What Is The Concern?An increase of phishing emails with malicious attachments, primarily Microsoft Office based attachments, have been detected by OU IT. The emails can appear to be sent by a spoofed OU email address and sent to OU distribution lists. The spoofed email addresses have included firstname.lastname@example.org, and device related addresses such as IT-CANON-Scanner@ou.edu, but may not be limited to these addresses.
Malicious attachments in phishing emails, if clicked, have the potential to encrypt all files and folders on the computer, including file shares, mapped cloud directories and USB or other cable attached devices. Once the files are encrypted, they may become unusable. OUIT has restricted macro enabled attachments, such as .docm files, to prevent malicious files from being opened. Please see the below list of blocked attachment file types. More information about Outlook blocked file types can also be found on this Microsoft support page.
If an email is flagged as being malicious, then the file will be removed from the email. The email will still be delivered to the intended user(s) with a note explaining why the attached file was removed. If you receive this message or feel that emails are not being delivered/received, please contact OU IT by calling 325-HELP or submitting a ticket via the NeedHelp page.
If an attachment exceeds 35MB, files and folders may be shared using OneDrive. Click here or more information about OU email attachment policies. For more information about OneDrive, check out the following articles:
OneDrive Quick Start Guide
OneDrive: Sharing Folders & Permissions
What Action Do I Need To Take?If you accidentally click on the attachment please change your OUNet password to a new password as soon as possible. Next run your system malware/virus scanner to detect the possible infection. For university-owned machines, one can be downloaded via the OU IT Store website. For installation instructions, see the following pages:
For Faculty/Staff: Dell Data Endpoint Security Suite Installation Instructions - Windows | Mac
If your machine reports an infection, let your scanner attempt a clean up. If your scanner is unable to remove the infection or if your machine has already been encrypted by the malware, please call 325-HELP (4357).
Ensure that you have properly backed up all of your data, and backup devices are no longer connected to your system.
As a reminder, we ask that all OU students, faculty, and staff use these security tips to stay safe when using email:
Delete messages from untrusted senders.
Do not respond to or forward emails from untrusted senders.
Do not click on attachments or links from untrusted senders.
Change your password immediately if you have accidentally responded to one of these messages with your personal information.
You can change your OUNet ID password by visiting accounts.ou.edu.
Review your spam filtering options at accounts.ou.edu.
Blocked attachment file types