We have identified a phishing attack that is currently targeting people at Université Paris Cité in the form of an email scam. It is a fraudulent attempt to obtain your private login details. If you should receive one for these emails, please delete it without answering and without clicking on the link it contains. In this article, you will find the best practices and reflexes to apply when you receive an email, to guard against cyberattacks and online scams.

Rendez-vous sur le site de l’Agence nationale de la sécurité des systèmes d’information : https://www.ssi.gouv.fr/ 

The following email is a phishing attack targeting members of Université Paris Cité:

This email was not sent by the university, and it is an attempt to obtain your personal login details for the purposes of identity theft and fraud. If you should receive this email, please delete it without answering and without clicking on the link it contains.

If you have clicked on the link, please reset your Université Paris Cité account password as follows:

  • Sign in to: https://compte.app.u-paris.fr
  • Enter your user ID and your password 
  • Click on Sign in
  • Click on Home on the top left of the interface
  • Click on Credentials
  • Enter your old password and your new password
  • Click on Save to confirm the change in password.

We suggest that you change the passwords to any other private accounts you may have.

How not to be taken in by these emails and a few best practices to apply when you receive an email:

Good rules to apply:

  • Always be careful
  • Do not answer any suspicious email
  • Do not click on any suspicious link
  • Do not open any suspicious attachments
  • And remember that the DSIN (Information system and digital management department) would never ask you to provide your login and password to regain access to a digital resource (email, cloud, specific applications, etc.)

Do not blindly trust the name of the sender

Look out for any sign that might cast doubt on the real origin of the email, particularly if the email has an attachment or contains links: errors or inconsistencies in the content of the email received that you would not expect from your legitimate contact. If in doubt, always check with your contact to see if they really sent the email.

Be wary of attachments

They can contain viruses or spyware. Make sure that you regularly check that your antivirus is active and fully updated. If your computer behaves abnormally (slow, sporadic white screen, etc.) get it checked.

Never reply when asked for confidential data

Any legitimate requests for confidential data are never sent by email (password, PIN code, bank codes, etc.) If in doubt, once again, ask your legitimate contact to confirm their request, since this could be and attempt at phishing. This technique is used by malicious people, usually impersonating a third party, or pretending to be a site you trust (a bank, a shopping site, etc.) in order to obtain confidential information and then use it.

Emails such as chain letters, lucky charms or money-related pyramid schemes, charity requests, viral alerts, or others, may hide a scam attempt. Do not pass these on, even if you know who sent them.

Mouse over the links and watch out for oddities in the email content, such as the quality of the English or French used by your contact

By hovering on the link provided, you can see if it really points to the address mentioned in the email. If the address is different, be careful and do not click on the link. In general, it is best to enter the internet address in your browser manually. With most phishing attempts, the spelling and the grammatical phrasing are sloppy and accented characters may be incorrectly transposed, particularly when they come from a foreign source and the content has been translated using software. However, an increasing number of phishing attempts are well written, so please be careful when you receive this type of email.

Read more