How-To

Spot a Suspicious Email

Create a Strong Password

Handle a Compromised Account

Encrypt Emails to Offsite Users

Encrypt Shared Files and Folders

 

How to Spot a Suspicious Email


Much like a front door to a house, your email is the first line of online defense to this institution.
An email should raise suspicion if:
  • You do not know the sender or you are not expecting the email.
  • The email contains misspelled words and grammatical errors.
  • The email has an attachment you were not expecting. Do not open suspicious attachments.
  • References to an account that you do not have.
  • References an account that you have, but is not connected to that email address. If you aren't sure, log into your account from a separate window without using links from the email.
  • A call to action: click this link or your data will be compromised, click here to get this great deal.
  • Nosy requests: asking for personal information, passwords, confirmation of an account you did not create.
  • If it sounds too good to be true, it probably is. It is unlikely that you have an inheritance from a relative you never knew, for example.


All suspicious emails should be forwarded to   phishingreports@msutexas.edu
Examples of suspicious emails can be found in our Phishing Archive on the Resources page.
Good password creation and protection practices will keep your account secure.

How To create a strong password:

  • Combination of upper case letters, lower case letters, numbers, and special characters (for example: !,@,&, %, +) in all passwords.
  • Use passwords of at least six (6) characters or more (longer is better).
  • Avoid using people's or pet's names, or words found in the dictionary; it's also best to avoid using key dates (birthdays, anniversaries, etc.).
  • Substituting look-alike characters for letters or numbers is no longer sufficient (for example, "Password" and "P@ssw0rd").
  • A strong password should look like a series of random characters.
  • On the web, if you think your password may have been compromised, change it at once and then check our website accounts for misuse. 
  • If you think your MSU network credentials may have been compromised, you should change your password at once and then call the help desk at 4278 on-campus or (940) 397-4278 off-campus.
  • Protect your password:
    • Keep your passwords private -never give your password to anyone.
    • Do not write down your passwords.
    • Report suspected incidents immediately
    • Do not recycle your password or use it for multiple accounts.


Example

How to Create a Password
Possible Steps to Follow Example
1. Think of a phrase or sentence with at least eight words. It should be something easy for you to remember but hard for someone who knows you to guess. It could be a line from a favorite poem, story, a line from a movie or book, a song lyric, or a quotation you like. It was the best of times, it was the worst of times.
2. Remove all but the first letter of each word in your phrase. Remove spaces and punctuation. iwtbotiwtwot
3. Replace several of the lowercase letters with uppercase ones, at random. iwtBotiWtwoT
4. Now substitute a number for at least one of the letters. (1 or i and ) for o, etc) iwtBot1Wtw0T
5. Finally, use special characters ($, &, +, !, @) to replace a letter or two - preferably a letter that is repeated in the phrase. You can also add an extra character to the mix. (! for I and @ for o, etc) !wtB@t1Wtw0T

 



How to handle a compromised account:

  • If you suspect your account has been compromised, you should start with changing your password to that account.
  • If you receive an email saying your account has been compromised, do not click a link in the email to reset your password. Instead, log in to your account and reset the password using normal means.
  • Contact the administrator. For MSU accounts, contact the IT Help Desk Analyst at (940)397-4278 or by sending an email to   helpdesk@msutexas.edu
  • If the compromised account is tied to any other personal information (especially payment methods), you should be sure to monitor your statements for any unauthorized activity.

 

How to Encrypt Emails to Offsite Users
Much of the data handled by the university is confidential and must be handled with care. Please use the document linked below for guidance.
How to Encrypt Emails


How to Encrypt Shared Files and Folders
Much of the data handled by the university is confidential and must be handled with care. Please use the document linked below for guidance.
How to Encrypt with 7zip