NOTICE: As of 4:15 p.m. on Thursday, May 7, Canvas is currently unavailable. 

This is a vendor-driven national event affecting multiple institutions. UMass Chan IT is actively monitoring communications from Instructure and will share material updates provided by the vendor on this web page as they become available.

Updates from Instructure can be viewed on their status page: status.instructure.com. 

We encourage campus community members to remain security-conscious, particularly during this time. Please be alert to phishing attempts, including suspicious emails, texts, or messages asking for your login credentials or personal information. 

• Never click on suspicious links or attachments. 
• Never share your UMass login credentials.  
• Report suspicious emails to the IT Help Desk. 

UMass Chan IT recommends reviewing the following tips on how to protect yourself:

Urgent call to action or threats - Be suspicious of emails and Teams messages that claim you must click, call or open an attachment immediately. Often, they'll claim you must act now to claim a reward or avoid a penalty. Creating a false sense of urgency is a common trick of phishing attacks and scams. They do that so that you won't think about it too much or consult with a trusted advisor who may warn you.

Non-work-related content – Cybercriminals will advertise items to sell, or reference exciting job opportunities (as is the case with the latest phishing attack) to tempt you to click on links or attachments. If the content is in any way suspicious, do not interact with the email.

First time, infrequent senders, or senders marked [External] - While it's not unusual to receive an email or message from someone for the first time, especially if they are outside your organization, this can be a sign of phishing. Slow down and take extra care at these times. When you get an email or a message from somebody you don't recognize (even if they are internal to UMass Chan), take a moment to examine it extra carefully and do not click on any links or attachments if you are unsure.

Mismatched email domains - If the email claims to be from a reputable company, but the email is being sent from another email domain like Gmail.com or yahoo.com, it's probably a scam. Also be watchful for very subtle misspellings of the legitimate domain name. Like micros0ft.com where the second "o" has been replaced by a 0, or rnicrosoft.com, where the "m" has been replaced by an "r" and a "n". These are common tricks of scammers.