The American University of Paris - Information Security /it-services/service/account-and-access/information-security These infrastructure and services provide security, data integrity and compliance for institutional activities. They Include virus protection, encryption, privacy impact assessments, information risk management, emergency preparedness, data security, identity management solutions, passwords, accounts, authentication, audit and monitoring systems and services, and data access and stewardship. en Secure Communication /it-services/service/secure-communication <div class="field field-name-field-service-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even"><img src="/sites/default/files/styles/medium/public/field/field_service_image/pexels-christina-morillo-1181271.jpg?itok=qcGYf3nR" width="220" height="147" alt="" /></div></div></div><div class="field field-name-field-service-description field-type-text-long field-label-hidden"><div class="field-items"><div class="field-item even"><p>This service is to provide common tools, features and best practices for secure communication. </p> </div></div></div> <div class="widget_row" id=""> <div class="bg-style-none widget_centered " style="background-image: url(); " > <div class="widget_centered_container widget_row full_container"> <div class="container"> <div class="eye"></div> <div class="box_with_bg"> <div class="widget_content"> <div class="widget-sub-row"> <div class="widget-text-box size-100"> <div class="inside"> <p><strong>Empowering Your Digital Security</strong></p> <p>At Թtv IT Services, our dedicated team works tirelessly to safeguard the university from cyber threats, including malicious attacks, viruses, and the actions of ill-intentioned individuals. However, it's crucial to remember that the most significant factor in ensuring IT security is <strong>you</strong>.</p> <p><strong>Stay Informed and Stay Secure</strong></p> <p>In today's digital landscape, vigilance is your strongest ally. To help you navigate potential threats, we've compiled a list of malevolent content that might land in your Outlook inbox from dubious external sources. By following our expert guidance, you can fortify your defenses and keep your digital world secure.</p> <p><strong>Threats at a Glance</strong></p> <p>Here's a brief overview of the key threats you should be aware of:</p></div> </div> </div> <div class="widget-accordion"> <div class="accordion"> <div class="accordion-row"> <div class="accordion-head"> Phishing </div> <div class="accordion-content"> <div class="widget-sub-row"> <div class="widget-text-box size-100"> <div class="inside"> <p><img alt="Phishing article image.png" src="/sites/default/files/download/it-services/Service-Catalog/Security/Phishing%20article%20image.png" style="float:right; height:218px; margin-left:20px; margin-right:20px; width:400px" /></p> <p>Phishing is a type of malicious email where the sender poses as a reputable company. The email sender’s goal is to induce individuals to reveal personal information (think passwords, credit card numbers, etc.).</p> <p><strong>These emails are sometimes very clever and may look official. Please be careful:</strong></p> <ul> <li><strong>NEVER click on a link from a suspicious email.</strong></li> <li><strong>If you receive a suspicious email, forward it immediately to <span class="spamspan"><span class="u">itservices</span><img class="spam-span-image" alt="at" width="10" src="/sites/all/modules/contrib/base/spamspan/image.gif" /><span class="d">aup.edu</span></span> explaining why you think it is a phishing attempt.  </strong></li> </ul></div> </div> </div> </div> </div> <div class="accordion-row"> <div class="accordion-head"> Ransomware </div> <div class="accordion-content"> <div class="widget-sub-row"> <div class="widget-text-box size-100"> <div class="inside"> <p><img alt="7122566.jpg" src="/sites/default/files/download/it-services/Service-Catalog/Security/7122566.jpg" style="float:right; height:267px; margin-left:10px; margin-right:10px; width:400px" />Ransomware is another type of malicious software designed to block access to a computer system until a sum of money is paid.</p> <p>Here is how it works:</p> <ul> <li>An individual or group first sends you an email and encourages you to click on a link. You then download a file that corrupts/crypts your computer files</li> <li>The sender copies those files to his own server, so the data can be shared with his accomplices</li> <li>S/he then asks for ransom - often in bitcoins - blackmailing you, threatening to disclose some of your personal information that may harm your reputation</li> <li>Since s/he blocked access to your computer system, s/he can also demand a sum of money in exchange for the key that will give you access to your files again</li> </ul> <p> <strong>If you receive one of those emails:</strong></p> <ul> <li><strong>NEVER click on an attachment or link. </strong></li> <li><strong>NEVER pay the ransom</strong>. Even if you do pay, you are not certain to get your data back.</li> <li><strong>Immediately forward the email to <span class="spamspan"><span class="u">itservices</span><img class="spam-span-image" alt="at" width="10" src="/sites/all/modules/contrib/base/spamspan/image.gif" /><span class="d">aup.edu</span></span>.</strong></li> </ul></div> </div> </div> </div> </div> <div class="accordion-row"> <div class="accordion-head"> Scam </div> <div class="accordion-content"> <div class="widget-sub-row"> <div class="widget-text-box size-100"> <div class="inside"> <p><img alt="3791436.jpg" src="/sites/default/files/download/it-services/Service-Catalog/Security/3791436.jpg" style="float:left; height:324px; margin-left:20px; margin-right:20px; width:400px" /></p> <p>You've received an email saying you won the lottery?</p> <p>Or that a great producer needs money right now but will reward you a hundred-fold if you just give him your credit card number?</p> <p>These types of scams are frequent on the internet, and you may get these strangely "good news" in your inbox. </p> <p><strong>Don't answer them, just forward the email to <span class="spamspan"><span class="u">itservices</span><img class="spam-span-image" alt="at" width="10" src="/sites/all/modules/contrib/base/spamspan/image.gif" /><span class="d">aup.edu</span></span>.</strong></p></div> </div> </div> </div> </div> </div> </div></div> </div> </div> </div> </div> </div><div class="widget_row" id=""> <div class="bg-style-none widget_centered " style="background-image: url(); " > <div class="widget_centered_container widget_row full_container"> <div class="container"> <div class="eye"></div> <div class="box_with_bg"> <h2 class=""> <span>How to recognize a dangerous email? </span> <div class="title-line"></div> </h2> <div class="widget_content"> <div class="widget-article-plus-text"> <div class="block_article"> <div class="bg" data-img="/sites/default/files/styles/263_305/public/images/widget-text-with-image/image/Number%201_0.png?itok=W0IqarqA"> </div> <div class="line"></div> </div> <div class="field field-name-field-widget-text-image-editor field-type-text-long field-label-hidden"><div class="field-items"><div class="field-item even"><p> </p> <h5><strong>Who is the sender?</strong> </h5> <p>Legitimate emails usually come from someone with an email address associated with the company. So if you are getting an email about Microsoft’s Office 365 from <span class="spamspan"><span class="u">beyonce35</span><img class="spam-span-image" alt="at" width="10" src="/sites/all/modules/contrib/base/spamspan/image.gif" /><span class="d">massygroup.com</span><span class="e"><!--target="_blank"--></span></span> , more than likely, they do not work for Microsoft and this is a phishing attempt.</p> </div></div></div> </div> <div class="widget-article-plus-text"> <div class="block_article"> <div class="bg" data-img="/sites/default/files/styles/263_305/public/images/widget-text-with-image/image/Number%202_0.png?itok=V8K7VljJ"> </div> <div class="line"></div> </div> <div class="field field-name-field-widget-text-image-editor field-type-text-long field-label-hidden"><div class="field-items"><div class="field-item even"><p> </p> <h5><strong>Who is it addressed to?</strong> </h5> <p>If the email greeting is vague (i.e. “Dear Customer”  or “Dear &lt;insert your username&gt;”) there is a chance the email did not come from a safe source. Most companies you subscribe to know your name and will include it in the message.</p> </div></div></div> </div> <div class="widget-article-plus-text"> <div class="block_article"> <div class="bg" data-img="/sites/default/files/styles/263_305/public/images/widget-text-with-image/image/Number%203_0.png?itok=d1GYMFkb"> </div> <div class="line"></div> </div> <div class="field field-name-field-widget-text-image-editor field-type-text-long field-label-hidden"><div class="field-items"><div class="field-item even"><p> </p> <h5><strong>How is the grammar?</strong> </h5> <p>Phishing emails tend to have a lot of misspelled words and grammatical errors. If you see a lot of mistakes in the email, this may be a phishing attempt. Of course, in some phishing attempts the grammar is perfect. So do not use grammar as the sole indicator.</p> </div></div></div> </div> <div class="widget-article-plus-text"> <div class="block_article"> <div class="bg" data-img="/sites/default/files/styles/263_305/public/images/widget-text-with-image/image/Number%204_0.png?itok=YzBGpMYq"> </div> <div class="line"></div> </div> <div class="field field-name-field-widget-text-image-editor field-type-text-long field-label-hidden"><div class="field-items"><div class="field-item even"><p> </p> <h5><strong>Where do these links actually lead to? </strong></h5> <p>If you hover (do not click) over the links in the phishing email, then look at the bottom of your internet browser: it displays the URL of the link. If all of the links lead to the same place or to a place that does not coincide with the legitimate company, there is a high chance that it is a phishing email.</p> </div></div></div> </div> <div class="widget-article-plus-text"> <div class="block_article"> <div class="bg" data-img="/sites/default/files/styles/263_305/public/images/widget-text-with-image/image/Number%205.png?itok=daJFW1uD"> </div> <div class="line"></div> </div> <div class="field field-name-field-widget-text-image-editor field-type-text-long field-label-hidden"><div class="field-items"><div class="field-item even"><p> </p> <h5><strong>Is it in a foreign language? </strong></h5> <p> </p> <p>In a phishing email, the sender may have a foreign name and most of all work for a company you've never heard of. <strong>If the message is in French, it won't be from Թtv since all our communications are in English. </strong>Part of the message, such as a disclaimer in the footer, can be in a foreign language too, and can be a sign of a suspicious source.</p> </div></div></div> </div> <div class="widget-article-plus-text"> <div class="block_article"> <div class="bg" data-img="/sites/default/files/styles/263_305/public/images/widget-text-with-image/image/Number%206_0.png?itok=-Xr--C-o"> </div> <div class="line"></div> </div> <div class="field field-name-field-widget-text-image-editor field-type-text-long field-label-hidden"><div class="field-items"><div class="field-item even"><h5><strong>Check the official website yourself</strong></h5> <p>In many phishing attempts, the sender encourages you to click links that seem to come from an official structure (taxes, social security, bank, etc.). However, these links usually lead to a site that steals any personal information you enter. So, instead of clicking the links within the email, navigate to the company website yourself and check if the message you have received is genuine. If  that's the case, you will find the same information when you log in to your account on the legitimate website.</p> </div></div></div> </div></div> </div> </div> </div> </div> </div><div class="widget_row" id=""> <div class="bg-style-none widget_centered " style="background-image: url(); " > <div class="widget_centered_container widget_row full_container"> <div class="container"> <div class="eye"></div> <div class="box_with_bg"> <h2 class=""> <span>Examples of suspicious emails </span> <div class="title-line"></div> </h2> <div class="widget_content"> <div class="widget-accordion"> <div class="accordion"> <div class="accordion-row"> <div class="accordion-head"> Example of phishing email #1 </div> <div class="accordion-content"> <div class="widget-sub-row"> <div class="widget-text-box size-100"> <div class="inside"> <p><img alt="" src="/sites/default/files/imce/file/Phishing%20example%201_0.png" style="height:464px; width:850px" /></p></div> </div> </div> </div> </div> <div class="accordion-row"> <div class="accordion-head"> Example of Ransomware </div> <div class="accordion-content"> <div class="widget-sub-row"> <div class="widget-text-box size-100"> <div class="inside"> <p><img alt="" src="/sites/default/files/imce/file/Ransomware%20ok.png" style="height:464px; width:850px" /></p></div> </div> </div> </div> </div> <div class="accordion-row"> <div class="accordion-head"> Fake Microsoft message in French (very convincing) </div> <div class="accordion-content"> <div class="widget-sub-row"> <div class="widget-text-box size-100"> <div class="inside"> <p><img alt="" src="/sites/default/files/imce/file/4.png" style="height:464px; width:850px" /></p></div> </div> </div> </div> </div> <div class="accordion-row"> <div class="accordion-head"> Fake Microsoft message in English </div> <div class="accordion-content"> <div class="widget-sub-row"> <div class="widget-text-box size-100"> <div class="inside"> <p><img alt="" src="/sites/default/files/imce/file/5.png" style="height:464px; width:850px" /></p></div> </div> </div> </div> </div> </div> </div></div> </div> </div> </div> </div> </div><div class="field field-name-field-service-actions field-type-link-field field-label-hidden"><div class="field-items"><div class="field-item even"><a href="https://www.linkedin.com/learning-login/share?account=75623754&amp;forceAccount=true&amp;redirect=https%3A//www.linkedin.com/learning/paths/the-american-university-of-paris-aup-cybersecurity-training%3Ftrk%3Dshare_ent_path_url%26shareId%3D9KcXvQEHQGWlgQ9tmgOvuw%253D%253D" target="_blank">Follow our Cybersecurity Training</a></div></div></div><div class="field field-name-field-service-articles field-type-link-field field-label-hidden"><div class="field-items"><div class="field-item even"><a href="https://helpdesk.aup.edu/front/knowbaseitem.form.php?id=358" target="_blank">Safe Links and Safe Attachments</a></div></div></div> Tue, 14 Mar 2023 13:56:34 +0000 Raed Ouwayda 8332 at Multi-Factor Authentication (MFA) /it-services/service/multi-factor-authentication-mfa <div class="field field-name-field-service-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even"><img src="/sites/default/files/styles/medium/public/field/field_service_image/MFA.PNG?itok=q6XY5Q2g" width="220" height="147" alt="" /></div></div></div><div class="field field-name-field-service-description field-type-text-long field-label-hidden"><div class="field-items"><div class="field-item even"><p>Multi-Factor Authentication (MFA) sometimes called two-factor authentication is an additional security method to secure your account</p> </div></div></div> <div class="widget_row" id=""> <div class="bg-style-none widget_centered " style="background-image: url(); " > <div class="widget_centered_container widget_row full_container"> <div class="container"> <div class="eye"></div> <div class="box_with_bg"> <div class="widget_content"> <div class="widget-sub-row"> <div class="widget-text-box size-100"> <div class="inside"> <p>Multi-Factor Authentication (MFA) sometimes called two-factor authentication is an additional security method to secure your account and make sure that only you can log into it. It requires you to authenticate with your password and another piece of information such as code that you receive in a text message, a phone call or through Microsoft authenticator app. This quick user guide shows you how to set up your MFA and how to log in using it. To start please make sure you have your computer and your mobile phone/ office phone line near you.</p></div> </div> </div> <div class="view view-content-widgets-subs-content-revision view-id-content_widgets_subs_content_revision view-display-id-block_9 view-dom-id-ad4574a828ce497ad547eaf20cbc32fc"> <div class="view-content"> <div class="widget-assets"> <div class="list-assets-slider height-[field_image_height]"><div class="view view-assets-sub-widget-revision view-id-assets_sub_widget_revision view-display-id-block view-dom-id-c3f323850fd2b2c0b8f0e53f008fc086"> <div class="view-content"> <a href="https://www.youtube.com/watch?v=XDJPLVkGZ1o" class="bg type-Video swipebox-video "> <div class="img"><img src=" /sites/default/files/styles/775_415/public/video_embed_field_thumbnails/youtube/XDJPLVkGZ1o.jpg?itok=EUZdxozg" /></div> <div class="caption"> <p>MFA Setup</> </div> </a> </div> </div> </div> <div class='widget_loader'></div> </div> </div> </div> <div class="widget-accordion"> <div class="accordion"> <div class="accordion-row"> <div class="accordion-head"> How To Re-register MFA </div> <div class="accordion-content"> <div class="widget-sub-row"> <div class="widget-text-box size-100"> <div class="inside"> <p>Microsoft Multi-Factor Authentication (MFA) is a mandatory security measure applied to all Թtv staff, faculty, and students.</p> <p>To begin setting up the MFA, follow the steps below:</p> <ol> <li>Open a web browser and go to the official Microsoft Office website at <a href="https://www.office.com/">office.com</a>.</li> <li>Click on the "<strong>Sign In</strong>" button located at the top right corner of the page.</li> <li>Enter your Թtv e-mail address in the provided field. Your Թtv e-mail follows the format of your <em><strong><u>NetID</u> </strong></em>followed by '<u><em><strong>@aup.edu</strong></em></u>'.<br /> <br /> <img alt="image" src="/sites/default/files/download/it-services/Service-Catalog/MFA/01_LogIn.png" /><br />  </li> <li>Click on the "<strong>Next</strong>" button.</li> <li>On the next page, enter your password associated with your Թtv e-mail account.<br /> <br /> <img alt="02_EnterPW.png (364×259)" src="/sites/default/files/download/it-services/Service-Catalog/MFA/02_EnterPW.png" /><br />  </li> <li>Click on the "<strong>Sign in</strong>" button.</li> <li>On the "<strong>More information required</strong>" screen, you will see a message indicating the need for MFA setup.<br /> <br /> <img alt="03_MoreInfoNeed.png (362×311)" src="/sites/default/files/download/it-services/Service-Catalog/MFA/03_MoreInfoNeed.png" /><br /> <br /> Click on the "<strong>Next</strong>" button to proceed.<br />  </li> </ol> <h3><strong>Authenticator app</strong>:</h3> <ol> <li><a href="https://www.microsoft.com/en-us/security/mobile-authenticator-app">Download and install</a> the Microsoft Authenticator app on your smartphone (available on the App Store for iOS devices and Google Play for Android devices). <ul> <li>Make sure to allow notifications when prompted.<br /> <br /> <img alt="04_APP.png (676×365)" src="/sites/default/files/download/it-services/Service-Catalog/MFA/04_APP.png" /></li> </ul> </li> <li>In the "<strong>Keep your account secure</strong>" page, click Next. <ul> <li>The following page will prompt you to '<em>Add work or school account</em>' on the app.<br /> <br /> <img alt="05_SKIP.png (678×363)" src="/sites/default/files/download/it-services/Service-Catalog/MFA/05_SKIP.png" /></li> <li>Please skip this step by clicking "<strong>Next</strong>".<br />  </li> </ul> </li> <li>On the app, choose the option "<strong>Scan a QR code</strong>" to sign in. Use the app to scan the QR code displayed on the page.<br /> <br /> <img alt="07_QRCODE2.png (687×438)" src="/sites/default/files/download/it-services/Service-Catalog/MFA/07_QRCODE2.png" /><br />  </li> <li>Once the QR code has been successfully scanned, enter the 2-digit code shown on the webpage in the app.<br /> <br /> <img alt="10_TWODIGIT.png (693×279)" src="/sites/default/files/download/it-services/Service-Catalog/MFA/10_TWODIGIT.png" /><br />   <ul> <li>Select "<strong>YES</strong>" on your device.<br />  </li> </ul> </li> <li>After verification, click on "<strong>Done</strong>" to complete the setup process.<br /> <br /> <img alt="08_APPSET.png (680×367)" src="/sites/default/files/download/it-services/Service-Catalog/MFA/08_APPSET.png" /></li> </ol> <p><strong>Phone number</strong>:</p> <ol> <li>In the "<strong>Keep your account secure</strong>" page, select country code and enter your phone number.<br /> <br /> <img alt="13_PHONENUMBER.png (692×469)" src="/sites/default/files/download/it-services/Service-Catalog/MFA/13_PHONENUMBER.png" /><br />  </li> <li>Select whether to receive the verification code via text or call. <ul> <li>Make sure that you have good cell service or are able to receive calls/texts via mobile data or Wi-Fi.</li> </ul> </li> <li>Once you have received the 6-digit verification code, enter it in the space provided and click "<strong>Next</strong>".<br /> <br /> <img alt="14_PHONE6DIGIT.png (701×369)" src="/sites/default/files/download/it-services/Service-Catalog/MFA/14_PHONE6DIGIT.png" /><br />  </li> <li>After verification, click on "<strong>Done</strong>" to complete the setup process.</li> </ol> <h3><strong>E-mail address</strong>:</h3> <p>If you changed the setup method from Authenticator app to Phone at the step, the second step will still prompt you to set up with the authenticator app. You can still choose E-mail as shown below:</p> <p><img alt="17_SECONDOPTION.png (696×538)" src="/sites/default/files/download/it-services/Service-Catalog/MFA/17_SECONDOPTION.png" /></p> <p>However, the email option will only serve you to reset your password in case you are locked out of your email account, but it is <strong>not </strong>considered as an additional authentication method.</p> <ol> <li>In the "<strong>Keep your account secure</strong>" page, enter your email address and click "<strong>Next</strong>".<br /> <br /> <img alt="16_EMAILVER.png (697×352)" src="/sites/default/files/download/it-services/Service-Catalog/MFA/16_EMAILVER.png" /><br />   <ul> <li><strong>N/B:</strong> You cannot use an Թtv e-mail for this process; you must use an alternative e-mail to receive the verification code.<br />  </li> </ul> </li> <li>Check your email for a 6-digit verification code, and enter it in the space provided on the page.<br /> <br /> <img alt="16_EMAIL6DIGIT.png (615×305)" src="/sites/default/files/download/it-services/Service-Catalog/MFA/16_EMAIL6DIGIT.png" /><br />  </li> <li>After verification, click on "<strong>Done</strong>" to complete the setup process.</li> </ol> <h3>Congratulations!</h3> <p>You have successfully completed the setup process for Microsoft Multi-Factor Authentication (MFA) using the provided methods. Every 90 days, you will be prompted to open your Authenticator app to enter the 2-Digit code shown on the webpage. <br /> <br /> <img alt="18_90DELAY.png (382×439)" src="/sites/default/files/download/it-services/Service-Catalog/MFA/18_90DELAY.png" /><br /> <br /> Your account is now active with MFA, ensuring a safer login experience and ensuring better protection against unauthorized access.</p></div> </div> </div> </div> </div> </div> </div></div> </div> </div> </div> </div> </div><div class="field field-name-field-service-actions field-type-link-field field-label-hidden"><div class="field-items"><div class="field-item even"><a href="/it-services/form/mfa-physical-token-request" target="_blank">Request a Token</a></div></div></div><div class="field field-name-field-service-articles field-type-link-field field-label-hidden"><div class="field-items"><div class="field-item even"><a href="https://helpdesk.aup.edu/front/knowbaseitem.form.php?id=345" target="_blank">How can I register for MFA?</a></div><div class="field-item odd"><a href="https://helpdesk.aup.edu/front/knowbaseitem.form.php?id=346" target="_blank">How do I set MFA authentication method for Թtv Staff VPN?</a></div><div class="field-item even"><a href="https://helpdesk.aup.edu/front/knowbaseitem.form.php?id=277" target="_blank">How do you change or update your MFA configuration if it was already set up?</a></div></div></div> Thu, 19 Jan 2023 09:27:20 +0000 Pierre-Yves Vasener 8233 at