Copyleaks will be doing further server-side maintenance on Sunday, Nov. 2. This maintenance will start at midnight (12 a.m.) and end at 8:00 a.m. Copyleaks will be unavailable/unable to process submissions during this time. For further details, please view the maintenance notification and/or check to see if Copyleaks is up. Please plan accordingly.

In addition, Copyleaks will update their AI Detector on Monday, Nov. 10. On this day, there may be differences in the AI Detection scores compared to previous detections. If instructors used a particular threshold in their policies, it may be a good idea to revisit them.

We are not talking about the recreational enjoyment, we are talking about someone attempting to fool you into giving up your credentials.  According to the Verizon Data Breach Report, phishing accounted for 12% of breaches involving stolen credentials in 2023.  Phishing is a type of cybercrime in which a person tries to obtain sensitive information from another user.  Successful phishing can allow a user into a network or system where they can plant a foothold for all kinds of malicious activity.

Types of Phishing Attacks

• Email phishing: Sending fraudulent emails that appear to be from a legitimate source, often containing malicious links or attachments.
• Smishing: Phishing via text message.
• Vishing: Phishing via voice call.
• Spear phishing: Targeting specific individuals or organizations with personalized phishing messages.

Whaling: Targeting high-profile individuals, such as CEOs or executives.

Effective Risk Management Strategies

• Hover Before You Click: Before clicking any link in an email, hover your mouse over it to see the actual URL. If the URL looks suspicious or doesn’t match the sender’s domain, don’t click on it.
• Watch Out for Lookalike Domains: Attackers often create fake domains that are very similar to legitimate ones, with slight changes like missing letters or altered characters (e.g., replacing an “l” with a “1”). Always double-check the URL for these subtle differences.
• Beware of Out-of-Character Messages: If you receive an email that asks you to do something unusual or unexpected, think twice before acting. It may be an attempt to trick you.
• Sense of Urgency: Phishing emails often try to create a sense of urgency or panic by claiming your account is about to expire, that you’ll lose access to something, or that a package is undelivered. These tactics are designed to make you act quickly without thinking.
• Know the Sender: Just because an email appears to come from someone you know doesn’t mean it’s legitimate. Cybercriminals can spoof addresses or use compromised accounts to send malicious messages. Always verify any unusual requests, even if the email appears to come from a familiar name.
• Change of Venue: Be cautious of messages that ask you to switch the conversation to text messages. These are often scams. It might start with “Are you free?” and appear to come from someone you know, but once they move the conversation to text, it’s easier for them to avoid our security measures. If in doubt, verify directly with the person through a trusted method.

Each of you is an essential part of keeping our digital environment secure. Together, we can prevent cyber threats and ensure a safe, productive workspace.

Submitted by Tyler Kron-Piatek, Instructional Designer, on behalf of OculusIT

The 2023 Verizon Data Breach Investigations Report (DBIR) found that 81% of confirmed breaches involved stolen or compromised credentials. This suggests that a large portion of the breaches can be attributed to weak, reused or stolen passwords.  Passwords are still the most common authentication method used across applications and websites because it is the simplest way to implement authentication (proving you are who you say you are). However, choosing a poor password and re-using passwords across sites and applications is paramount to using a cardboard door on your house; it won’t keep the bad guys out for long.

Impacts to Higher Education Institutions

• Data Breaches: Sensitive student, faculty, and staff data can be compromised, leading to identity theft, financial fraud, and regulatory fines.
• Regulatory Non-Compliance: Universities that fail to implement adequate password security measures may face legal and regulatory consequences, including fines and lawsuits.
• Financial Losses: Data breaches can result in significant financial losses for universities, due to costs associated with investigating and remediating the breach, as well as potential legal and regulatory fines.

Effective Risk Management Strategies

• Passphrases: Choose a password phrase with a minimum of 20 characters with no complexity.  Passphrases are passwords made up of multiple words, usually a minimum of 4 words.  Examples are “water sky yellow runner” or “maple-action-yesterday-winner”.
• Check your password strength with a reputable system like:
  • https://www.passwordmonster.com/
  • https://haveibeenpwned.com/
  • https://nordpass.com/secure-password/
• Don’t re-use passwords. Use a password manager like LastPass, Dashlane, Keeper or 1Password to create and store unique passwords for all of your systems and sites.
• Check for Dark Web exposures.  https://haveibeenpwned.com/ allows you to search for your email address to see if it has been involved in a breach.

Effective password management is the cornerstone of preventing your account from being used as an attack on the university and the potential loss of faculty, staff or student information.

Posted on behalf of OculusIT

Copyleaks will be doing routine server maintenance on Oct. 28, starting at 3:00AM. Maintenance is expected to last eight hours. As such, Copyleaks may not be able to process submissions during this time, nor will faculty be able to review reports and dashboards. Please plan accordingly.

For further information, see their status page:

• Copyleaks Status Page:
  • https://status.copyleaks.com
• Messaging:
  • https://status.copyleaks.com/incident/1390387

Further tutorials and details on Copyleaks can be found on the Copyleaks Wiki page.

Questions or comments? Please reach out to Helpdesk at helpdesk@canisius.edu.

COLI and Academic Affairs are seeking session leaders and presenters for Winter Faculty Development Week (WFDW), which will take place January 5–8.

Topics usually are centered around Pedagogy and range from novel practices to round-table discussions on using particular tools (such as Podcasting, using Panopto for videos, Hypothes.is for social annotations, EAB Navigate 360, Microsoft Teams, and more). We have also had sessions about classroom role-playing/gamification, academic scholarship, Artificial Intelligence, etc.

For more ideas on topics, check out previous Faculty Development Weeks. Canisius Faculty and Staff can also request access to the Faculty Development Group on D2L (contact email listed below).

If interested, please fill out the 2026 WFDW Session Information Form.

Just want to attend WFDW this year? Stay tuned to the COLI Blog and The Dome for when we launch the RSVP form!

Questions or comments? Or not sure about your topic? Email COLI at coli@canisius.edu.