Identity theft is one of the fastest-growing crimes in the country. Individuals steal other people's personal information to use for illegal purposes. This personal information can be obtained in a variety of ways; however, the victim may actually hand over the information willingly, without suspecting any foul play. This is usually done through a tactic known as phishing (pronounced "fishing"). The victim receives an e-mail (usually) or even a phone call requesting various pieces of vital information - Social Security Numbers, Date of Birth, password, account numbers, etc. You may be asked to reply, open a webs site, or download a file in order to provide the information. These e-mails can be extremely difficult to detect as they closely resemble legitimate communications from SMU, a bank or another company.
So how do you determine if an e-mail is legitimate or "phishy"? There are a few common characteristics of phishing e-mail:
- The e-mails are usually from someone pretending to be a legitimate retailer, bank, organization or government agency
- The sender asks you to confirm personal information.
- The email messages often include attachments or links to sites containing malicious code or malware which can infect our computer.
- Website links appear legitimate, but in actuality, take you to a different website.
Even if the message appears to come from a reputable source, think before your reply. Do not ever provide your account information, login and password, or sensitive information to anyone – particularly via email or IM. If you believe the email or IM is legitimate, open your web browser and type in the actual URL of the company rather than clicking on the email link. You can also call the company directly to question the request for information. Most companies (including SMU) have very strict policies and will never ask for your account information, password or other personal information in an e-mail, IM, or phone call. When in doubt, please err on the side of caution and delete the email or IM without replying.
If you suspect that you have responded to a phish attempt, change your account password immediately (click here), and then contact the OIT Help Desk at 214-768-HELP (4357).
For more information on identity theft and phishing, visit http://www.fraud.org
You can join SMU's effort to prevent phish by reporting suspected phishing attempts. Click here for instructions.