Skip to main content

Office of Finance and Treasurer News


Spear Phishing - Don't Get Caught!

Spam is growing quickly -- nearly 200 billion spam messages are now sent each day, double the volume in 2007, according to Cisco's Annual Security Study. Targeted attacks, referred to as Spear Phishing, are also rising sharply.

More than 0.4 percent of all spam sent in September were Spear Phishing attacks, Cisco found. That might sound low, but since 90 percent of all e-mails sent worldwide are spam; this means 800 million messages a day are attempts at spear phishing. A year ago, targeted attacks with personalized messages were less than 0.1 percent of all spam.

Phishing is a technique criminals use to gain their victim's trust by sending a convincing e-mail message or leaving an official-sounding phone message to pose as a legitimate organization—like American University, a bank, or government agency. Spear phishing attacks are addressed to you to appear more legitimate.

Protect yourself!

  • OIT and other AU organizations will never ask for your password by e-mail or phone message. 
  • Treat all such requests with high suspicion. 
  • If you receive a message from someone purporting to be your bank, employer, or other trusted organization, double check the correct number on correspondence from the organization or their Web site.


OIT continuously works to improve AU's e-mail filters and efforts to catch phishing attempts that are sent electronically. Our voice mail system is also protected as much as possible from criminal attacks.

Please contact the IT Help Desk at 202-885-2550,, or on instant messenger at AskAmericanUHelp for assistance and further information.