A number of users received a QR code phishing email this morning impersonating TCNJ. Note that the email originated from a Gmail account and not a TCNJ email address. The entire email body was an image rather than text, which attackers use to bypass filters. Do not scan the QR code. The landing page for the QR code is also not a TCNJ domain, and uses a common technique where they avoid using the word “PASSWORD” to also evade filtering. See examples below. Please report any suspicious messages to phish@tcnj.edu.
