Protect Your Identity After Canvas Security Breach

The Stanford Information Security Office (ISO) is warning the community about an anticipated increase in targeted phishing campaigns following the recent Canvas security breach, which caused an unplanned outage of the learning management system used by Stanford students and faculty.

What to watch for

While Instructure, the vendor that operates Canvas, reported that the platform is fully back online and safe to use, ISO advises the community to remain highly vigilant. Potentially exposed information may include usernames, email addresses, course names, enrollment information, and messages.

• Hyper-personalized phishing emails using real names, course information, and enrollment details
• Urgent calls, texts, or messages impersonating university faculty or staff, such as Financial Aid, instructors, or IT support
• Emails claiming your Canvas account will be deactivated unless you take immediate action
• Requests to click unfamiliar links, verify Canvas credentials, or approve Duo prompts you did not initiate

What you can do

• Pause and verify. Scammers often create a false sense of urgency. Before responding, carefully review the sender’s email address, links, and message content. Phishing emails may use slightly altered or suspicious email addresses that do not match the organization they claim to represent.
• Hang up and call back. If you receive an unexpected or urgent phone call, do not rely on the number provided by the caller. Instead, contact the University IT Service Desk at 650-725-4357 (5-HELP) or your local IT team using a published number.
• Report suspicious activity. If you suspect a phishing attempt or believe you may have been targeted, report it immediately. Use the Report Phishing button in Outlook or forward the email to phishing@stanford.edu. You can also notify ISO or your local IT support team.

Strengthen your phishing awareness. Visit phishing.stanford.edu for tips, training, and resources to help you recognize and avoid phishing scams.