Campus Email

1. Campus users' email address and initial password will be provided during student registration (student) or on-boarding (staff).
2. All campus users' Email address will be set in the following format, example: CampusID@xmu.edu.my
3. Sign in through https://www.office.com. Users will need to change the provided initial password upon the first login. Note: always logout the application every time after using.
4. After signing in, click on the top right corner of the page to customize your email and office365 settings (change operating system language, location or time zone setting, change password, menu, and other options). On the same page, you will see various apps and icons that allow you to access your Outlook (Email), Calendar, Cloud Storage, Office Online and other applications. You can also click on the icon for ‘Help’ options.
5. The University will use campus email as one of the communication channels to make announcements and etc. Do check your campus email frequently for all University announcements and information.
6. All users is able to access campus email using Microsoft 365 Outlook and other Microsoft 365 valuable cloud services. [Refer Microsoft 365]
7. However, your campus email address will be inactivated once you have left or graduated from the University. Thus, do archive your important email or data regularly, if requires.

Changing Initial Password for Email

1. Sign in through https://www.office.com
2. Enter your email address and the initial password, and key in your new password and click ‘Confirm Password’ to change. Click ‘Update Password’ and sign in again. Show Me

Forgotten Password for Email

1. If you are at campus, please proceed to Library Helpdesk Room B1-101 should you require any email password reset assistance on campus.
2. If you are off campus, raise an AskA feedback (https://app.xmu.edu.my/AskA) or email it@xmu.edu.my with attached a copy of your campus ID card or Identity Card or passport, for verification purpose and your personal email address info, in order to further assist on password reset request.
Note: New password must be strong password, which maintain an 8-character minimum length requirement, with the use of multiple character sets i.e. uppercase and lowercase characters, number or symbol.

Changing Email Password in Office365

1. Sign in through https://www.office.com
2. Refer How to Change My Campus Email password

How can I avoid phishing email scams?

Always be on alert for phishing emails.

1. What is Phishing Email?
Phishing attacks are the practice of sending fraudulent communications that appear to come from a trusted, reputable or legitimate source. It is usually performed through email. The goal is to steal sensitive data such as personal information, login information, account password or to install malware on the victim's machine. Phishers or hackers frequently fake the identities of higher-level departments, leaders, colleagues, IT admin etc., and send emails to trick email users into entering account passwords on their forged websites such as campus email system or websites.

2. How does phishing work?
Phishing starts with a fraudulent email or other communication designed to lure a victim. The message is made to look as though it comes from a trusted sender, such as
- From your university or bank. If it fools the victim, he or she is coaxed into providing confidential information often on a scam website or link provided. Sometimes malware is also downloaded onto the target's computer.
- Phishing emails usually come with a hyperlink that trick you to a spoofed website or trick the receiver into sharing personal information like account passwords, credit card information, etc.
- Email and text messages that appear to be legitimate but actually contain dangerous links, attachments, or lures that trick their targets into taking an unknown, risky action.

3. In Brief
- Phishers frequently use emotions like fear, curiosity, urgency, and greed to compel recipients to open attachments or click on links. It often sent to create urgency and panic receivers to take immediate action, e.g. your account was infected by viruses, your account was hacked, etc.
- Claims that email receiver will lose your account if immediate action was not taken.
- Phishing attacks are designed to appear to come from legitimate companies and individuals.
- Cybercriminals are continuously innovating and becoming more and more sophisticated.
- It only takes one successful phishing attack to compromise company network and steal your data, which is why it is always important to have better awareness on this scam.

4. Be alerted of any potential phishing email receives in your campus email address, especially emails that have an aggressive tone or claim that immediate action must be taken to avoid repercussions should be considered a potential scam.
a. Avoid sending passwords, bank account numbers, or other private information in an email.
b. Avoid clicking links in emails, especially any that are requesting private information.
c. Be wary of any unexpected email attachments or links, even from people you know.
d. Look for ‘https://’ and a lock icon in the address bar before entering any private information.
e. Have an updated anti-virus program that can scan email.
f. Change your campus email password, if you suspect your email password may have been compromised.

5. Useful References:
https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/phishing
https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44

Should you have any doubts on the email received, forward the email to it@xmu.edu.my for checking, then delete the message from your inbox.