Cybersecurity Month takes place each October, and this year ITS is sharing tips to help keep the Carleton University community cyber safe.

One of the most widely observed kinds of cyberattacks is phishing, a type of cyberattack where attackers use fraudulent emails, SMS texts and phone calls to solicit sensitive information or deploy malicious software.

Four Ways to Protect Yourself from Phishing Attacks

Learn How to Spot Phishing Attacks

Attackers might send emails, text messages or phone calls, and these messages may ask you to log in to fake websites to steal your username and password. Only open attachments that you are expecting to receive.
It might be a phishing if:

  • It appears to come from someone at the university, but has an [External Email]
  • The subject line is in all caps.
  • It uses a generic greeting, or uses your email address in the greeting. e.g. Dear user, or Dear username@carleton.ca.
  • It asks you to send money, Bitcoin, gift cards etc.
  • It asks you for your password or directs you to a website asking for your password or personal information
  • It includes a call for immediate action like download this now, confirm your email identity now or click on the link below.
  • It tries to invoke an emotional response to get you to take an action without thinking.
  • It includes spelling or grammatical errors.

Use the Report Phishing Button

The Report Phishing button, available in both the Outlook desktop app and Outlook on the web, makes it easy for users to report phishing emails to Microsoft and the ITS Security team. Click the Report Phishing button anytime you believe you have received a phishing email or any potentially dangerous email. Any emails you report using the Report Phishing button will be automatically deleted from your inbox and moved to the deleted items folder. They will also be forwarded to the ITS Security team for analysis and to Microsoft to improve filtering rules.

Use Strong and Unique Passwords

Strong, unique passwords can help keep your user accounts safe. When creating a password, use a mix of characters or a phrase, and avoid common passwords like password or 123456.

Enable Multi-Factor Authentication (MFA)

MFA adds an extra layer of protection by requiring at least two forms of authentication. Microsoft MFA is mandatory for all Carleton faculty and staff members. It is currently being rolled out to students.
MFA is based on:

  1. What you know: Security questions, passwords or PINs. For your Carleton account, this is your MyCarletonOne password.
  2. What you own: Authentication apps, hardware tokens, or a phone number. For your Carleton account, this is the Microsoft Authenticator app, or an MFA app of your choosing.

By taking a few important steps, individuals can significantly enhance their cybersecurity posture.
Cyber security doesn’t end after October, so watch the ITS website for information about new security campaigns, tips and tricks as they become available.