The Office of Information Security at Appalachian State University has seen a recent uptick in QR Code related scams involving Duo two-factor authentication.
The goal of these attacks has been to get users to navigate to a page through which cybercriminals can gain access to university accounts and data.
QR codes are images, often of black and white squares, that can be used to share links to websites.
To help safeguard yourself against these recent attacks, here are a few steps you can take:
- Be cautious about the source of QR codes: Only scan QR codes from trusted sources. If a QR code appears in an unsolicited email, on a flier or in a public place without clear context, it might be risky.
- Check the URL: After scanning a QR code, always look at the URL on your device before proceeding. Make sure it matches the expected website and is not a misspelled version of a well-known site, which could indicate a phishing attempt.
- Managing Duo Validation Phone Calls: If you receive a phone call from Duo to validate a login and are not presently attempting to access a university service then simply hang up.
If you encounter a suspicious email, QR code or any other information that appears to be connected to your university account and you are uncertain about its authenticity, report it immediately to phish@appstate.edu.
Further information about how to protect against security threats and how to report a suspected security issue is available at App State’s Information Security website.
Thank you for your diligence in protecting your university information.
James Webb, Chief Information Security Officer
Image of hand holding phone with QR code
