It was finals week.
Students were trying to submit work, check grades, finish projects, and prepare for graduation.
Then Canvas became part of a major cybersecurity story.
In this episode of Mr. Fred’s Tech Talks, Mr. Fred uses the recent Canvas cybersecurity incident as a real-world teaching moment about phishing, social engineering, AI-assisted scams, and the human side of cybersecurity.
This one also became personal.
While students and faculty were watching messages from schools, vendors, support teams, and friends, Mr. Fred encountered what appeared to be a phishing email. It looked legitimate. It seemed connected to a real student issue. And yes, even as someone who teaches cybersecurity, he clicked.
That is the heart of this episode.
Cybersecurity is not always a high-tech movie scene. Sometimes it is an email that arrives at exactly the wrong moment.
What You Will Learn
- Why the Canvas incident became a teaching moment during finals and graduation season
- What social engineering is and why it works
- How phishing emails use urgency, trust, timing, and anxiety
- Why cybersecurity is not always highly technical
- How AI may make scam messages more polished and convincing
- Why we should avoid speculation while still understanding the risks
- What students, parents, teachers, and families can do before clicking, entering a code, or approving a request
The Canvas Moment
Canvas is the learning management system many schools, colleges, and universities use for assignments, grades, course materials, messages, quizzes, and announcements.
When a cybersecurity incident affects a platform like Canvas, it is not just a technical issue. It quickly becomes a human issue.
Students are trying to finish the semester. Faculty are trying to communicate. Schools and vendors are sending updates. Friends are texting. Rumors are spreading. People are nervous.
That is cybersecurity in real life.
Not always hackers in dark rooms. Not always dramatic movie music. Sometimes it is communication, patience, trust, and knowing when to slow down.
A Teaching Moment for Students
During this incident, Mr. Fred encouraged students to watch what was happening around them.
Watch the communication from the school.
Watch the communication from the vendor.
Watch how people respond.
Watch how rumors spread.
Watch how stress changes decision-making.
That became the lesson.
Cybersecurity is not just about servers, firewalls, and software. It is also about people, timing, anxiety, and awareness.
When people are busy, tired, stressed, or worried about grades and graduation, they are more likely to make quick decisions.
Attackers know that.
The Email That Got Me
In the middle of the confusion, Mr. Fred received what appeared to be a phishing email.
It looked legitimate.
It seemed tied to a real student issue.
The timing made sense.
The context felt believable.
And that is exactly why phishing works.
It does not always look ridiculous. It does not always have bad spelling, strange formatting, or obvious warning signs.
Sometimes it looks like it belongs in the moment.
That is why this story matters. If it can happen to someone who teaches cybersecurity, it can happen to anyone.
The lesson is not shame. The lesson is awareness, reporting, recovery, and learning.
What Is Social Engineering?
Social engineering is when an attacker manipulates a person into doing something that helps the attacker.
That might mean:
- Clicking a link
- Opening an attachment
- Entering a password
- Sharing a verification code
- Approving a login request
- Trusting a fake message
It works because attackers understand human behavior. They know people want to help. They know urgency creates pressure. They know fear changes how we think.
Sometimes the attacker does not need to break through the firewall.
They just need to convince someone to open the gate.
Where AI May Fit Into This
Whenever a major cybersecurity incident happens now, people understandably ask whether AI was involved.
In this episode, Mr. Fred is careful not to speculate beyond what is known.
But one thing is clear: AI can make social engineering more convincing.
AI can help attackers write cleaner emails, personalize messages, translate scams, create scripts, and make fake messages look more professional.
That means we can no longer rely only on spotting bad grammar or obvious mistakes.
Instead, we need to look at behavior.
What is the message asking me to do?
Is it creating urgency?
Is it asking for credentials?
Is it asking me to enter a code?
Is it pushing me to bypass normal steps?
Did I initiate this request?
AI may change the packaging, but the core defense is still the same:
Pause. Verify. Think. Then act.
Tech Tip
Use the pause test.
The next time you receive an email, text, or message that makes you feel rushed, nervous, excited, or curious, pause for ten seconds.
Ask yourself:
Who sent this?
What do they want me to do?
What happens if I wait five minutes?
Most legitimate things can wait five minutes.
Scams do not want you to wait. They want you moving fast.
That pause may be one of the best cybersecurity tools you have.
Tech Challenge
This week’s challenge is called the Social Engineering Audit.
Open your inbox and find one message that creates urgency, fear, excitement, or curiosity.
Do not click anything.
Just inspect it.
Ask three questions:
- Who actually sent this?
- Is there a link, and where does it really go?
- What is this message asking me to do?
Is it asking for credentials, payment, personal information, quick action, or a security code?
That is it.
No clicking. No responding. Just learning to recognize the signs.
This can be a great family or classroom activity. Once young people learn how to spot the trick, the trick becomes less powerful.
Resources and Links Mentioned
- GetMeCoding.com – Home base for the podcast, resources, and more
- How to Spot a Phishing Email And What to do When You Get One
- Mr. Fred’s Tech Talks Podcast
- Courses.GetMeCoding.com – Beginner-friendly coding and technology courses
Connect with GetMeCoding
Website: https://www.getmecoding.com
Courses: https://courses.getmecoding.com
Podcast: https://www.getmecoding.com/podcast/
Bring Mr. Fred to Your School, Workplace, or Event
If this episode sparked something for you and you are planning an event for students, parents, educators, business leaders, or community members, let’s connect.
Mr. Fred speaks on technology, AI, coding, cybersecurity, and digital literacy in a way that is practical, warm, and built for everyday people, not just tech experts.
Visit GetMeCoding.com to set up a call.
Share This Episode
If this episode helped you, share it with:
- A student who needs a reminder to slow down before clicking
- A parent helping their child navigate online accounts and school technology
- A teacher trying to explain cybersecurity in a real-world way
- A coworker who has ever received an email that felt just a little too urgent
- Anyone who has ever clicked something a little too fast
Which, let’s be honest, is probably all of us.
