Skip to main content

Cornell University

IT@Cornell

Cornell |Re_Authenticationd Required| 17/Nov/2023

This phish typically originates from a non-Cornell email address. The sender may appear as "Cornell |Multi_auth_factor Subsystem®|Administration [user]@khaki.plala.or.jp>". Do not scan the QR code nor reply to the sender. The QR code directs to a fake login page. If you entered your credentials into the page, change your NetID password at https://netid.cornell.edu.
A fake Microsoft-branded notification with the heading "Microsoft Multi-Authentcator 2fa Policy" and a QR code.
Microsoft Multi-Authentcator 2fa Policy Your authenticator session is expiring today You must re-authenticate to avoid locked out of your microsoft app services. Note: We strongly recommend you scan the QR code below with your camera on your mobile device to secure your account.

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.