CCIT News and Notices

Planned Linux server migration will cause temporary service outages through November 2026

Posted on by ccitnews

CCIT is beginning a required University-wide Linux server migration that will result in temporary service outages for some campus systems through 2026. 

The work will move select servers from Oracle Enterprise Linux to Red Hat Enterprise Linux to meet updated licensing requirements and keep Clemson’s server environment consistent, secure and easier to support over time. Migration work will take place in scheduled phases throughout 2026 and is expected to be completed by November 5, 2026. 

For most affected systems, service interruptions are expected to last a few hours. Some systems may require additional time depending on size, complexity and coordination needs. 

CCIT Infrastructure Services and Operations is working to minimize disruptions and will contact impacted server owners and application contacts directly with details about timing, coordination needs and any expected service interruptions. 

Posted in Notices

Clemson to enforce stronger protections for University emails sent by third-party apps

Posted on by ccitnews

Beginning Tuesday, June 2, 2026, CCIT will strengthen the security of University communications by implementing a DMARC (domain-based message authentication, reporting and conformance) protocol for Clemson email.

What is a DMARC protocol? 

A DMARC protocol helps verify that University messages sent through third-party systems (like email marketing or customer management systems) are authorized.

Most faculty, staff and students will not notice a change in day-to-day email use. These stronger email security protections will help:

  • Reduce phishing and email spoofing that attempt to impersonate Clemson senders.
  • Strengthen trust in University email by helping recipients identify legitimate messages.
  • Align Clemson with current email security best practices.
  • Lower risk to personal and institutional data by blocking unauthorized messages.  

What to do if you send official University emails through a third-party system

Colleges and divisions that use third-party services to send messages from an @clemson.edu address for University business (like newsletters, invitations or confirmation emails) must ensure they are approved and set up correctly. If they are not approved, messages from the system may be blocked before reaching recipients.

Approved vendors authorized to send email on behalf of the University, like Microsoft, DocuSign and Workday, are already set up for DMARC compliance.

To verify that your third-party email platform is compliant with DMARC policy, initiate a review by submitting a CheckIT request online.

Posted in Notices

Watch for Targeted Phishing

Posted on by Patrick McGee

Because of the recent security incident involving Instructure, the parent company of the Canvas Learning Management System, users should be extra cautious about phishing emails. Clemson University uses Canvas, so we may be at a higher risk of targeting.

Targeted Phishing emails are highly personalized cyberattacks that use collected, detailed information about a person to craft emails that are potentially more detailed and convincing. These types of targeted phishing campaigns often follow major cybersecurity events.

The Instructure company has reached an agreement with the hackers for the return and destruction of any stolen data, but users should still exercise additional caution with emails.

Graphic showing the word Phishing with a target symbol above the word

Some of the ways to avoid falling for a phishing email are:

  • Carefully check the sender’s name and email address
  • Beware of requests for immediate action
  • Look for grammatical and spelling errors
  • Be careful of website links in an email
  • Avoid opening email attachments

If you do get a suspicious email or even one that you are not sure about, simply submit it to the Clemson Cybersecurity Team for review by using the Report button in Outlook or forwarding it to phishing@clemson.edu. Additional information is available on the Reporting Phishing Emails webpage.

Posted in Cybersecurity Alerts

Update on cybersecurity incident involving Canvas vendor Instructure

Posted on by ccitnews

CCIT is monitoring a cybersecurity incident involving Instructure, the company that provides Canvas, as part of a broader event affecting multiple institutions. Updates from Instructure are available on the company’s status page.

Canvas administrators are reviewing the Clemson instance and Canvas is universally unavailable for all institutions. CCIT will share updates as more information becomes available.

If you are contacted by cybercriminals, do not engage and delete the message.

Posted in Cybersecurity Alerts, News

Canvas vendor Instructure reports cybersecurity incident

Posted on by ccitnews

CCIT is aware of a cybersecurity incident involving Instructure, the company that provides Canvas, as part of a broader event affecting multiple institutions. 

CCIT is actively monitoring the situation, and Canvas administrators are reviewing the Clemson instance for any usability or service impacts. Updates from Instructure are available on the company’s status page. CCIT will share updates as more information becomes available. 

According to Instructure, the information involved may include names, email addresses, Clemson student ID (CUID) numbers and messages among users. At this time, Instructure says it has found no evidence that passwords, dates of birth, government identifiers or financial information were involved. If that changes, Instructure says it will notify impacted institutions. 

Even when passwords are not part of an incident, criminals can use details such as a Clemson email address and CUID number to make phishing emails, impersonation attempts and other social engineering attempts look more convincing. Students, faculty and staff should stay alert for unexpected emails, texts or calls that request login credentials, ask for personal information or urge immediate action. 

Posted in Cybersecurity Alerts, News

Microsoft removed Copilot from select Microsoft 365 apps

Posted on by ccitnews

Microsoft has removed in-app Copilot access from Word, Excel, PowerPoint and OneNote for institutional licenses, which includes Clemson. 

Copilot is still available for University users through the Copilot AI companion webpage, the Copilot app and Microsoft Outlook and Teams. 

Clemson users with a paid Microsoft 365 Copilot license will keep full in-app Copilot access. The option to purchase a Copilot license will be added to the Clemson University Marketplace by May 2026. 

If you have questions, reach out to your area’s IT Consultant or contact CCIT

Posted in Notices

Microsoft 365 apps now require 2FA when logging in

Posted on by ccitnews

CCIT is expanding two-factor authentication (2FA) to Microsoft 365 applications. As of Thursday, April 2, 2026, apps like Microsoft Outlook, Word and Excel may now prompt users to authenticate with two-factor authentication (2FA) after logging in with a Clemson username and password. This change is part of an ongoing effort to better protect Clemson accounts, personal information and systems from unauthorized access. 

Two-factor authentication methods like Duo Mobile are already widely used across many Clemson services, so most users should be familiar with this process. Expanding 2FA to more applications helps provide consistent, reliable protection across University systems.

Posted in News

New email digest helps review messages sent to Junk

Posted on by ccitnews

Beginning Friday, April 3, 2026, the Office of Information Security will introduce a new email digest to help students, faculty and staff identify messages that were flagged as spam and moved to the Junk Email folder in Outlook. 

This new digest gives users added visibility into messages that may require review. If a legitimate email was moved to the Junk folder, users can move it back to the Inbox directly in Outlook without submitting an IT Help ticket. 

A screenshot of the Daily Email Digest email that shows spam emails received.

This notification is separate from Microsoft’s existing quarantine emails. Microsoft notifications apply only to quarantined messages, while the new Clemson digest applies to potential spam messages routed to Junk. 

Users will only receive this new digest on days when one or more messages have been moved to their Junk folder. This added notice is intended to reduce the chance that a relevant email is missed because it was automatically sent to the Junk folder. 

Posted in News

New process for adding printing funds in PaperCut

Posted on by ccitnews

With the upcoming end of the TigerStripe system, Clemson Computing and Information Technology (CCIT) is changing the way students add funds to their PaperCut printing accounts. Students who need to add printing funds beyond their semester quota will now use the TouchNet uPay system. 

Each student receives a printing quota of $25.50 per semester through Clemson’s PaperCut printing system. For most students, this quota is more than enough to cover their printing needs. Through May 31, PaperCut usage over this quota will continue to draw from any remaining TigerStripe balances. Students who still have a TigerStripe balance should use those funds before adding money through the new system.

To add printing funds, log in to the PaperCut web portal, click the Add Funds tab, select the amount you want to add and complete the steps on the TouchNet uPay payment page. After the transaction is finished, the PaperCut summary page will display the user’s updated printing balance.

Unlike the semester printing quota, added printing funds do not reset or expire, and any remaining balance will stay on the account until it is used. Because added funds are only used after the semester printing quota has been reached, students are encouraged to add only the amount they expect to need.

This change primarily affects students who print frequently or submit large posters to be plotted.

Beginning April 1, TigerStripe will no longer accept new deposits, and the service will be fully retired on June 1, 2026. Learn more about the sunsetting of the TigerStripe declining balance program on the TigerOne website. Questions about printing and plotting may be directed to the CCIT Support Center by emailing ithelp@clemson.edu, chatting online on TigerHub, or calling/texting (864) 656-3494.

Posted in Notices

IRS Scams

Posted on by Patrick McGee

Because it is tax season, cybercriminals are increasing their use of Internal Revenue Service (IRS) themed scams.

These scams can include well-crafted phishing emails, text messages and phone calls. Cybercriminals are also using AI to create deepfakes, making their scam pitches even more believable. Other tactics include using social media to post fake content about false information, such as “secret refunds”.

As with most of these scams, their goal is to obtain personal information from you to use in their attack. Or they may try to solicit funds directly from you.

Please be aware that the IRS will never contact taxpayers directly by email, text messages or phone calls. Instead, they will contact you by letter sent through the U.S. Postal Service.

Hand holding a cell phone with text displaying on the phone saying "Scam! IRS calling".
Posted in Cybersecurity Alerts