Body
If you got to this page by scanning a QR code, how sure were you it was safe?
Attackers have started including QR codes like the one below in phishing emails to trick you into opening web pages you might not open with a normal link. It can be difficult to determine where a QR code will take you, and they are not scanned for malicious content by the email system the way normal links are.
QR code phishing messages ask you to scan the code with your phone’s camera, which then opens a malware page or a fake login page designed to trick you into entering your password and multi-factor code. Criminals want you to open malicious web pages on your phone because we can’t help secure it, and because they know some people don't install security updates on their phones.
There are many legitimate uses for QR codes, but it’s never a good idea to scan a QR code from an email sender you don’t know or from some unknown Gmail or other email address purporting to be someone you know.
General Phishing Advice
For all messages, whether or not they include a QR code, always check the sender’s email address and not just their displayed name. It’s especially important if they ask you to do anything, like click a link, open an attachment, text them, or respond with information. Criminals love it when you send them your phone number. If you do, plan to get texts from them!
For more information about how to recognize phishing messages, take a look at this IT Knowledge Base page: Article - Recognizing Phishing Emails (teamdynamix.com)