phishing attempt is get you to give up your personal information (Social Security Number, Credit Card Number, Bank Account, Residential Address, etc.) so that they can either steal your identity or sell your contact information to companies around the world. Every company that you do business with probably already has all of the information that they need from you. If you think it might be a legitimate request for information then look up that company’s contact information online (not from the e-mail they sent you) and call them to confirm.
- Immediate Needs and Deadlines. Criminals don’t want to wait around for you to send them your vital information so they will put emergency notices and deadlines into their phishing attempts. They will frequently say that an account is going to expire within a few days if you don’t respond or that a service will be terminated and you will have to pay exorbinant reconnect fees. Don’t be fooled by this, take the time you need to verify that this is a real request before you give out any information, and whatever info you do give, do it over the phone and not via e-mail.
Your off-site e-mail address will enable you to take advantage of new self-service tools such as resetting your password when it expires, so it’s always important to have a current e-mail address on file. Follow the steps below if you need to update your off-site e-mail
Faculty and Staff:
- Log into My Sam Portal (mysam.shsu.edu) and look for the “Manage My Profile” channel on the right-side of the page.
- Click the “Manage Off-site Contact Information” Link
- Log into Sam Web
- Click the “IT@Sam” link in the left navigation menu
- Click the “Off-site Contact Preferences” link in the left navigation menu
Did you know that you can create an alias for your SHSU computer account? In order to add the alias, sign into SamWeb, select the IT@Sam tab, and click Account Alias Request. Here you can add an alias to your account, deactivate any other aliases you might have, and select which alias you would like to have as your primary. You can also view any deactivated aliases you have on file. Students can have one alias at a time, while faculty and staff can have up to three.
If you have received the following email, please delete it without response. It is an email phishing attempt to get your username and password for your account to then be used to send spam. If you have responded with your username and password your account will be disabled until you reset your password.
From: SHSU.EDU HELP DESK ["helpdesk."@shsu.edu]
Sent: Monday, April 26, 2010 2:05 AM
To: Riley, Brenda
—-Sam Houston State University Help Desk—–
Attention SHSU Mail Users,
Your SHSU Mail Account will be deactivated if you do not verify that your SHSU Mail Account is still in use. Due to excess abandoned SHSU Mail Account in our database by our past SHSU Mail users. Failure to comply, will automatically render your account De-Activated from SHSU Mail Database.
To Verify, provide your SHSU Mail Account Username and Password,
Username: (……@eshsu.edu) Password (……..) Future Password (……..)
Thank you for using SHSU Mail Service.
—-© 2010 Sam Houston State University. All Rights Reserved—
You may have noticed over the last half of the Fall ’09 semester that your account may have taken an unusual amount of time to log in at times. After extensive troubleshooting by our System Administrators and Microsoft, we believe we have identified a significant factor, if not the cause, of the performance problems we have been experiencing. The performance issues appear to be related to Outlook PST files being accessed directly from the S drives (or T drive); closing the connections to only PST files appears to return response times to normal levels.
PST files are not supported on network shares; this is something we have been aware of but never addressed as it did not seem to cause us an issue and seemed a good solution for keeping exchange mailboxes small. There are several articles detailing why they should not be stored on the network: http://blogs.technet.com/askperf/archive/2007/01/21/network-stored-pst-files-don-t-do-it.aspx and http://support.microsoft.com/kb/297019/en-us probably provide the best overview.
We cannot be 100% certain that the PST files are the only cause, but to further investigate (and be in a supported configuration) we must remove all PST, OST and PAB files from s: drives and the t: drive. The first part of our plan is as follows:
Over the Christmas break, we will:
- Implement file screening to prevent storing .pst, .ost and .pab files on the s: and t: drives; any users that currently have these file types stored will still be able to access, modify and delete the files, but not rename, create or restore. If you try to move, copy, create, or rename a PST file you will see the following errors.
- Disable Outlook Archive; this will prevent the automatic creation of PST files.
We will attempt to make this change as painless as possible and work with you on any quota issues that you run into with Exchange to accommodate.
If you receive an email like the one below, please do not respond with any information. This email is not coming from SHSU. Our Security Officer is working with Gmail’s abuse team to have the account disabled that is generating the emails as well as blocking any inbound and outbound mail from that account.
From: ADMIN HELPDESK [mailto:firstname.lastname@example.org]
Sent: Wednesday, July 02, 2008 7:15 AM
Subject: VERIFY YOUR SHSU.EDU EMAIL ACCOUNT NOW.
Dear SHSU.EDU Email Account Owner,
This message is from SHSU.EDU messaging center to all SHSU.EDU email account owners. We are currently upgrading our data base and e-mail account center. We are deleting all unused SHSU.EDU email accounts to create more space for new accounts.
To prevent your account from being closed, you will have to update it below so that we will know that it’s a present used account.
CONFIRM YOUR EMAIL IDENTITY BELOW
Email Username :
EMAIL Password :
Date of Birth :
Country or Territory :
Warning!!! Account owner that refuses to update his or her account within Seven days of receiving this warning will lose his or her account permanently.
Thank you for using SHSU.EDU
Accounts will be disabled for anyone who may respond with the information requested.
Are you receiving bounced messages when trying to send email that look similar to this?
Delivery has failed to these recipients or distribution lists:
ex:/O=SAM HOUSTON STATE UNIVERSITY/OU=WNTAP3/CN=RECIPIENTS/CN=USERNAME
The recipient’s e-mail address was not found in the recipient’s e-mail system. Microsoft Exchange will not try to redeliver this message for you. Please check the e-mail address and try resending this message, or provide the following diagnostic text to your system administrator.
Here is what you will need to do:
1. Close Microsoft Outlook.
2. Open Window Explorer (Right-click on Start, select Explore OR hit the Windows + E keys)
3. Navigate to the Outlook folder in your profile: C:\WINNT\profiles\your_username\Application Data\Microsoft\Outlook
4. Delete the .nk2 file that is listed there.
5. Contact the Helpdesk at x4-1950 if you need assistance or have trouble with this process.
CLARIFICATION: This will remove ALL cached email addresses that you have stored in Outlook. If there are addresses that are not currently in your Address Book or Contacts you will need to save those before following the directions above.