How to Identify Phishing Emails

EIT has some recommendations on how to identify phishing emails:

• From addresses that are easily forged and can look like the message came from someone you know. Also check the “TO” and “CC” fields. Is the email being sent to people you do not know or do not work with?
• Be careful with links, and only click on those you are expecting. Hovering your mouse over the link will show you the true destination of the link without actually having to click on it.
• Check for grammar and spelling mistakes and be wary of offers that seem too good to be true as these can all be indicators of a phishing attempt.
• Be suspicious of any email that requires “immediate action, within 24 hours.” This is a common technique to rush people into making a mistake.
• Don’t respond to emails requesting confidential information or emails that are asking for you to login with your SMU credentials.
• If something looks too good to be true, it probably is. Legitimate organizations will not ask you for your personal information.
• Do not open any random files/attachments in any email that you are not expecting. (Excel, Word, Google drive, OneDrive, PDFs, .exe, etc.)
• Look for out of context messages from your contacts, could be a sign their account could be compromised.

If you entered your SMU ID and password in error through the phishing email or feel you’ve been scammed, contact the EIT Help Desk at helpdesk@smu.ca or 902-496-8111.