UCLA Information Security Office is aware of UCLA members being targeted by a phishing email impersonating Duo Security. The body of the message is entirely composed of an image file, which contains both text and a QR code. This tactic is designed to bypass traditional email security filters, which often scan the text content of an email to detect suspicious keywords, links, or formatting.

What to Watch For:

• Emails that contain only an image instead of readable text.
• Prompts to scan a QR code for account setup, authentication, or urgent updates.
• Branding from trusted services (e.g., Duo, UCLA) but unusual requests or grammar.

Subject: Set_Duo: New_UCLA Mail Exercise.

Sender: Anne Peterson <annepeterson@eduadmn.com>

Body:

This is an automated email from Duo Security.

Your organization invites you to set up a user account for Duo. You will find instructions from your Duo administrator below. If you have questions, please read the guide to learn more.

Welcome to University of California Los Angeles 2-Factor Authentication enrollment process.

You are hereby required to confirm if your contact details with Duo Security service remain the same or need to be updated for the new academic session

Just scan the QR code below with your phone camera to complete exercise.

Read the guide to learn more about two-factor authentication:

http://guide.duosecurity.com

Report Scams 

If you receive a suspicious email, do not click on any links, open any attachments, send payment, or supply any credentials. Please do not reply to the email and immediately contact security[@]ucla.edu and report it to your IT team.