The FTC says scammers may exploit the Canvas breach by sending texts or emails that impersonate the organization behind the incident. The guidance urges people to avoid clicking suspicious links or contacting numbers from unknown messages.

Following the news coverage of a major education platform incident involving Canvas, the FTC warns that scammers commonly send follow-on phishing messages designed to capitalize on the public attention. The FTC Consumer Alert explains that attackers may impersonate the platform (or affiliated organizations) through unexpected emails and texts, prompting recipients to click links or take actions related to the breach. The threat model here is the same social-engineering playbook seen after many headline-making cyberattacks: attackers try to steer victims to fraudulent landing pages or messaging threads that appear official. Victims may be induced to enter personal information, respond to fraudulent requests, or follow directions that expose them to theft. The FTC emphasizes that recipients should not interact with links, phone numbers, or references contained in suspicious messages—especially when the communication could be a spoof. Instead, the FTC recommends contacting the school or company using known-good contact details, such as official websites or previously verified numbers, rather than using the contact information embedded in the message. The alert frames the best defense as process-based caution: treat post-breach communications as high-risk until verified through independent channels.