HQ/EMEAFind out how we can help your business
Researchers observed a new phishing campaign that uses QR Code to target a prominent energy firm in the United States to slip malicious emails into inboxes and avoid detection.
Based on reports, the threat actors used the QR code for the first time in this magnitude. This detail indicates that numerous threat actors are executing a trial run to see if their operations are successful.
Phishing email campaigns that leverage QR codes.
According to investigations, the campaign that uses a QR code starts with a phishing email that prompts a target to take action about updating the MS 365 account settings.
The emails include PNG or PDF attachments that contain a QR code that the recipient should scan to verify their account. Analysts stated that the threat actors utilise QR codes attached to images to bypass email security solutions that could flag a message for known malicious links. The tactic allows phishing messages to reach the target’s inbox uninterrupted.
Furthermore, the QR codes redirect users to Bing, Salesforce, and Cloudflare’s Web3 service to make their targets reach an attacker-controlled Microsoft 365 phishing page.
Hence, the threat actors exploit detection and email protection filters by hiding the redirection URL in the QR code, which could also abuse legitimate services and use base64 encoding for the phishing link.
Various attackers have employed QR codes in their phishing campaigns, whether the attacks are for large-scale or small-time. Scammers have also adopted such codes to deceive their targets into scanning them and redirecting them to malicious websites that could steal money.
Researchers explained that QR codes still need the victim to cooperate with their attack to make their attacks successful. Therefore, organisations need to train their employees to mitigate the impact of these campaigns.
Furthermore, newer smartphone QR code scanners will first ask their users to verify the legitimacy and safety of the URL before launch. Experts suggest that firms utilise image recognition solutions as part of their phishing protection defences, although they cannot guarantee their effectiveness.
