Suspicious E-mail

We have noticed several inbound e-mails with an attachment of the following format: This attachment name changes with each e-mail received. Our System Administrator team has blocked this e-mail from being delivered moving forward. Please delete the message without opening it if you have received one.

E-mail Delivery Issue

Update 1:56 PM:
This issue appears to have been resolved by Microsoft. Please continue to report any additional problems to the Service Desk at x4-1950 or


Original Statement:
There is currently an issue reported that outbound mail traffic is not being delivered. This appears to be an issue with Microsoft Online services and their engineers are currently working to assess and remedy. IT@Sam will post new information as it is received. This does not impact e-mail being sent from one SHSU e-mail address to another or inbound e-mail traffic.

Microsoft Forefront Online Protection for Exchange (FOPE)

To SHSU Faculty and Staff

IT@Sam is excited to announce that on Friday, February 1st, we will be implementing Microsoft Forefront Online Protection for Exchange (FOPE), which will replace our in-house e-mail filtering service. The FOPE service will incorporate multiple filters to actively help protect SHSU’s inbound and outbound e-mails from spam, viruses, phishing scams, and e-mail policy violations.

What this means to SHSU students, faculty, and staff:

  1. 1. Faster E-mail delivery – SHSU recipients should get e-mail delivered from an external server to their inbox faster. Average delivery should be 80% faster than our current rate of outside mail delivery.
  2. 2. Outbound e-mail protection as well as inbound – All e-mail will be scanned by FOPE and any e-mail suspected of being spam (such as phishing e-mails sent from compromised accounts) will be sent through a separate pool of FOPE servers.
  3. 3. Transparent Protection to Users – E-mails will no longer be tagged with indicators for spam, phishing, fraud, and virus in the subject line, as this was a function of the SHSU Edge mail system.
  4. 4. Users can maintain a personal “Safe Senders” list – E-mails addressed to you from a sender on your “Safe Senders” list will bypass the FOPE anti-spam filters, providing quicker delivery of messages. Each user will be able to add external e-mail addresses to a “Safe Senders” list, so you will be guaranteed to receive e-mails from these senders.
  5. 5. Reporting Spam – You will now be able to report spam messages, which make it past the filters, by sending the complete message as an attachment to


Remotely Wipe E-mail from your Lost Android or Mac iOS Device

Smart phones are great devices, but if lost or stolen there is a good chance that your email will be misused. Through Outlook Web Access (OWA) you can remotely delete all of the email in your smart phone.

This feature is only present in Internet Explorer. To access it, go to the SHSU webpage and click on the E-mail link at the top of the page. Once logged in, select the Options button on the right hand side of the screen.

From the side panel on the left choose the Mobile Devices option and you will see the list of devices that are attached to your account.

To wipe the device select if from the list and choose Wipe All Data from Device, to undo it you can select Cancel Wipe Request if it has not been able to connect to the device yet.

This will not wipe any documents or other items saved on your device, but it will wipe your work email from it

Stay Safe in a Dangerous Online World Part 2

Last month we talked about some ways that you can help mitigate the likelihood of getting a virus, downloading malware or falling prey to a phishing attempt. This month we will touch on a few ways you can protect yourself from a phishing attempt.

For a bit of background on “phishing,” see Wikipedia.

“Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.”

E-mail and Phishing

E-mail is the main attack route for a phishing attempt, the goal of which is to steal your personal information. To help recognize a phishing attempt use these five guidelines.

  • A non-specific or generic greeting.Internet criminals don’t normally setup mailing lists with users names autoloaded in, so their email messages usually start with:
    • Dear Customer
    • Dear Account Holder
    • Dear PayPal user
  • Fake links. A link in an email can be made to say anything in the text. Place the mouse cursor over the link and Outlook will display the actual link destination. In my example I made a link that displays as the Home Depot website but in reality is a link to the SHSU Homepage.
  • Links to Non-secure login pages. All legitimate login pages will exist on a secure website. To see if the site you are on is secure look at the beginning of the address. Secure sites begin with “HTTPS:” not just “HTTP:”. The S at the end denotes that site as secure. If you are unsure about a page that claims to be secure you can click on the name of the company to the left of the URL address and see who has verified the website. For example SHSU’s SamWeb is located at HTTPS://SAMWEB.SHSU.EDU and we have been verified by GlobalSign as a secure site.
  • Asking for personal information. The entire point of the phishing attempt is get you to give up your personal information (Social Security Number, Credit Card Number, Bank Account, Residential Address, etc.) so that they can either steal your identity or sell your contact information to companies around the world. Every company that you do business with probably already has all of the information that they need from you. If you think it might be a legitimate request for information then look up that company’s contact information online (not from the e-mail they sent you) and call them to confirm.
  • Immediate Needs and Deadlines. Criminals don’t want to wait around for you to send them your vital information so they will put emergency notices and deadlines into their phishing attempts. They will frequently say that an account is going to expire within a few days if you don’t respond or that a service will be terminated and you will have to pay exorbinant reconnect fees. Don’t be fooled by this, take the time you need to verify that this is a real request before you give out any information, and whatever info you do give, do it over the phone and not via e-mail.