HQ/EMEAFind out how we can help your business
A Chinese-speaking phishing campaign utilises a QR code to steal credit card details and critical information from potential victims.
Based on reports, the phishing campaign operators distribute the document with a QR code to targets as email attachments. The threat actors use a lure about a government grant for the last quarter of 2022. The email includes several state institutions, copyrights, and security numbers to increase its legitimacy and not raise suspicions from the targets.
Subsequently, the phishing email recipient is prompted by the message to scan the QR code using WeChat to receive the fake government grant.
However, using QR codes to claim a reward is an unusual but efficient technique to urge the target to switch from a computer to a smartphone. Threat actors have also targeted smartphones for their phishing attacks since most have weaker protection and detection features.
The victims of the QR code phishing campaign will be redirected by the fake email to a webpage.
The targets baited by the lure and scanned the QR codes will be redirected to a page containing the exact details as in the Word document. Clicking a button allows the user to initiate the app for the fake grant.
Next, the webpage will request the user to provide a bank card number. Moreover, the input field for the card details will prioritise the cardholder provided by the Commercial Bank of China.
Another form will appear after a user completes the requested card number. In addition, the threat actors will request further information regarding their target, credit balance, and bank card.
The threatening part of this attack is that the actors are harvesting numerous card details, which they can reuse to make identity fraud transactions. Once a targeted user accomplishes the form, they will be shown redirected again to a webpage with a loading icon.
As of now, it is still a mystery if the phishing website creates a fraudulent transaction in the background or if the stolen data is forwarded to an attacker-controlled server. Unfortunately, the researchers claimed that the phishing operators have already harvested troves of data that could enable them to make fraudulent transactions and payments.
