Information Security provides vision and direction for developing and supporting IT security initiatives at Carleton. The group provides leadership in the development and operation of structures, programs and policies that address the needs of Carleton’s information assets and how they are protected.
Key areas of accountability are:
- Ensuring that appropriate and reasonable safeguards are employed to detect and protect against potential threats to IT assets
- Establishing and evolving an appropriate security posture that balances risks, investment and safeguarding of assets against the university’s ability to operate effectively and efficiently; and,
- Evaluating, planning and delivery of the security aspects of the university’s network infrastructure
As part of an ongoing program to raise the level of security awareness at Carleton University, the Information Security Division provides security awareness reminders to the campus community on a regular basis.
Report Suspicious Activity
To notify the Information Security team of suspicious activity, contact the ITS Service Desk at firstname.lastname@example.org or call 613-520-3700.
Phishing is the act of contacting people via email, telephone, or text message while impersonating an individual or organization with the intention of stealing private information and data to commit identify theft and financial theft. If you receive a phishing email do not respond to it, move it to your junk folder (this will mark it as spam), and forward it to the ITS Service Desk.
Duo: Our Two-Factor Authentication Solution
Duo is a two-factor authentication solution aimed at protecting your account from illicit login attempts. Once Duo is enabled you will log into Carleton systems using something you know (your MyCarletonOne password) plus something you have (your mobile phone, work phone, home phone or tablet). Learn more about Duo.
The Virtual Private Network (VPN) client software is required for access to Carleton University resources that are restricted to on-campus use. The VPN client software provides a secure encrypted channel from your home to the campus.
Ransomware is a type of malware (malicious software designed to infiltrate your computer) that results in the encryption of computer files. Once the files are encrypted these attackers then demand a form of ransom from the computer owners in exchange for the decryption key. Read our guidelines on protecting your files from ransomware or other data loss.
Each faculty and staff member can install Trend Micro antivirus on up to 5 personal devices (PC, Mac, Android or iOS) at no charge. This endpoint security software provides you with a broad range of threat protection – it safeguards your data from malware and ransomware, allows you to browse the web safely and provides protection from viruses.
Residence PC Protection
Proper protection against computer viruses is required so that you have an operational network to support your academic studies. Learn more about how to protect your computer here.
Latest Security Notices
Friday, August 28, 2020
Phishing Emails circulating on campus that appear to be from Payroll
Please beware of phishing emails circulating on campus that appear to be from Payroll, with a subject of “August Payroll\Benefit Notice!" This is not from Carleton’s Payroll department. Do not respond to it as it’s a phishing attempt. If you clicked on this link or have already responded to this email, please change your...
Monday, July 20, 2020
Beware of Scammers calling saying they are from the University
Please beware of telephone calls where the caller indicates that they are calling from Carleton University. Members of the community have reported receiving suspicious calls from individuals pretending to be from the University. These are a type of phishing scam called vishing. Signs that a telephone call may be a vishing scam: Call display...
Thursday, May 14, 2020
Phishing Email circulating on campus – Appears to be coming from the President’s Office
Please beware of phishing emails circulating on campus that appear to be from the President's Office or President's Office Staff, with the subject of: "Sexual assault between a student and our staff" See sample of phishing email below: This email may have included an attached...
Friday, May 8, 2020
Phishing Emails circulating on campus that appear to be from Carleton President
Please beware of phishing emails circulating on campus that appear to be from our President and Vice-Chancellor with the subject of: "IMPORTANT UPDATE ON COVID-19 OUTBREAK AMONG OUR STAFFS" See sample of phishing email below: This email may have included...
Thursday, April 30, 2020
Phishing Email – RE: “Canada Payroll” – Appears to be from the “Payroll Admin Department”
Please beware of phishing emails circulating on campus that appear to be from the “Payroll Admin Department” and have a subject of “Canada Payroll”. This is a phishing email and should be deleted immediately. Please see sample below: If you have already responded to this email,...
Friday, April 24, 2020
Staying Cyber Secure when working remotely
The ITS Information Security team wants to provide suggestions about how you can stay cyber secure when working from home or working remotely. Be extra vigilant for phishing attempts, and malicious websites. Ensure your computer, and mobile devices stay current with patches and software updates. Please visit the ITS Help Centre for information...
Tuesday, April 21, 2020
Phishing Email Appears to be from the “Payroll Admin Department”
Please beware of phishing emails circulating on campus that appear to be from the “Payroll Admin Department” and have a subject of “General Payroll”. This is a phishing email and should be deleted immediately. Please see sample below: If you have already responded to this email, please...
Thursday, April 9, 2020
Beware of phishing attempts
During these extraordinary times when the reliance on working and studying remotely has increased greatly, so too has the number of phishing messages. ITS wants to remind all members of the Carleton community to be extra vigilant with any email messages you receive, or any websites that you visit. Phishing attempts can be made...
Thursday, April 2, 2020
Phishing Email circulating on campus and Appears to be from Carleton Campus Safety
Please beware of phishing email circulating on campus with subject “COVID-19 – Safety Measures” and appears to be from the "Carleton Safety Services". If you require assistance, please contact the ITS Service Desk at 613-520-3700. How can you tell if emails or online posts are phishing or scams? The sender asks to...
Monday, March 30, 2020
Beware of Phishing Emails that appear to be meeting or video conferencing requests
There have been a large number of phishing attempts over the last few weeks, trying to impersonate video conferencing or virtual meeting websites or services. One of the more common services that is being targeted is the Zoom conferencing services. If you receive an email that appears to be from Zoom (or another service)...
Thursday, March 19, 2020
Phishing Email/Scam – Coronavirus – Appears to be from the World Health Organization
Please beware of phishing email scams, which appear to be from the "The World Health Organization (WHO)", or other health officials and are about the Coronavirus. The messages may suggest clicking on a link or reply to email to make donations. These emails should be deleted immediately. See sample below: ...
Friday, March 13, 2020
Increase in COVID-19-themed spam, malware, phishing & fake websites – Please use caution when visiting websites
Beware of an increase in corona-themed spam, malware, phishing and fake websites circulating on the Internet. Please use caution when visiting websites and while looking for information on the COVID-19 virus. Examples: Offers for vaccines, cures and tests, including any mobile apps that claim to offer in home testing Offers related to insurance,...
Monday, February 24, 2020
Beware of Phishing Emails that appear to be from a Carleton University Dean, Chair or Director!
Please beware of phishing emails circulating on campus that appear to be from either the President, Dean, Chair, Director or other senior management at Carleton University. Often these messages will be sent from a free email service such as gmail or outlook, rather than a University provided email account. The email address may include...
Thursday, February 20, 2020
New Phishing Campaign – Appears to be from the MacOdrum Library
WARNING: Active Phishing Campaign Target: Student/Faculty/Staff Risk: Loss of credentials From: Appears to be from the library If you receive this phishing email below, please delete it immediately. If you have already responded to this email, please change your MyCarleton One (MC1) password immediately. If you require assistance, please...
Thursday, February 6, 2020
Phishing Email/Scam – Coronavirus – appears to be from Health Officials
Please beware of phishing email scams, which appear to be from the Center for Disease Control and Prevention (CDC), or other health officials and are about the Coronavirus. The messages may suggest clicking on a link or to download a document or report, or to respond for more information. These emails should be deleted...
Monday, January 27, 2020
Phishing/Scam – appears to be from Carleton University – “JOB OPPORTUNITY”
Please beware of ongoing ‘JOB OPPORTUNITY’ scams circulating online and through email. The latest appears to be from Carleton University. Sample of this phishing/scam email: These scams request that a student communicate using their Carleton email address. If student responds, they are then contacted by potential...
Friday, January 17, 2020
Phishing Email/Scam – “INTERAC e-Transfer is waiting for the student” – appears to be from CRA
Please beware of this new phishing/scam which appears to be from the Canada Revenue Agency (CRA) and that an INTERAC e-Transfer is waiting for the student. This campaign is currently targeting students, in an attempt to steal your personal information such as your Social Insurance Number (SIN), Address, email, credit card information, and other...
Monday, January 13, 2020
Phishing Email – Appears to be from our Carleton President
Be on the lookout, in your inbox, for a phishing email from an external address posing as our President and Vice-Chancellor. This is a phishing email: Source: External Subject Line: Catch Up Attachment: No If you receive the above phishing email, please delete it immediately. If you have already...
Friday, January 10, 2020
Microsoft End of Support for Windows Server 2008/2008R2 and Windows 7 Operating System
On Tuesday, January 14, 2020, Microsoft will no longer provide support for the Windows Server 2008/2008R2 or Windows 7 Operating System Any Windows 7 system found on the CUNET domain on January 15, 2020 will have their computer account disabled and will no longer have access to CUNET domain resources. Users will no...
Thursday, January 9, 2020
Phishing Emails circulating on Campus – “Part-Time Personal Assistant Needed”
Please beware of ongoing ‘Part-time Job Offer’ scams circulating online and through email. The latest has a subject of "Part-Time Personal Assistant Needed". Sample of this phishing email: These scams request that a student communicate using their Carleton email address. If student responds,...
Wednesday, January 8, 2020
Phishing Email circulating on campus – Appears to be from the MacOdrum Library
Please beware of phishing emails circulating on campus which appears to be from the University Library. This campaign is currently targeting Students in an attempt to steal credentials by trying to convince them that they need to authenticate in order to renew access to Library resources, or to prevent access or accounts from expiring....
Friday, December 20, 2019
Phishing Emails that appear to be ‘from a safe sender’
We are starting to see a new tactic with recent phishing messages, where the attacker tries to convince the user that the messages are from a safe sender, see example below: Please note that this is not a legitimate notice or message provided by the University’s email systems, and should not be...
Friday, November 22, 2019
Duo Two-Factor Authentication Coming to the Intranet
Starting next week, the Intranet (i.carleton.ca) will be added to the list of services protected by Duo two-factor authentication. As the university works to move more employee information into the Intranet, such as pension statements, it is imperative that proper security measures are in place. For the 2400 individuals who have signed up for...
Tuesday, October 22, 2019
5 Tips to Keep your Passwords Safe and Secure
It’s Cyber Security Awareness Month and this week we’re talking about passwords. We are all responsible for the safety of our own accounts, whether they be our banking credentials, email credentials, or MyCarletonOne credentials. Here are some tips to help you keep your accounts safe and secure: Enable two-factor authentication. This is the...
Tuesday, October 8, 2019
Cyber Security Awareness Month – How to Spot a Phishing Attempt
It’s Cyber Security Awareness Month and this week we’re talking about email. Email is one of the easiest ways for cyber criminals to target ordinary citizens. Here are a few risks to be aware of when it comes to your email: A weak email account password could leave your personal information vulnerable - create...
Monday, September 30, 2019
October is Cyber Security Awareness Month
It's almost Cyber Security Awareness Month! Throughout the month of October, we will be talking about the cyber threats we all face online and the simple steps we can take to minimize those risks. One simple thing you can do today - if you haven't yet - is to enable two-factor authentication on your MyCarletonOne...
Friday, September 13, 2019
Beware of Phishing Emails circulating on Campus – Appears to be from the University Library
Please beware of phishing emails circulating on campus which appears to be from the University Library. This campaign targets Faculty/Staff and Students in an attempt to steal credentials by trying to convince them that they need to authenticate in order to renew access to Library resources, or to prevent access or accounts from expiring....
Friday, September 6, 2019
Re-emerging Telephone Scam Targeting International students
International students in Canada are reporting that they have been targets of a re-emerging telephone scam whereby individuals claiming to be employees of Immigration, Refugees, and Citizenship Canada (IRCC) are asking them for personal information and/or money or risk deportation. In more sophisticated versions of the scam, the individual also...
Thursday, September 5, 2019
Phishing Email circulating on campus with Subject of: Outlook system update
Be on the lookout, for a phishing email circulating on campus, that appears to come from IT Support. This is a phishing email: Source: External Subject Line: Outlook system update Suspicious link: Yes If you have already responded to this message, please change your MyCarleton One...
Thursday, August 29, 2019
Phishing Email Circulating on Campus – Appears to be from Carleton President
Be on the lookout, in your inbox, for a phishing email from an external address posing as our President and Vice-Chancellor. This is a phishing email: Source: External Subject Line: Required Annual Notices Attachment: Yes If you have already responded to this...
Wednesday, August 7, 2019
University of Ottawa and Carleton University IT Departments Join Forces to Combat Cyber Security Threats
The University of Ottawa and Carleton University have signed a memorandum to collaborate and coordinate on cyber security incident management. “We have a responsibility to protect our institutions information systems and data against constantly evolving cybersecurity threats. By coordinating our efforts, we can work together to tackle our...
Tuesday, August 6, 2019
Changes Coming to MyCarletonOne
Over the August 16th weekend we will be replacing the current system that powers MyCarletonOne with Oracle Identity Management (OIM). Once the new system is in place you can expect to see a new myone.carleton.ca login page and the next time you login to change your password, you will be required to select new security questions....
Thursday, August 1, 2019
5 Ways to Spot a Phishing Attempt
Email phishing scams can trick you into opening attachments or giving up personal information. They appear to be emails from organizations or companies you trust, but they're often the gateway to data breaches or identity theft. 5 Ways to Recognize a Phishing Attempt It asks you for your password or directs you to a web...
Thursday, July 18, 2019
New 15 Minute Lock Screen Policy on CUNET Connected Systems
On Tuesday July 30, 2019 at 10:00 a.m., ITS will be implementing a new policy to lock computer screens after 15 minutes of inactivity. This industry standard configuration will be applied to all faculty and staff Windows workstations and laptops that are connected to the CUNET domain. This change will address a security concern of...
Tuesday, July 16, 2019
Beware of Phishing Emails circulating on campus – subject lines contain “Documents Pending” & “SUMMER PART-TIME JOBS OPPORTUNITY”!
Please beware of phishing emails circulating on campus with a subject line containing "Documents Pending" & "SUMMER PART-TIME JOBS OPPORTUNITY". These are phishing emails and should be deleted immediately. Do not click on the link within the body of the message and do not reply or respond to the message. If you have already...