Aug. 15, 2023
The University has identified an email phishing campaign targeting URI email recipients. The email asks the recipient to set up a two-factor authentication.
The email looks like an official URI email with the University logo at the top of the message. The email prompts recipients to set up a two-factor (2FA) authentication for their email account and contains a QR code to scan.
Do not scan the code. This is an attempt to phish email credentials and two-factor authentication device information.
The phishing email reads: “Due to recent security. This email is to confirm 2-Factor authentication for all University of Rhode Island email recipients. You’re hereby required to complete exercise with the mobile number you want your 2-Factor Authentication set to. Scan QR code below to complete authentication.”
The potential senders of the email are: Mindy Tong (firstname.lastname@example.org) and Goodwin (email@example.com). The potential subject lines include: “2FA Email Authentication” and “Email Confirmation.”
What you should do if you get the phishing email:
– Do not scan the QR code.
– Mark the message as spam in gmail (this will help educate Google’s spam filters) and delete it.
– Do not fill out the form associated with the link in the message.
– Do not engage with the sender or forward the message.
If you scanned the QR code, you should change all passwords associated with your URI account.