A fake email pretending to be from Microsoft is circulating asking users to enable Two Factor Authentication (2FA) on your Microsoft account.
Whilst we recommend using 2FA, this fake email is never the way we would ask you to enable 2FA.

The email contains the subject similar to this “COMPANY NAME-Notification for yourname@companyemail.com Msg#253456952298”

With the body of the email similar to this below:


In this QR code phishing email, the scammer embeds a malicious link on a QR code to try and convince you to scan to access a harmful website.
Embedding the malicious links on QR codes makes it difficult for you to recognize that the website is suspicious. It helps the scammers circumvent old-style security checks that help flag malicious links in emails.

As QR codes are becoming more popular and you see them everywhere, always treat QR codes as links. Before you read the QR code, stop to think about whether you trust the sender or genuinely need the embedded information.
Any QR code that looks or feels suspicious may be malicious. Avoid them if possible.
Phone cameras typically can read and expose the hidden URL. Check to see if the domain name matches the URL before opening the link. If suspicious, avoid the link.

As always, if ever you are in doubt with any emails, websites or links please contact Comcare Technology for advice.