Identity theft is one of the fastest-growing crimes in the country. Individuals steal other people's personal information to use for illegal purposes. This personal information can be obtained in a variety of ways; however, the victim may actually hand over the information willingly, without suspecting any foul play. This is usually done through a tactic known as phishing. The victim receives an e-mail (usually) or even a phone call requesting various pieces of vital information: Social Security Numbers, Date of Birth, password, account numbers, etc. You may be asked to reply, open a web site, or download a file in order to provide the information. These e-mails can be extremely difficult to detect as they closely resemble legitimate communications from SMU, a bank or another company. So how do you determine if an e-mail is legitimate or "phishy?" There are a few common characteristics of phishing emails:

  • The e-mails are usually from someone pretending to be a legitimate retailer, bank, organization or government agency.
  • The sender asks you to confirm personal information.
  • The email messages often include attachments or links to sites containing malicious code or malware which can infect our computer.
  • Website links appear legitimate, but in actuality, take you to a different website.

Even if the message appears to come from a reputable source, think before you reply.  Do not ever provide your account information, login and password, or sensitive information to anyone – particularly via email or instant messaging (IM).  If you believe the email or IM is legitimate, open your web browser and type in the actual URL of the company rather than clicking on the email link. You can also call the company directly to question the request for information. Most companies (including SMU) have very strict policies and will never ask for your account information, password or other personal information in an e-mail, IM, or phone call. When in doubt, please err on the side of caution and delete the email or IM without replying.

If you suspect that you have responded to a phish attempt, change your account password immediately using the SMU Password Reset Tool and then contact the IT Help Desk at 214-768-HELP (4357).

For more information on identity theft and phishing, visit

You can join SMU's effort to prevent phish by reporting spam and phishing attempts.