Annotations
This phish typically originates from a non-Cornell account. The sender varies, typically with a display name of "Cornell" but with various non-Cornell email addresses. Do not reply to the sender nor scan the QR code. The QR code directs to a fake login page that no longer appears active. If you entered your credentials into the page, change your NetID password immediately. https://it.cornell.edu/netids-security-and-policy/change-your-netid-password