minsterg | Information Security

[PHISH] Action Required: Faculty MFA Enrollment

Posted on January 6, 2026 by minsterg • 0 Comments

We received reports of an email targeting our users claiming to roll out MFA. TCNJ has used Duo MFA for some time now.

Things to note regarding this attack: The sender address is not a tcnj.edu address. The link in the email points to a non tcnj.edu domain. The landing page contains no TCNJ branding at all, and has an outdated copyright date. An attacker will often use generic terms on these types of pages in order to reuse the site for multiple targets.

Once the page is landed on, the user is asked for their role, username, and password. Once submitted, the next page prompts you to choose an MFA method. Any code can be entered, and the subsequent page will advise that the account has been locked for too many attempts. There is an option to submit a ticket to help desk, which does not actually do anything despite it stating it has done so.

This is a very thorough attack that could be avoided by using the basic methods of checking for indicators in the initial email, such as the email not coming from a tcnj.edu address and the landing page not being a tcnj.edu address (you can hover over the link to determine the destination URL). Attacks like these are becoming more sophisticated and more frequent. Please remain vigilant when checking your emails and report any suspicious messages to phish@tcnj.edu.

Thank you.

[PHISH] EmpIoyee Performance EvaIuation

Posted on December 10, 2025 by minsterg • 0 Comments

We received reports of an email sent to a number of users that claimed to contain employee performance evaluations. The email comes from an .edu address but not a TCNJ one, and uses language to indicate urgency. Also the link goes to a Jotform form imitating a login page. Also note the word “PASSWORD” is… Continue Reading

[PHISH] Hello, Review 2025 Salary Adjustment Payroll & Updated Team Benefit-Bonus_For Your Approval Ref:-I8eFAqdNgSV5P80J9SWYZIy3Kma62Y

Posted on July 21, 2025 by minsterg • 0 Comments

We received a report regarding another phishing email that attempted to get users to scan a QR code to visit a malicious site that tries to harvest users’ credentials. See example below. Note that the email does not come from a TCNJ.edu address, as well as the odd capitalization used. Be cautious of unfamiliar emails… Continue Reading

[PHISH] Text Message About Closing Email Account

Posted on July 2, 2025 by minsterg • 0 Comments

We have received reports that TCNJ users are receiving text messages claiming to be from the help desk about a request that the user close their school email address. The TCNJ help desk will not contact you about matters such as this via text message. Note in the screenshots below, the phone number does not… Continue Reading

[PHISH] July 2025 Salary Settlement_Approval Ref:-glY0Q4bUaNvfwrKclfGjyhoCYiubUB

Posted on July 1, 2025 by minsterg • 0 Comments

We have received reports of a phishing email using a QR code to attempt to get users to follow a link to a fake Microsoft login page that will harvest user’s credentials. The email imitates TCNJ but does not come from a TCNJ email account. Scanning the QR code will lead to a fake captcha… Continue Reading

[PHISH] Review Completed: Tcnj management Settlement Agreement i

Posted on June 16, 2025 by minsterg • 0 Comments

A phishing email utilizing an attachment with a QR code in it has been reported. The subject tries to engage the curiosity of the reader and prompt them to scan a QR code which leads to a malicious domain. This page will prompt the user to enter their credentials to view a document with the… Continue Reading

[PHISH] Salary Increment Letter – Effective June

Posted on May 28, 2025 by minsterg • 0 Comments

We have received reports of a QR code phishing scheme claiming to contain details of a pay increase. Screenshots are below. The email utilizes an attachment that contains a QR code and prompts the user to scan it to view details. The link takes the user to a false Microsoft login page which prompts for… Continue Reading

[PHISH] Amended The College Of New Jersey Handbook Updated Policy

Posted on May 8, 2025 by minsterg • 0 Comments

We received reports of a phishing email that claimed to contain an updated handbook for TCNJ. The email address of the sender is not a TCNJ address, which is a clear indicator that this is not legitimate. The attached PDF document contains a QR code that leads to a fake Microsoft login page; the URL… Continue Reading

[PHISH] Immediate Action Require: MFA System Upgrade

Posted on April 24, 2025 by minsterg • 0 Comments

We received reports of an email utilizing a QR code attachment imitating TCNJ and warning of account lockout. Note the email did not come from a tcnj.edu email address and the entire email was an attachment. The QR code (if scanned) does not lead to a tcnj.edu website. Do not reply to the sender nor… Continue Reading

[PHISH] [TCNJ: Information Security Advisory] 2FA Authentication!

Posted on April 7, 2025 by minsterg • 0 Comments

A number of users received a QR code phishing email this morning impersonating TCNJ. Note that the email originated from a Gmail account and not a TCNJ email address. The entire email body was an image rather than text, which attackers use to bypass filters. Do not scan the QR code. The landing page for… Continue Reading

Author Archives: minsterg