Phishing scams spread to Canvas
3 min read
A number of students have received phishing scams through Canvas, a seemingly new tactic for online scammers. | Josephine Johnson, The Blue & Gray Press
by LAURA CASTREJON
Staff Writer
As COVID-19 spreads out around the world, internet scammers have taken advantage of people’s fear and confusion to steal their private and financial information. UMW students and faculty are experiencing phishing scams both through university email and Canvas.
“Now that UMW students are back in the swing of things. Many of the students may be looking for flexible, part-time employment to help cover their school expenses. Now, with the COVID-19 pandemic and many other people out of work, finding a job may be even more difficult and may create more pressure to find work quickly. If this situation describes a student, they should watch out for scams. We are constantly getting reports of employment scams impersonating professors and university departments,” said UMW director of Information Technology Security Mike Townes.
Now, internet scammers are also sending messages as announcements with hyperlink through Canvas.
“Scammers are getting more sophisticated and coming up with new ways to take advantage of job seekers all the time,” said Townes, “Scammers have several purposes, depending on the scam to collect confidential information to use for identity theft, to get you to cash fraudulent checks or to wire or send money and to get you to pay for services or supplies.”
Junior accounting major Nyandwi Donavine almost fell victim to a phishing scam.
“During the Summer 2020 semester, I was about to be a scam victim. I received an email about a potential employment, and it seemed very promising and interesting. At that time, I did not have a job, so I thought it was going to be a good opportunity for me. Scammers make it look very real because the content in the messages and the “From” source seemed legitimate,” said Donavine.
Sophomore business administration major Natasha Benefield had a similar experience.
“In the past, I did receive those phishing scams from my UMW email. It was surprising how legit they looked like, I almost believed that it came from UMW staff,” said Benefield.
Karina Barajas, a sophomore business administration major, recently received an announcement through Canvas stating that her Canvas account was compromised and action needed to be taken.
“It is scary how these scammers can even have access to our Canvas. Usually, I am very careful of all the emails I receive, but once I received an unusual UMW Canvas email,” said Barajas. “This email stated that there was an attempt to log in to my account from an unrecognizable device, and it was indicating the specific date when this happened and some kind of IP address. Below that e-mail, it was describing instructions of how to protect my account. And the first step of these instructions was clicking on a link. The moment I saw that, I knew something was wrong and decided to not click on that link. This was a very rare e-mail since Canvas never sent anything like this before.”
The Canvas phishing experience Barajas had gone through was a new method that internet scammers utilize to steal confidential and personal information from students and faculty.
The Canvas website lists a few ways students can protect themselves against phishing scams.
“Don’t take links at face value. The most important part of a link is the ‘root’ domain,” said the article. “Fields can be forged – Just because the message says in the ‘From:’ field that it was sent by your bank doesn’t mean that it’s true.”
According to Canvas, hackers can get information through the victim clicking on a link.
“Keep in mind that phishing can take many forms – Why steal one set of login credentials for a single brand when you can steal them all? Increasingly, attackers are opting for approaches that allow them to install a Trojan that steals all of the sensitive data on victim PCs. So be careful about clicking links, and don’t open attachments in emails you weren’t expecting, even if they appear to come from someone you know. Send a note back to the sender to verify the contents and that they really meant to send it.”
Students are told to contact the UMW IT Security Office at abuse@umw.edu or call 540-654-2255 if they are experiencing any doubt about the origins of an email or Canvas notification.
