Other ways to search: Events Calendar | UTHSC

SPAR – Cybersecurity Scam of the Week – QR Code Scams


This week’s scam is about how scanning a QR code can be just like clicking a link or opening an attachment – proceed with caution!

Many restaurants and other businesses have been using QR codes since the start of the pandemic to limit the use of shared resources, like printed menus. However, a scammer can easily “sticker over” an existing QR code with one they developed, leading a person to a malicious website.

Wizer Training has created a short video explaining how this all works and what to look for when given the option to scan a code. When in doubt, use your SPAR training and be prepared to watch for warning signs on QR codes, just like you would for links or attachments. Is the QR code part of a branded flyer, or is it just a sticker? Is it directing you to the website you are expecting?

If you are using it as an easy way to get to the menu of a restaurant, take the extra time to go to the restaurant’s website, and find the menu that way. Better safe than sorry!

What else has been reported to abuse@uthsc.edu this past week?

  • [Ext] Staff – another attempt at a gift card scam, with a Dean’s name, spoofed using a Gmail account
  • [Ext] ?????Mail – wanting the recipient to open an attachment to listen to a voicemail, however, it came from an external source and even the spelling was not correct – Vοice box
  • [Ext] Payment Advice Note 06.12.21 – an invoice scam wanting the recipient to click on a link to “view a document”
  • [Ext] Status: Received December 06, 2021 23:16:18 PM – wanting the recipient to click on an attachment titled “Settlement Check” – a good enticement to see the dollar amount
  • [Ext] Employee Assistance Program – a “too good to be true” scam, offering $4,500 in assistance to employees in need, but just wanting personal information.
  • [Ext] *NetID* Request received: Ticket ID:7831 – trying to spoof the UTHSC ITS Service Desk, this phish used a Microsoft logo to look more authentic.

Keep reporting suspicious emails to abuse@uthsc.edu for examination and any other inquiries for the Office of Cybersecurity should be directed to itsecurity@uthsc.edu.