Aug. 15, 2023

The University has identified an email phishing campaign targeting URI email recipients. The email asks the recipient to set up a two-factor authentication.

The email looks like an official URI email with the University logo at the top of the message. The email prompts recipients to set up a two-factor (2FA) authentication for their email account and contains a QR code to scan.

Do not scan the code. This is an attempt to phish email credentials and two-factor authentication device information.

The phishing email reads: “Due to recent security. This email is to confirm 2-Factor authentication for all University of Rhode Island email recipients. You’re hereby required to complete exercise with the mobile number you want your 2-Factor Authentication set to. Scan QR code below to complete authentication.”

The potential senders of the email are: Mindy Tong (goodwin+mindyytong_at_gmail.com@gaggle.email) and Goodwin (goodwin@gaggle.email). The potential subject lines include: “2FA Email Authentication” and “Email Confirmation.”

What you should do if you get the phishing email:

– Do not scan the QR code.
– Mark the message as spam in gmail (this will help educate Google’s spam filters) and delete it.
– Do not fill out the form associated with the link in the message.
– Do not engage with the sender or forward the message.

If you scanned the QR code, you should change all passwords associated with your URI account.