• Change your password (if you still know it)
• Reset your password (if you have forgotten it)

While our Service Desk is always here to help, password resets can now be done without the assistance of a Service Desk representative.

How It Works

You will need to use at least two different methods to verify who you are when resetting your password. They can include:

• the Microsoft Authenticator app,
• an alternate authenticator app or hardware token,
• a telephone number or
• a personal email address.

Multiple methods ensure security in case one is physically lost or compromised.

How You Can Prepare

Take a moment to update your authentication methods to be ready for this system. We recommend having three options for flexibility, such as:

• the Microsoft Authenticator app,
• a personal email address that is not tied to your university account and
• a telephone number you commonly have access to.

You can with your MC1 (@cunet.carleton.ca) account.

How to Use It

Once set up, visit the self-service site to reset your password. Follow the instructions on the page. For more details, check the ITS Help Centre.

Why is this important?

The Microsoft Authenticator app is a vital tool for verifying your identity when accessing university services. If this app is offloaded by your phone’s automatic offloading feature for seldom-used apps, you may encounter difficulties when trying to authenticate.

To prevent this from happening, we urge you to turn off the automatic offloading feature on your devices.

Steps for iOS Users:

1. Open the Settings app on your iPhone or iPad.
2. Scroll down and tap on Apps, then App Store.
3. Under the Offload Unused Apps section, toggle the switch to off.

Steps for Android Users:

1. Open the Google Play Store app.
2. Tap the three lines in the top left corner of the screen.
3. Tap “Settings.”
4. Tap “Auto-manage apps.”
5. Toggle on the switch next to “Archive unused apps.”

NOTE: Steps may vary by device and operating system version. .

By following these steps, you will ensure that the Microsoft Authenticator app remains active on your device, allowing you to authenticate without any interruptions.

Thank you for your attention to this matter. If you have any questions or need further assistance, please do not hesitate to contact the ITS Service Desk.

Two Chances to Win

You can enhance your chances of winning by enrolling in two different ways.

1. Enrol in our Brightspace Security Awareness Course

and complete at least one module before the end of the day on Thursday, October 31, 2024 for your chance to win. That’s it! Your name will be automatically be entered in our contest.

The modules are short and easy to complete. Some of them are only one to two minutes in length, but in addition to giving you a chance to win, you’ll learn about how to stay safe online and protect yourself from phishing!

Those who have already enrolled in our Security Awareness Courses and completed at least one module have been pre-enrolled in this contest.

2. Set Up Microsoft Multi-Factor Authentication

Multi-factor authentication (MFA) is one of the best ways to protect yourself from cybersecurity threats, and Microsoft MFA is 杏吧原创’s solution. Once enabled, you will login to 杏吧原创 systems using something you know (your My杏吧原创One password) plus something you have (your mobile phone, tablet, or pre-registered telephone number).

All you need to do is onboard yourself to Microsoft MFA using the guide at the button below. Once you are onboarded, your name will be automatically be entered in our contest.

Those who have already enrolled in Microsoft MFA have been pre-enrolled in this contest.

Contest Details

The Contest Period听听听听听听听听听听

The contest is run by the Information Technology Services at 杏吧原创 University. The contest will run online from Monday, September 30, 2024, until Thursday, October 31, 2024 at 11:59 EST.

Eligibility

The person entering the Contest must be a currently enrolled 杏吧原创 student who has reached the age of majority in Ontario or they must obtain their parents鈥� consent. Contestants cannot reside in Quebec.

How to Enter

The Contest may be entered online only. To complete the official contest entry, participants must and/or enrol in Microsoft Multi-Factor Authentication before the end of the contest period.

Late entries will be disqualified. There is no fee to enter this contest, and no purchase or other consideration is necessary.

Prizes

There will be one prize pack awarded to each contest winner. Prize packs are broken down in the following ways:

• Power Bank: One prize pack
• Ravens swag: Five prize packs

The prizes have no cash redemption value. 杏吧原创 University makes no express or implied warranties of any kind with respect to safety or performance of the contest prizes.

Selection and Awarding the Prizes

Contest entries must be submitted by Thursday, October 31, 2024, at 11:59 pm EST.

The contest winner will be announced and notified on or after Friday, November 1, 2024.

Disqualification: If any one of the contest conditions is not met, the selected entrant will be disqualified and shall not be entitled to receive any prizes. Information Technology Services has the sole and absolute discretion to verify the student鈥檚 enrollment in the contest. If any information is deemed to be false, Information Technology Services reserve the right to disqualify that entrant in their absolute discretion and to select the second place winner as a potential prize winner. The decision of the aforementioned parties is final and binding, without any right of appeal.

GENERAL TERMS AND CONDITIONS

Verification of Entries: The validity of any student status regarding enrollment is subject to verification by Information Technology Services. Any incomplete, double, or fraudulent entries will be rejected. Any entrant or other individual who enters or attempts to enter the Contest in a manner which is contrary to these official Contest Rules or which is otherwise disruptive to the proper operation of the Contest or by its nature is unjust to other entrants or potential entrants will be rejected and that entrant or purported entrant will be disqualified. All decisions of the Contest judges, who are employees of 杏吧原创 University, with respect to any and all aspects of the Contest, including without limitation the eligibility or disqualification of entrants or entries, are final and binding without right of appeal.

The Odds: The odds of winning depend upon the number of eligible entries received.

Acceptance of Prizes: The Prize must be accepted as described in these rules and cannot be transferred to another individual, substituted for another prize or exchanged in whole or in part for cash or credit. If for any reason a selected entrant cannot be reached through the contact information provided, or does not respond to Information Technology Services within five (5) business days of being contacted, or if there is any reason a winner cannot accept the prize as awarded, their entry will be declared null and void, and the second place winner will receive the prize if eligible.

Substitution of a Prize: Information Technology Services reserve the right, in their sole and absolute discretion, and for any reason whatsoever, to substitute a Prize or any part thereof, with an alternate prize of equivalent value.

Termination of Contest: The (office/unit managing contest) reserve the right, in their sole and absolute discretion, to modify, cancel, terminate or suspend the Contest at any time, in whole or in part, in the event of any cause or circumstance, including without limitation any virus, computer bug or unauthorized human intervention, unauthorized or automated voting, or any other cause that is beyond the control of the (office/unit managing contest), that could corrupt or affect the administration, security, impartiality or normal course of the Contest.

Release and Exclusion of Liability: By entering or attempting to enter the Contest, each individual agrees: (i) to release, discharge, and forever hold harmless 杏吧原创 University, and their respective officers, directors, employees, members, agents and other representatives (collectively, the 鈥淩eleasees鈥�) from any and all claims, actions, damages, injuries, demands, manner of actions, causes of action, suits, debts, duties, accounts, bonds, covenants, warranties, indemnities, claims over, contracts and liabilities of whatever nature or kind including without limitation arising out of, or in connection with the entrant鈥檚 participation or attempted participation in the Contest, compliance or non-compliance with these Contest rules and acceptance and use of the Prize, any other prize or any portion thereof.

杏吧原创 University will not be responsible for lost, incomplete, late or misdirected Contest entries or for any failure of the Contest website during the Contest Period, or for any technical malfunction or other problems with, any telephone network or lines, computer online systems, servers, access providers, computer equipment or software or for any technical problems or traffic congestion on the Internet or at any website, or any combination of the foregoing, and will not be liable for any resulting injury or damage to any person or property arising from, or relating to, that person鈥檚 or any other person鈥檚 participation or attempted participation in the Contest, or attempted voting in the contest. Any attempt to deliberately damage any website or to undermine the legitimate operation of this Contest is a violation of criminal and civil laws and, should such an attempt be made, 杏吧原创 University reserves the right to seek remedies and damages to the fullest extent permitted by law, including criminal prosecution. (iii) Each winner must sign a release form, giving 杏吧原创 University the permission to publish in print, broadcast or online, the winner鈥檚 name without remuneration.

Communication with Entrants: No communication or correspondence will be entered into with any Contest entrants about their specific contest entries, other than with the winning entrant selected.

Personal Information and Privacy Policy: Any personal information collected through this contest will be used and disclosed by 杏吧原创 University under the authority of the 杏吧原创 University Act, and in accordance with sections 39, 41 and 42 of Ontario鈥檚 Freedom of Information and Protection of Privacy Act and applicable 杏吧原创 University privacy policies, which can be read here. By entering this contest, all individuals consent to the collection and use of the personal information provided and contained in any submitted entry.

The information provided will not be used for any purposes other than those stated upon this form unless the entrant directs otherwise. 杏吧原创 University is fully compliant with FIPPA and endeavors at all times to treat all personal information in accordance with this law.

You have certain rights to access and rectify the information contained in the file held about you and in order to exercise these rights, or if you have any questions, comments or concerns about this consent please contact 杏吧原创 University person listed below.

Manager, Privacy & Access to Information
Telephone: (613) 520-2600 Ext. 2047
E-Mail: University_Privacy_Office@carleton.ca

Crucially, QR codes can be used by threat actors to prompt you to visit malicious websites and download malware, so think before you scan!

Once scanned, the decoded text of the QR code can trigger actions such as:

• Opening a website
• Downloading an app
• Joining a Wi-Fi network
• Verifying information
• Creating a contact
• Sending an email or message
• Dialling a phone number

What are the risks?

By scanning a QR code, you could be susceptible to the following risks:

• Tracking of your online activity by websites using cookies. Your data can be collected and used for marketing purposes without your consent.
• Collecting metadata associated to you, such as the type of device you used to scan the code, your IP address, location and the information you enter while on the site.
• Exposing financial data, such as your credit card number, if you used it to purchase goods or services on the website.

The actions the QR code performs can also pose risks, such as allowing threat actors to infect devices with malware, steal personal information, or conduct phishing scams.

How can you stay safe?

To protect yourself and your personal information, always avoid using QR codes in the following way:

• Enabling your devices to automatically execute the QR code action.
• Scanning a QR code posted in a public setting (e.g. in a public transit station or advertisements on the street).
• Scanning a QR code in a business setting if it is printed on a label that could be covering another QR code. Ask a staff member to verify its legitimacy first. The business might simply have updated their original QR code.
• Scanning QR codes received in emails or text messages unless you know they are legitimate.
• Using QR scanner apps that are released by unknown companies or institutions.
• Putting convenience before security. Type in a website URL to view content, such as an online restaurant menu instead of scanning a QR code.

More way to learn about staying cyber safe

翱耻谤听, available through Brightspace, teaches the community how to stay cyber secure. Students, faculty and staff are invited to enrol in a series of modules that are short, digestible and, most importantly, informative. Topics include phishing, ransomware, Wi-Fi security, social engineering, risky USB devices and much more.
听
Keep in mind that, after clicking the link above, you鈥檒l need to log in with your My杏吧原创One (MC1) password before enrolling.

Cyber Security Month is back this October! It鈥檚 a chance to educate citizens about how to stay safe and cyber aware while they work and live online.听

Watch this website, the 杏吧原创 Mobile app and the Current Students website for new posts each week throughout October to learn how to stay cyber secure.

Curious about how 杏吧原创 is fighting phishing? In the past year, ITS has rolled out a number of initiatives to fight phishing at 杏吧原创, including:

Security Awareness Courses

Our , available through Brightspace, teaches the community how to stay cyber secure. Students, faculty and staff are invited to enrol in a series of modules that are short, digestible and, most importantly, informative. Topics include phishing, ransomware, Wi-Fi security, social engineering, risky USB devices and much more.
听
As part of the campaign, all staff, faculty, and students are encouraged to听听for the course. Keep in mind that, after clicking the link above, you鈥檒l need to log in with your My杏吧原创One (MC1) password before enrolling.

Report Phishing Button

Part of the problem with phishing is knowing how many attempts are coming in, and how they seek to rope in victims. The 鈥淩eport Phishing鈥� button allows users to easily report phishing emails, providing our Information Security professionals the information they need to prevent future attempts. Users no longer need to manually forward email messages or attachments to the Service Desk to report a phishing message. They can simply click the Report Phishing button on a phishing email, and we鈥檒l do the rest.

And, as we report, the听tech behind the Report Phishing button听is very cool.

Phishing Simulations

Education is a key element in the fight against phishing, because everyone plays a role in identifying and reporting phishing attempts. We launched a Simulated Phishing Initiative in which the community began receiving safe and simulated phishing emails, automatically generated by our systems, to help faculty, staff and students better recognize what a phishing email might look like. There is still much to do in the fight against phishing, but these simulations are a strong start.

Cyber security doesn鈥檛 end after October, so watch the听ITS web site听for information about new campaigns, tips and tricks as they become available.

If you have any questions, please contact听ITS Security.

Instead of presenting information in long blocks of texts or videos, this course delivers its content through multiple kinds of engaging avenues. Below are some ways that make the Security Awareness course exciting, written by two co-op students currently working in Information Technology Services.

Hotspots

Hotspots allow you to be more directly involved with your own learning. These interactive buttons are added to slides, and reveal hidden information when clicked. The Security Awareness course uses hotspots throughout the various modules.

For instance, when discussing phishing emails, the course presents an example and uses it to dissect the common features of a phishing message. You can click on the hotspots scattered around the slide to learn more about these red flags.

Audio

The Security Awareness course slides are accompanied by synced audio. This is particularly beneficial if you are an auditory learner rather than a visual learner. The voiceover has natural articulation and appropriate pacing to ensure that you can understand the information clearly.

If you find the voiceover distracting or if you just need a break, you can either mute or pause the audio in the upper right tab of the course slide.

Animated Videos

Animated videos are featured throughout the Security Awareness course; they present a scenario related to the module topic and prompt you to consider the best course of action for the given situation.听Not only are these short videos fun to watch, they demonstrate key messages in a digestible way.

For example, in one of the animated videos, someone is using a public Wi-Fi connection to send an email containing confidential documents 鈥� this is dangerous because cybercriminals can capture information shared over an unsecured network.

Knowledge Checks

There are short knowledge checks in each module of the Security Awareness course; these assess your understanding of the content that was covered. But don’t worry! There are no penalties for answering a question incorrectly and you can retake the knowledge check as many times as you want. In fact, there will be a pop-up text box that expands on why your answer was right or wrong.

Knowledge checks are a great way to keep track of your learning progress. If you’d like to improve your score on any given module, you can revisit it to review the content again.

Mini-Games

The Security Awareness course offers a variety of mini-games related to the various module topics. These games are an engaging alternative to long texts and videos 鈥� not only is learning about cybersecurity empowering, it is also fun!

For example, in the spear phishing module, there is a game that allows you to roleplay as a cybercriminal. You get to plan out a spear phishing attack and make decisions in order to execute it successfully. The game demonstrates the extent to which an actual cybercriminal will go through in order to harvest your personal data. By being more aware of the methodologies used in a spear phishing attack, you can prevent yourself from falling victim to it.

Take Action

Hotspots, audio, animated videos, knowledge checks, and mini-games are just a few of the ways that make our Security Awareness course exciting. Since October is Cyber Security Awareness Month, there is no better time than now to .

If you complete at least one module of the Security Awareness course before October 29, 2022, you can be entered for a chance to win a pair of Airpods or Ravens merch. Click the button below for more details on the giveaway:

After taking our Security Awareness Course, you can expand your learning by reading our posts and information about how to identify and stay safe from phishing below:

• What to Do If You Get Phished
• Where, Why and How Phishing Happens
• Preventing Phishing

Seven Red Flags of Phishing

The best way to stay safe from phishing is to learn to recognize the signs of a phishing attempt, and how to protect yourself from it. To quickly recap, look out for these seven red flags commonly associated with phishing attempts:

Recognizing these seven red flags will surely help you in avoiding phishing attempts, but keep in mind that new and inventive methods of phishing are constantly being developed. Exercise caution and use your best judgement when approaching any unfamiliar message.

How To Get Help

If you’ve been phished or ran into another cybersecurity issue, your first course of action should be contacting the听ITS Service Desk. We encourage using our online chat feature to engage with a live Service Desk agent during business hours or reporting the issue by . For more information on using using our chat service or opening a ticket, please visit the ITS Help Centre. Other methods of support are available at 杏吧原创.ca/its/contact.

Stay Cyber Secure Year Round

Cyber security doesn’t end after October. Please watch the ITS website and follow us for any information concerning new updates, campaigns, and tips and tricks as they become available.

Lastly, we encourage you to share anything you鈥檝e learned this month with your friends, family, and anyone else to spread the word about phishing and how we can avoid it.

What is Phishing?

Phishing is a cyberattack that uses fraudulent emails, SMS texts, and phone calls to solicit sensitive information from you or to deploy malicious software to your device. You can read our “Where, Why and How Phishing Happens” post to learn more about phishing attacks.

Preventing a phishing scam is easier than dealing with one. Using strong and unique passwords, enabling multi-factor authentication, and regularly backing up your important data are three ways to stay cyber-secure!

Use strong and unique passwords

Passwords are an effective way of protecting your devices and accounts from unauthorized access. Creating strong passwords may seem like a daunting task, but don’t worry 鈥� we have some helpful tips and tricks for you below!

Now that you know how to create a strong password, make sure to use unique passwords for each of your accounts. This will protect your other accounts from being compromised with stolen login credentials in the event of a successful phishing attack.

If you feel overwhelmed by the number of passwords you have to keep track of, you can use a password manager. Password managers store all your login credentials for different websites, apps, and devices.听They encrypt your password database with a master password 鈥� the master password is the only one you have to remember.

If you plan on using a password manager, make sure to follow these guidelines:

• Use a trusted password manager, and ensure that it is updated regularly
• Use a strong master password and multi-factor authentication to secure your password manager
• Don’t use your password manager for sensitive accounts (e.g., email and bank account)

Enable multi-factor authentication

Multi-factor authentication is an extra layer of protection for your devices and accounts. It strengthens your security by requiring at least two items of authentication to log in. Multi-factor authentication relies on any of the following factors:

Regularly back up your important data

Having a backup of your data can improve your resiliency during a cybersecurity threat. In the event of a phishing attack, backups are critical for two reasons:

Availability: If your system has been compromised, your data might be stolen or deleted. A backup ensures that you can still access the information you need, when you need it.

Recovery: A backup can help you restore your system and data as quickly as possible. This will minimize the amount of information, time, and money that could be lost due to downtime.

Storing your backups

There are three options for storing backups: onsite, offsite, or on the cloud. It is a good practice to have multiple copies of your backups and to store these copies in different locations.

Stay Cyber Secure Year Round

Cyber security doesn鈥檛 end after October, so watch the ITS web site and on Twitter for information about new campaigns, tips and tricks as they become available.

If you have any questions, please contact ITS Security.

Thank you in advance for your participation!

Students! This is your chance win a pair of AirPods or one of two Ravens swag packs during Cyber Security Awareness Month!

How to Enter

It’s easy to enter! Just and complete at least one module before the end of the day on Friday, October 28, 2022 for your chance to win. That’s it! Your name will be automatically be entered in our contest.

The modules are short and easy to complete. Some of them are only one to two minutes in length, but in addition to giving you a chance to win, you’ll learn about how to stay safe online and protect yourself from phishing!

Contest Details

Open to current students of 杏吧原创 University only. In order to enter, students must complete at least one module of our Cyber Security Awareness Course in Brightspace between 12:00 AM on October 10 and 11:59 PM on Friday, October 28, 2022. Entries are limited to one per student; completing more than one module does not entitle a student to additional entries. Winners will be randomly selected on October 31, 2023 and notified by email. Winners must respond to the notification within 72 hours to confirm their prize.

Cyber Month 2022 News

Stay Cyber Secure Year Round

Cyber Security Awareness Month 2022 is on through the month of October, but cyber security doesn鈥檛 end when the month is over. Watch the ITS web site and on Twitter for information about new campaigns, tips and tricks as they become available.

If you have any questions, please contact ITS Security.

Thank you in advance for your participation!

Students! This is your chance win a pair of AirPods or one of two Ravens swag packs during Cyber Security Awareness Month contest.

What is Phishing?

Phishing is a deceptive kind of cyber-attack used by scammers masquerading as credible sources. Their goal is to mislead victims into clicking a malicious link, which can then download malware onto their computer, allowing criminals to hijack their account and steal confidential information. Such personal information can then be used to steal money from victims by accessing their credit cards and bank accounts.

What are the Various Kinds of Phishing?

Phishing can take many forms including some of the following:

New Trends in Phishing

Social Engineering:

Social engineers are not computer masters who can hijack into systems to steal information. Instead, they are professional manipulators who use their victims’ innate desire to help people into deceiving them into giving up their own secretive information. While normal email phishing campaigns can be more easily prevented using AI security measures, no technology can defend against social engineering.

To these kinds of criminals, sensitive information is gold. Personal and financial information such as confidential business files, user IDs and passwords, as well as bank account and credit card info can grant them access to an organization鈥檚 network and enable them to commit fraud.

To defend against these attacks, remember that vigilance is key. Be careful about who you trust online and use your best judgement before passing along any of your information.

WhatsApp:

WhatsApp is a popular messaging app that offers a fast and easy way for families and friends to chat online. Unfortunately, it is also becoming an increasingly more common place for cybercriminals to use for nefarious purposes. Now that people are generally more aware of email phishing scams, cybercriminals are adapting their tactics towards instant communication methods like text messaging and WhatsApp. According to the , there has been a 2,000 per cent increase in WhatsApp scams in the past year.

Some of the methods cybercriminals are using on WhatsApp to deceive victims include:

• Impersonating loved ones in need of money
• Sending malicious links that could lead to malware infections
• Compromising an account and then prompting the victim with a verification code to complete the login

Stay Cyber Secure Year Round

Cyber security doesn鈥檛 end after October, so watch the ITS web site and for information about new campaigns, tips and tricks as they become available.

If you have any questions, please contact ITS Security.

Thank you in advance for your participation!