Over the past several weeks, there has been a significant increase in phishing attempts targeting SMU email addresses. In many of these cases, the messages masquerade as important documents requiring your attention either via Concur, DocuSign, or Adobe. Before you click on the link or open the attachment, here are some recommendations to help determine if the email is legitimate or a phishing attempt:
- If you weren’t expecting the request or do not recognize the sender, be very suspicious!
- Check all addresses and links. Remember, if an account has been compromised, the attacker may be sending from a legitimate SMU account. Check the links in the email simply by hovering your mouse over them to determine if they are legitimate SMU sites.
- If you do click on a link in an email, double check the URL of any sites that contain a login prompt. For many of our IT services, the address would begin with https://idp.smu.edu/. Be on the lookout for any odd variations of an SMU address though as the attackers will often modify the URL only slightly to trick you.
- Check for odd grammar. Although some messages are extremely well written, there are still quite a few that have obvious grammar mistakes.
- Contact the IT Help Desk if you are still unsure.
If you receive a DocuSign message, please remember that legitimate emails for contracts and commitments with external entities should come from an SMU Contract Lead or SMU’s Senior Contracts Administrator. Be sure to verify the e-mail address! If the email request is not from an SMU Contract Lead or the Senior Contracts Administrator, you should inquire if the contract/agreement has gone through the contract administration process by contacting your designated Contract Lead or by contacting the Contracts Administrator.
As always, if you are unsure, please contact the IT Help Desk and they will be happy to verify the legitimacy of the message. We would much rather help you to verify the legitimacy of a message than have any of your information or accounts compromised!
Thank you for your diligence in helping to protect your accounts and SMU information.