Contact Us
Office of Information Technology
4400 Massachusetts Avenue NW
Washington, DC 20016-8019
United States
Advice and Tips
How do I avoid becoming a victim of phishing?
- Beware of suspicious messages.
- Phishing messages may include a formal salutation, overly-friendly tone, grammatical errors, extensive spelling errors, or urgent requests, particularly for money or personal information.
- Avoid opening links and attachments.
- Even if you know the sender, don't click on links that could direct you to a bad website.
- If the email references an AU website, access the site the way you would normally, rather than via the link.
- Do not open attachments unless you are expecting a file from someone.
- Wherever possible, utilize tools such as OneDrive, the AU shared drives, and SharePoint sites to exchange documents, rather than email.
- Verify the source.
- Check the sender's email address to make sure it is legitimate.
- If in doubt, delete the message and notify the IT Help Desk.
- Be suspicious of unsolicited phone calls, visits, or email messages from individuals, asking about employees or other internal information.
- If an unknown individual claims to be from a legitimate organization, try to verify their identity directly with the company.
- Do not provide personal information or information about AU, including its structure or networks, unless you are certain of a person's authority to have the information.
- Where possible, refer requests of this type to public resources.Â
- Do not reveal personal or financial information over email, and do not respond to email solicitations for this information, including following links sent in an email.
- Do not send sensitive information over the Internet before checking a website's security.
- Sites that accept personal information and logins should always be encrypted.
- Pay attention to the URL of a website.
- Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling, additional subdomains (e.g. yourbank.com.badsite.net), or a different domain (e.g. .com vs. .net).
- If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly.Â
- Do not use contact information provided on a website connected to the request; instead, check previous statements or public web sites for contact information.
- Information about known phishing attacks is also available online from groups such as the .
- Install and maintain anti-virus software, firewalls, and browser ad-blockers to reduce some of this traffic.
- These are all provided by default on the AU computer image.
- Take advantage of any additional anti-phishing features offered by your email client and web browser.
What should I do, if I believe I have been phished?
- If you believe you might have revealed sensitive information about AU, please report it to the IT Help Desk at helpdesk@american.edu, and copy Information Security at security@american.edu.
- Immediately change any passwords you might have revealed.
- If you used the same password for multiple accounts other than your AU account, make sure to change it for each account, and do not use that password in the future.
- Watch for any unusual or unexplained charges to your account.
- If you believe your financial accounts may be compromised, contact your financial institution immediately and work with them to protect any accounts that may have been compromised.