CCIT News and Notices

Watch for Targeted Phishing

Posted on by Patrick McGee

Because of the recent security incident involving Instructure, the parent company of the Canvas Learning Management System, users should be extra cautious about phishing emails. Clemson University uses Canvas, so we may be at a higher risk of targeting.

Targeted Phishing emails are highly personalized cyberattacks that use collected, detailed information about a person to craft emails that are potentially more detailed and convincing. These types of targeted phishing campaigns often follow major cybersecurity events.

The Instructure company has reached an agreement with the hackers for the return and destruction of any stolen data, but users should still exercise additional caution with emails.

Graphic showing the word Phishing with a target symbol above the word

Some of the ways to avoid falling for a phishing email are:

  • Carefully check the sender’s name and email address
  • Beware of requests for immediate action
  • Look for grammatical and spelling errors
  • Be careful of website links in an email
  • Avoid opening email attachments

If you do get a suspicious email or even one that you are not sure about, simply submit it to the Clemson Cybersecurity Team for review by using the Report button in Outlook or forwarding it to phishing@clemson.edu. Additional information is available on the Reporting Phishing Emails webpage.

Posted in Cybersecurity Alerts

Update on cybersecurity incident involving Canvas vendor Instructure

Posted on by ccitnews

CCIT is monitoring a cybersecurity incident involving Instructure, the company that provides Canvas, as part of a broader event affecting multiple institutions. Updates from Instructure are available on the company’s status page.

Canvas administrators are reviewing the Clemson instance and Canvas is universally unavailable for all institutions. CCIT will share updates as more information becomes available.

If you are contacted by cybercriminals, do not engage and delete the message.

Posted in Cybersecurity Alerts, News

Canvas vendor Instructure reports cybersecurity incident

Posted on by ccitnews

CCIT is aware of a cybersecurity incident involving Instructure, the company that provides Canvas, as part of a broader event affecting multiple institutions. 

CCIT is actively monitoring the situation, and Canvas administrators are reviewing the Clemson instance for any usability or service impacts. Updates from Instructure are available on the company’s status page. CCIT will share updates as more information becomes available. 

According to Instructure, the information involved may include names, email addresses, Clemson student ID (CUID) numbers and messages among users. At this time, Instructure says it has found no evidence that passwords, dates of birth, government identifiers or financial information were involved. If that changes, Instructure says it will notify impacted institutions. 

Even when passwords are not part of an incident, criminals can use details such as a Clemson email address and CUID number to make phishing emails, impersonation attempts and other social engineering attempts look more convincing. Students, faculty and staff should stay alert for unexpected emails, texts or calls that request login credentials, ask for personal information or urge immediate action. 

Posted in Cybersecurity Alerts, News

Microsoft removed Copilot from select Microsoft 365 apps

Posted on by ccitnews

Microsoft has removed in-app Copilot access from Word, Excel, PowerPoint and OneNote for institutional licenses, which includes Clemson. 

Copilot is still available for University users through the Copilot AI companion webpage, the Copilot app and Microsoft Outlook and Teams. 

Clemson users with a paid Microsoft 365 Copilot license will keep full in-app Copilot access. The option to purchase a Copilot license will be added to the Clemson University Marketplace by May 2026. 

If you have questions, reach out to your area’s IT Consultant or contact CCIT

Posted in Notices

Microsoft 365 apps now require 2FA when logging in

Posted on by ccitnews

CCIT is expanding two-factor authentication (2FA) to Microsoft 365 applications. As of Thursday, April 2, 2026, apps like Microsoft Outlook, Word and Excel may now prompt users to authenticate with two-factor authentication (2FA) after logging in with a Clemson username and password. This change is part of an ongoing effort to better protect Clemson accounts, personal information and systems from unauthorized access. 

Two-factor authentication methods like Duo Mobile are already widely used across many Clemson services, so most users should be familiar with this process. Expanding 2FA to more applications helps provide consistent, reliable protection across University systems.

Posted in News

New email digest helps review messages sent to Junk

Posted on by ccitnews

Beginning Friday, April 3, 2026, the Office of Information Security will introduce a new email digest to help students, faculty and staff identify messages that were flagged as spam and moved to the Junk Email folder in Outlook. 

This new digest gives users added visibility into messages that may require review. If a legitimate email was moved to the Junk folder, users can move it back to the Inbox directly in Outlook without submitting an IT Help ticket. 

A screenshot of the Daily Email Digest email that shows spam emails received.

This notification is separate from Microsoft’s existing quarantine emails. Microsoft notifications apply only to quarantined messages, while the new Clemson digest applies to potential spam messages routed to Junk. 

Users will only receive this new digest on days when one or more messages have been moved to their Junk folder. This added notice is intended to reduce the chance that a relevant email is missed because it was automatically sent to the Junk folder. 

Posted in News

New process for adding printing funds in PaperCut

Posted on by ccitnews

With the upcoming end of the TigerStripe system, Clemson Computing and Information Technology (CCIT) is changing the way students add funds to their PaperCut printing accounts. Students who need to add printing funds beyond their semester quota will now use the TouchNet uPay system. 

Each student receives a printing quota of $25.50 per semester through Clemson’s PaperCut printing system. For most students, this quota is more than enough to cover their printing needs. Through May 31, PaperCut usage over this quota will continue to draw from any remaining TigerStripe balances. Students who still have a TigerStripe balance should use those funds before adding money through the new system.

To add printing funds, log in to the PaperCut web portal, click the Add Funds tab, select the amount you want to add and complete the steps on the TouchNet uPay payment page. After the transaction is finished, the PaperCut summary page will display the user’s updated printing balance.

Unlike the semester printing quota, added printing funds do not reset or expire, and any remaining balance will stay on the account until it is used. Because added funds are only used after the semester printing quota has been reached, students are encouraged to add only the amount they expect to need.

This change primarily affects students who print frequently or submit large posters to be plotted.

Beginning April 1, TigerStripe will no longer accept new deposits, and the service will be fully retired on June 1, 2026. Learn more about the sunsetting of the TigerStripe declining balance program on the TigerOne website. Questions about printing and plotting may be directed to the CCIT Support Center by emailing ithelp@clemson.edu, chatting online on TigerHub, or calling/texting (864) 656-3494.

Posted in Notices

IRS Scams

Posted on by Patrick McGee

Because it is tax season, cybercriminals are increasing their use of Internal Revenue Service (IRS) themed scams.

These scams can include well-crafted phishing emails, text messages and phone calls. Cybercriminals are also using AI to create deepfakes, making their scam pitches even more believable. Other tactics include using social media to post fake content about false information, such as “secret refunds”.

As with most of these scams, their goal is to obtain personal information from you to use in their attack. Or they may try to solicit funds directly from you.

Please be aware that the IRS will never contact taxpayers directly by email, text messages or phone calls. Instead, they will contact you by letter sent through the U.S. Postal Service.

Hand holding a cell phone with text displaying on the phone saying "Scam! IRS calling".
Posted in Cybersecurity Alerts

Changes to Clemson Guest network

Posted on by ccitnews

Beginning Thursday, February 26, 2026, at 4:30 p.m., the Office of Information Security will restrict access to certain apps and websites through the Clemson Guest network. The increased security measures will not impact users and devices connected to eduroam. This update is part of ongoing efforts to secure and safeguard Clemson’s networks and systems.

Posted in Notices

Additional apps will now require 2FA when logging in

Posted on by Tara Stone

CCIT is expanding two-factor authentication (2FA) to additional third-party applications. Some apps that did not previously require 2FA may now prompt users to authenticate after logging in with a Clemson username and password. This change is part of an ongoing effort to better protect Clemson accounts, personal information and systems from unauthorized access.

Two-factor authentication methods like Duo Mobile are already widely used across many Clemson services, so most users should be familiar with this process. Expanding 2FA to more applications helps provide consistent, reliable protection across University systems.

Posted in News