Examples of scams currently in circulation

It's a busy time of year for everyone in the University community and when you are busy it can be easier for cyber criminals to catch you out. Below we have listed some types of phishing messages that are currently targeting our staff and students, or that are in circulation worldwide.

Hands typing on laptop with a phishing email on the screen.

24 Apr 2024

QR Code Phishing

QR code phishing (also known as quishing) is a phishing tactic that aims to deceive its target into scanning a QR code to redirect them to a fraudulent website or install malware on the victim’s device. With this type of scam, you may receive an email which contains a malicious QR code that can sidestep many security controls and link filters. To learn more, see the article on QR Code Phishing by TechTarget.

Example of QR Code Phishing received in Trinity inboxes

From: HR-Payroll-Tcd

Content: This email requests users to scan an enclosed QR code so that they may have access to a file which 'Human Resource / Payroll' has shared. Please see below for an example of this email.

Example of a phishing email with a QR code embedded in the email body

Gift card scam

Scammers will say almost anything to get you to buy gift cards, like Google Play, Apple, iTunes, or Amazon cards and hand over the card number and PIN codes. Gift cards are a fast source of cash because they can be used to purchase items or can be sold.

Example of the gift card scam received in Trinity inboxes:

From: Appears to come from a colleague but not from a real Trinity account

Subject: Available? / Are you available? (or similar)

Content:

Initial email:

###

Let me know if you have some time now.

###

Follow-up email if you respond:

###

Thank you for getting back to me. I appreciate your response. I need you to please get some iTunes Gift cards from online. There are some prospects i need to send Gift Cards but I can't do that right now because I'm currently in a meeting and I have quite a busy day ahead. Let me know if it's possible to get them for me right now, so I can tell you which product I would need and what amount. I'll reimburse you before the end of today.

###

AI empowered phishing

Phishing has become more sophisticated thanks to Artificial Intelligence (AI), where cyber criminals use AI to correct poor grammar, remove spelling mistakes, and add idiosyncrasies to sound more like a native speaker, which can lure their victims into a false sense of security. To learn more, see the article on How AI-Powered Phishing Attacks Are Outsmarting Cybersecurity by Guardian Digital Inc (via LinkedIn).

What to do if you receive a phishing email

If you receive a suspicious email that resembles any of the above examples, do not engage with the email in any way, i.e. do not click on a link, open an attachment, scan a QR code, give away your password, buy gift cards and give away the codes, or respond to the email. Instead, report them to our IT Service Desk via itservicedesk@tcd.ie.