Phishing After the Canvas Breach: Why All .edu Accounts Need to Stay Alert
Earlier this month, Canvas, a major learning‑management system used by thousands of colleges and universities, disclosed a security incident involving unauthorized access to certain user data. While the investigation is ongoing, the breach has already triggered a wave of higher education‑themed phishing attacks across the country.
Within days after the breach, universities across the country reported a spike in phishing emails disguised as grade updates, course changes, and MFA alerts—even at schools that don’t use Canvas at all. Once attackers got a sense of what academic systems look like and what students expect to receive, they targeted all sorts of .edu domains, not just the schools that use Canvas.
Attackers quickly took advantage of the confusion. At one Midwest university, students received a fake “Your financial aid has been updated” alert that led to a flawless copy of the school’s login page — complete with the correct logo, colors, and footer. The attackers didn’t need access to Canvas; they just needed the idea of a believable academic notification. Once they had that, they blasted similar messages to .edu inboxes nationwide. That’s why institutions like FIT, even though we don’t use Canvas and weren’t part of the breach, could still see an uptick in higher education‑themed phishing attempts.
What to watch for
- Messages claiming your account will be locked or deactivated
- Fake “course updates,” “grade changes,” or “schedule notifications”
- Unexpected MFA or password‑reset prompts
- Links that look like FIT systems but aren’t
How to stay safe
- Hover over links before clicking
- Don’t enter your password on unfamiliar pages
- Report suspicious emails to Google.
- When in doubt, contact the department directly rather than using the link in the message
Staying cautious is the best defense. Even though FIT wasn’t affected by the Canvas breach, attackers are using the moment to target anyone with a .edu address. A few extra seconds spent verifying a message or link can prevent account compromise and protect our community.