QR Code Phishing
QR code phishing (also known as quishing) is a phishing tactic that aims to deceive its target into scanning a QR code to redirect them to a fraudulent website or install malware on the victim’s device. With this type of scam, you may receive an email which contains a malicious QR code that can sidestep many security controls and link filters. To learn more, see the article on QR Code Phishing by TechTarget.
Example of QR Code Phishing received in Trinity inboxes
From: HR-Payroll-Tcd
Content: This email requests users to scan an enclosed QR code so that they may have access to a file which 'Human Resource / Payroll' has shared. Please see below for an example of this email.
Gift card scam
Scammers will say almost anything to get you to buy gift cards, like Google Play, Apple, iTunes, or Amazon cards and hand over the card number and PIN codes. Gift cards are a fast source of cash because they can be used to purchase items or can be sold.
Example of the gift card scam received in Trinity inboxes:
From: Appears to come from a colleague but not from a real Trinity account
Subject: Available? / Are you available? (or similar)
Content:
Initial email:
###
Let me know if you have some time now.
###
Follow-up email if you respond:
###
Thank you for getting back to me. I appreciate your response. I need you to please get some iTunes Gift cards from online. There are some prospects i need to send Gift Cards but I can't do that right now because I'm currently in a meeting and I have quite a busy day ahead. Let me know if it's possible to get them for me right now, so I can tell you which product I would need and what amount. I'll reimburse you before the end of today.
###
AI empowered phishing
Phishing has become more sophisticated thanks to Artificial Intelligence (AI), where cyber criminals use AI to correct poor grammar, remove spelling mistakes, and add idiosyncrasies to sound more like a native speaker, which can lure their victims into a false sense of security. To learn more, see the article on How AI-Powered Phishing Attacks Are Outsmarting Cybersecurity by Guardian Digital Inc (via LinkedIn).
What to do if you receive a phishing email
If you receive a suspicious email that resembles any of the above examples, do not engage with the email in any way, i.e. do not click on a link, open an attachment, scan a QR code, give away your password, buy gift cards and give away the codes, or respond to the email. Instead, report them to our IT Service Desk via itservicedesk@tcd.ie.