Campus Phishing Alert 4/1/2017

Many people received an e-mail this morning claiming to have been sent from the Sam Houston State University Technology Department concerning a login alert with a subject of “Alert!!!”. (See image below.)

Screenshot of campus phishing attempt.

The link included in the message appeared to have been a SHSU Online link, but was directed to a malicious site that requests your username and password. IT Security has contacted the appropriate parties in order for them to remove the malicious site.

If you still have an e-mail in your inbox, please delete the e-mail with no further action.

If you have already visited the site and entered your username and password, please change your password as soon as possible at https://samweb.shsu.edu, by clicking on the IT@Sam menu, then on Account Password Change.

Please contact the Service Desk at servicedesk@shsu.edu or (936) 294-1950 should you have any questions, concerns, or trouble resetting your password.

Unfortunately, this is not an April Fools joke.

Important Notice from IT Security

Many people received an e-mail earlier today claiming to be an important Blackboard message. The e-mail had a subject of “Important Message.” or “New Important Message.” and looked like the example below.
bb-emailThe link included in the message was directed to a malicious site that requests your username and password. IT Security has contacted the appropriate parties in order for them to remove the malicious site.

If you still have an e-mail in your inbox with the subject of “Important Message.” or “New Important Message.”, please delete the e-mail.

If you have already visited the site and entered your username and password, please change your password as soon as possible at https://samweb.shsu.edu, by clicking on the IT@Sam menu, then on Account Password Change.

Please contact the Service Desk at servicedesk@shsu.edu or (936) 294-1950 should you have any questions, concerns, or trouble resetting your password.

Suspicious E-mail

We have noticed several inbound e-mails with an attachment of the following format: username_severalnumbers.zip. This attachment name changes with each e-mail received. Our System Administrator team has blocked this e-mail from being delivered moving forward. Please delete the message without opening it if you have received one.

E-mail Delivery Issue

Update 1:56 PM:
This issue appears to have been resolved by Microsoft. Please continue to report any additional problems to the Service Desk at x4-1950 or servicedesk@shsu.edu.

———————

Original Statement:
There is currently an issue reported that outbound mail traffic is not being delivered. This appears to be an issue with Microsoft Online services and their engineers are currently working to assess and remedy. IT@Sam will post new information as it is received. This does not impact e-mail being sent from one SHSU e-mail address to another or inbound e-mail traffic.

Microsoft Forefront Online Protection for Exchange (FOPE)

To SHSU Faculty and Staff

IT@Sam is excited to announce that on Friday, February 1st, we will be implementing Microsoft Forefront Online Protection for Exchange (FOPE), which will replace our in-house e-mail filtering service. The FOPE service will incorporate multiple filters to actively help protect SHSU’s inbound and outbound e-mails from spam, viruses, phishing scams, and e-mail policy violations.

What this means to SHSU students, faculty, and staff:

  1. 1. Faster E-mail delivery – SHSU recipients should get e-mail delivered from an external server to their inbox faster. Average delivery should be 80% faster than our current rate of outside mail delivery.
  2. 2. Outbound e-mail protection as well as inbound – All e-mail will be scanned by FOPE and any e-mail suspected of being spam (such as phishing e-mails sent from compromised accounts) will be sent through a separate pool of FOPE servers.
  3. 3. Transparent Protection to Users – E-mails will no longer be tagged with indicators for spam, phishing, fraud, and virus in the subject line, as this was a function of the SHSU Edge mail system.
  4. 4. Users can maintain a personal “Safe Senders” list – E-mails addressed to you from a sender on your “Safe Senders” list will bypass the FOPE anti-spam filters, providing quicker delivery of messages. Each user will be able to add external e-mail addresses to a “Safe Senders” list, so you will be guaranteed to receive e-mails from these senders.
  5. 5. Reporting Spam – You will now be able to report spam messages, which make it past the filters, by sending the complete message as an attachment to abuse@messaging.microsoft.com.