Over the past several weeks, there has been a significant increase in phishing attempts targeting SMU email addresses. In many of these cases, the messages masquerade as important documents requiring your attention either via Concur, DocuSign, or Adobe. Before you click on the link or open the attachment, here are some recommendations to help determine if the email is legitimate or a phishing attempt: Continue reading Important notice about the recent increase in phishing attempts
In 2016, SMU received over 504 million e-mails. Out of all of those e-mails, only 2.8% of them were legitimate messages that actually made it to inboxes. The rest were all junk, including messages with viruses, marketing materials, and other messages from addresses with bad reputations.
Obviously, our spam filters are doing a pretty great job at filtering out the majority of spam messages that arrive at SMU. However, no spam filter is perfect, and bad messages occasionally end up in your mailbox. If you receive a suspicious and/or unsolicited message in your SMU inbox, make sure to follow these guidelines to stay safe and let us know about the message.
Don’t Open the Links!
Most spam messages usually contain cryptic addresses that could lead to viruses and possible identity thieves. Make sure to NEVER click on links within a suspicious message. The same rule goes for attachments. Even if the attachment filename or file format looks safe, it is most likely trying to deceive you.
Let OIT Know!
If you just delete the spammy message as soon as you receive it, we may never know about it! Help OIT and your fellow SMU community members by reporting the message to prevent further messages. In SMU webmail, simply right-click on the spam message and select Send As Attachment. If you’re in Outlook, select the message and then press Ctrl+Alt+F. This will open a new e-mail with the spam message as an attachment. Send that message to email@example.com. This will send the offending e-mail to our spam filter for processing. This helps the filter become even better at blocking harmful messages in the future.
Of course, if you’re ever unsure about a message or have any questions, give us a call at 214-SMU-HELP or drop us a line at firstname.lastname@example.org
On Tuesday, July 2, SMU implemented a new feature as part of our anti-spam defense to rewrites web links considered questionable, included in inbound emails. The purpose of the rewrite is to prevent phishing and malware scams by forwarding certain web requests to a proxy service for analysis. While some benign links might be overwritten, the service protects against “zero-hour” exploits where the threat could be unknown. If a link is still considered suspect at the time it is clicked, the you will receive a prompt to either decline or proceed to the website in question.
The URL rewrite policy was recently adjusted on Thursday, July 7, and our team will continue to monitor the service to ensure that the policy is neither too lenient, nor too aggressive when rewriting the web links. Please contact the IT Help Desk at email@example.com if you have any questions regarding this change.
Phishing attempts are email messages sent by hackers pretending to be your friends, coworkers, or trusted companies. These emails try to lure you to reveal your personal information, such as your passwords, credit card numbers, or bank account numbers, with alarmist sounding messages. Some may even direct you to an official-looking website requesting such information. These websites may also be infected with computer viruses or other forms of malicious software. Phishing messages have potential to damage our IT infrastructure and expose sensitive University data.
Due to the increased volume of recent phishing attempts, SMU’s Information Security Team is launching another round of the phishing awareness program, AntiPhish. This program will send simulated phishing emails, analyze how SMU employees respond to these messages, and track the success of employees in recognizing and deleting phishing emails. For those falling victim to the phishing attempts, the Information Security Team will offer training tools to help employees learn how to avoid falling victim to phishing messages. The phishing simulations will take place at SMU in the coming weeks.
As a reminder, if you receive any email message that appears malicious or asks for confidential personal information, Information Security asks that you do the following:
- Contact the IT Help Desk or your local IT Support group regarding the email.
- Delete the email from your mailbox without clicking on any hyperlinks or attachments.
For valuable resources and other information, please visit the Information Security website at www.smu.edu/OIT/Infosec.
If you have questions about the upcoming phishing simulation or training tools, please contact the IT Help Desk at 214-768-4357 (HELP).
With over 11,000 students available to you through the Outlook address book, you might think this is a great group to market your services or product. They are SMU students. You are a SMU student. You have that natural connection and why wouldn’t they like the bag you designed on Etsy that is perfect for Boulevarding. Or maybe you speak four languages and really could help that struggling student in German, if they only he knew you were available. The problem occurs when you click that send button. At that point, your email becomes a violation of SMU policy and that can cause problems for you.
As George Finney, Chief Security Officer at Southern Methodist University, explains, “This is a violation of our bulk email policy and it also uses SMU resources for a commercial venture… As a non-profit, SMU’s tax exempt status requires us to not allow this.” If you are found in volition, OIT will prevent further email distribution by you, and block access from campus to any 3rd party email address listed in the message. You basically get marked as a spammer. Also, your account will be reviewed and if further action is warranted, it will be taken.
If you have questions about email policy, please feel free to contact the Help Desk at 214-768-HELP. For more information on University policies, please review the official University Policy Manual at smu.edu/policy.