OIT Office of Information Technology
| Menu
Aerial view of CU Boulder campus

Beware of Canvas-related phishing scams

Submitted by stauffeg
on

Following the recent Canvas security incident, all members of the CU Boulder community should be on alert for phishing emails and text messages that reference Canvas, as scammers may attempt to leverage awareness of the incident. Other CU campuses are reporting that their students are receiving scam messages that impersonate Canvas administrators. And the FBI Cyber Division is warning that bad actors may use this opportunity for extortion purposes, claiming to be in possession of personal identifying information or potentially compromising digital files.

You should always be suspicious of messages asking for private or financial information. The FBI urges people to not respond to extortion demands or send payment, but rather complete their online complaint form. When in doubt, remember the tell-tale signs of a phishing scam (SLAM):   

Sender: Look for misspelled domains or email addresses that don’t match the sender’s name. If you don’t recognize the sender, don’t open any attachments.    

Links: Use your mouse to hover over (but don’t click on) links – especially links you don’t recognize. Instead, directly type the website URL into your browser. 

Attachments: Do not open attachments from unknown senders, and be suspicious of attachments from people you know, but were not expecting. Sometimes people you know have had their account(s) compromised through a phishing attack.  

Message: Check emails- including subject lines – for suspicious language, misspelled words and bad grammar.  

Although the university uses technology to block malicious attempts to steal your information and phishing attacks, this technology is no substitute for being a conscientious internet user. Dive deeper into what you can do to avoid phishing scams and learn how you can report messages that you believe might be phishing attempts.

If you clicked on a suspicious link or attachment, or are otherwise concerned that your account, IdentiKey, or other personal information, may be at risk, we ask that you immediately change your IdentiKey password (you will need to log in with your IdentiKey username and password). If you encounter issues changing your IdentiKey password, or require assistance, please contact the IT Service Center (contact information is below).

Instructure has posted information and FAQs about the recent Canvas security incident and OIT has posted campus-specific FAQs.

If you ever have questions about the legitimacy of a message, you are welcome to contact the IT Service Center at oithelp@colorado.edu or 303-735-4357. Email and phone help is available Mondays through Fridays 7:30 a.m. to 7 p.m.