USNH Phishing Simulation

USNH Phishing Simulation

 

This was a phishing simulation by the USNH Cybersecurity Operations Team. 

Rather than stealing information like a cybercriminal would, we have re-directed you to the this page. Below is the message and some tips on how to help identify phishing.

Don't worry, your credentials were not compromised during this simulation.

And It's Okay! Let's learn from this.

 

Phishing Message:

Subject: Canvas Account Activity Verification

Sender: canvas-security@instructure-incident-notification.net

Dear [firstName],
 
Due to the April 2026 security incident involving Canvas, Instructure is requiring all users to review and validate their account activity since April 24.
 
As part of this review, you must log in and confirm that no unauthorized access or changes have occurred on your account.
 
Failure to complete this validation may result in temporary loss of access to Canvas, and any course materials or submissions will be removed.
 
Please use the secure link below to review your account activity:
 
This process takes less than 2 minutes to complete.
 
If you have already verified your account, no further action is required.
 
Thank you for your prompt attention to this matter.
 
Canvas Security Team
Instructure

Tips to Help Identify Phishing

The external tag: While USNH does apply a warning banner for messages from external senders, this is not consistent with that banner. 

Sender From Name and address: Canvas Security Team <canvas-security@instructure-incident-notification.net> - Phishing messages will often attempt to make the email address appear legitimate. This is especially true when reviewing messages on mobile devices. Always expand the sender from field to review the actual email address. Never assume the Display Name is the actual sender!

Sense of Urgency and consequence: "As part of this review, you must log in and confirm that no unauthorized access or changes have occurred on your account. Failure to complete this validation may result in temporary loss of access to Canvas, and any course materials or submissions will be removed." These two statements are attempting to invoke an emotional response and call to action by the recipient.

Hover over links: The simple act of hovering over the link can reveal the true URL that may be hidden or obfuscated. Use this to your advantage to see the URL before ever clicking! If you ever receive a message you believe could be legitimate but are not certain (ie., from your bank) always defer to typing the known good url into your browser instead of clicking a link. Expect URLs or attachments in unexpected messages to always be malicious.

Did you know? Even by simply clicking on a link in a phishing email you can unintentionally disclose information. 

 

------------------------------------------------

If you ever have concerns that a message may be phishing, please do not hesitate to contact the following resources:

USNH Cybersecurity Operations - USNH Cybersecurity

USNH Technology Help Desk/Help Central -

USNH Phishbowl News - Find information on how to report a message using the built-in report function in Outlook. In addition to reporting the message to the USNH Cybersecurity Team, this also helps train Microsoft to better detect phishing and helps protect the USNH community!

Phishing Awareness at USNH - Provides more information about phishing and why USNH is a target for phishing.