Activate 2FA/Enable Two-Factor Authentication

Why this looks valid:

• Attacker uses legitimate MSU faculty/staff names
• Contains the MSU logo

Why this is phishing?

• QR code link is fraudulent
• Email Subject changes:
  • [Activate 2FA for Stronger Security]
  • [Protect Your Account: Activate 2FA Now]
  • [Safeguard Your Account: Enable 2-Factor Authentication Today]
  • [Boost Security: Enable Two-Factor Authentication]
• Spelling errors: No space between QR and code as well as ( 2SV) having a space
• Email address is external
• Name in signature is not similar to the one in the From alias

Additional Notes:

• Do you think you’ve fallen for a scam? Did you share personal information? Downloaded malicious content? Please contact the IT Service Desk at 973-655-7971 option 1 or email itservicedesk@montclair.edu.
• Please send any malicious emails you have received to phishfiles@montclair.edu or by clicking the Knowbe4 Phish Alert Button (PAB).
• Always use the “hover over” technique to check web links before clicking! For more security tips please visit our Security Tips page.