Phishing

Phishing is a common tactic used to trick individuals into revealing sensitive information such as passwords, account numbers, or personal details. These attacks often rely on deception rather than technical vulnerabilities and may appear to come from trusted organizations, colleagues, or service providers.

Phishing attempts most commonly occur through email, but they may also come through text messages, phone calls, or messaging platforms. In many cases, the message creates a sense of urgency or concern and asks the recipient to click a link, open an attachment, or provide information directly.

Because phishing messages can closely resemble legitimate communications, they can be difficult to identify at a glance.

Common Signs of a Phishing Attempt

Phishing messages often share one or more of the following characteristics:
• The sender appears to be a trusted organization, service provider, or internal department.
• You are asked to confirm or provide sensitive information such as passwords, account numbers, or personal identifiers.
• The message includes links or attachments that prompt immediate action.
• Links appear legitimate but lead to unfamiliar or misleading websites.
• The message creates urgency, fear, or pressure to act quickly.

How to Protect Yourself

  • Think before you click. Be cautious with unexpected emails or messages, even if they appear to come from a known source.
  • Do not provide passwords, login credentials, or sensitive personal information by email, text, or instant message.
  • If a message appears legitimate, open a web browser and navigate to the organization’s website directly instead of clicking links in the message.
  • Contact the organization using official contact information to verify the request.
  • Remember: OIT will never ask for your password or authentication codes.

When in doubt, it is safest to delete the message without responding.

If You Think You’ve Responded to a Phishing Message

If you believe you may have shared information or clicked a suspicious link:

  • Change your account password immediately using the official password management or reset tool.
  • Contact the IT Help Desk or OIT Security Team as soon as possible for assistance.
  • Monitor your accounts for unusual activity.

 

If you suspect that you have responded to a phish attempt, change your account password immediately using the SMU Password Reset Tool and then contact the IT Help Desk at 214-768-HELP (4357).

Early reporting helps reduce risk and protects both individual accounts and institutional systems.

For more information on identity theft and phishing, visit www.fraud.org

You can join SMU's effort to prevent phish by reporting spam and phishing attempts.

Additional Resources:

Federal Trade Commission (FTC) – Fraud and identity theft awareness