You are here: American University Information Technology IT Security Phishing and Scam Advisories

Back to top

OIT Phishing and Scam Advisories

Even with some of the most sophisticated technology, malicious emails and phishing attempts still make their way to the email inboxes of users in the AU community. 

OIT will never ask for your password.

If you believe your account has been compromised or that you have been a victim of a phishing attempt, plese contact the OIT Help Desk immediately at 202-885-2550.

Best Practices

  • When performing a password reset, make sure your new password is something unique, is not used on other services, and has never been used before.
  • Always report fraudulent MFA prompts that you have not initiated.
  • Never accept an MFA prompt you have not initiated.
  • If you do receive a fraudulent MFA prompt, reset your password immediately. An MFA prompt can only be generated by someone who already has your username and password.
  • Use the Cofense Report tool to report phishing attempts you receive in your AU Email.

The Report Phishing button is a simple solution for safely forwarding a suspicious email to the OIT Help Desk. Within your AU email account, the Report Phishing button is found on all versions of Outlook:

Outlook (Desktop)

  1. With an email open, in either its own window, or in the Outlook preview pane, look for the Report Phishing icon on the Outlook ribbon.
  2. Click the Report Phishing icon.
  3. Report Phishing will open a sidebar and begin packaging the email details on your behalf.
  4. When the packaging is complete, a final prompt will appear.
  5. In the prompt, click OK to forward the suspicious email to the OIT Help Desk.
  6. The sidebar will close, and after a moment, the suspicious email will be deleted from your Outlook inbox.

Outlook Ribbon - Cofense Reporter Fish

 

Outlook for Mobile (iOS)

  1. Open an email as you normally would.
  2. In the upper right, tap the 3-dot icon (click on picture to expand).
    Email Context menu found upper right
  3. From the menu that appears, tap the “Report Phishing” icon.
    Report Phishing
  4. The Report Phishing mechanism will take a moment to package the details of the email.
  5. Tap OK on the remaining prompt to send the report to the Help Desk.

Outlook for Android

  1. Open an email as you normally would.
  2. In the upper right of the email, just beneath the email delivery timestamp, tap the hamburger menu (click on picture to expand).
    Email context menu next to address line
  3. From the menu that appears, tap the Report Phishing icon.
    Report Phishing Icon
  4. The Report Phishing mechanism will take a moment to package the details of the email.
  5. Tap OK on the remaining prompt to send the report to the Help Desk.

 

Outlook Web Access

  1. Open an email as you normally would
  2. In the email click on the context (three dot) menu.
  3. Select "Report Phishing" from the sub-menu.
  4. Report Phishing will open a sidebar and begin packaging the email details on your behalf.
  5. When the packaging is complete, a final prompt will appear.
  6. In the prompt, click OK to forward the suspicious email to the OIT Help Desk.
  7. The sidebar will close, and after a moment, the suspicious email will be deleted from your Outlook inbox,

Current Advisories

The following examples are known phishing and scamming attempts circulating in the AU community. These are not legitimate emails.

IT DESK February 23, 2023

Your O365 email will expire in 24 hours. Fill out your correct information or we will block your account

#Phishing

HIRE IMMEDIATELY February 23, 2023

You have been offered campus employment

Alternate Subjects:
CAMPUS JOBS OPPORTUNITY

#Phishing

Piano Giveaway January 17, 2023

Alumna has a piano to give away

#Scam