Instructure, the company that provides Canvas, has confirmed an outage involving a criminal threat actor. College of Western Idaho (CWI) Information Technology (IT) is actively monitoring the situation and will share updates through official channels as more information becomes available.
At this time, members of the CWI community should remain on alert for phishing attempts and other suspicious activity related to this event.
Cybersecurity incidents are often exploited by attackers who send fraudulent emails impersonating Canvas, Instructure, or college IT staff. Be cautious of messages that:
- Ask you to reverify your Canvas login or college credentials
- Claim your account has been compromised and prompt you to click a link
- Request urgent account action from addresses that resemble, but are not, official college or Instructure domains
- Include unexpected password reset or similar requests you did not initiate
If you are unsure whether a message is legitimate, do not click links or open attachments. Instead, use the Report Phish button or contact IT before taking any action.
IT will never ask for your password via email.
If you receive an email that appears to be related to this incident or looks suspicious, report it immediately using the Report Phish button in Outlook. A step-by-step guide can be found at Reporting Junk/Spam/Phishing Email in Outlook.
If you are ever unsure whether a message is spam or a malicious phish, you can always report it to IT for analysis.
