Caleb, this is the click-through landing for the simulated Canvas notification you just clicked. You're in a controlled exercise for our Information Security Policies course.

๐Ÿšฉ Red flags you could have caught

  • Sender domain was instruclure.com, not instructure.com (extra l between u and u) โ€” the only reliable visual tell
  • "Click to view" hovered URL points at canvas.instruclure.com โ€” same typosquat
  • Notification message itself is plausible but unverifiable โ€” "Shams Kajani" could be impersonated by anyone who knows the course roster
  • What's NOT a usable tell: the external-sender banner. Real instructure.com notifications also trigger it because Instructure is external to GT's M365 tenant. The banner doesn't differentiate โ€” it just trains users to ignore it

What we logged: the click event (timestamp + IP). No credentials were collected โ€” by group ROE this campaign stops at click capture. In a real attack the next stage would be a credential form mimicking Canvas's login (though per assignment ROE we'd stop short of cloning the GT SSO page itself).

Next step: close this tab. We'll cover it in the group deck for the 6/9 deadline. If you didn't expect this and have questions, ping the group channel.

PUBP 6725 โ€” Information Security Policies, Summer 2026 ยท Authorized phishing simulation ยท No data exfiltrated