QR codes are being used in phishing attacks against US institutions

Hackers sent hundreds of phishing emails to a single energy company

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurity researchers from Cofense recently observed a large-scale phishing campaign that targeted, among others, a “major” U.S. energy company.

What makes this campaign unique is the fact that the attackers used QR codes to bypassemail securitysolutions at scale, which is not something we see very often.

Phishing is a key attack vector, with nine in ten cyberattacks starting through this communications channel. However, email security solutions have become quite good at filtering abusive content over the years, which is why the majority of phishing emails that carry either malicious links, or attachments, never usually make it to victims’ inboxes.

Creative solutions

This has prompted some threat actors to get creative, and use innovative methods to sneak past security gateways. One such method is the deployment of QR codes, which redirect the victim to a phishing site.

As the QR codes come in the form of a .PNG or .JPG, they’re able to evade detections. Another unique aspect of this particular campaign is its scale, with thousands of emails being sent out - again a rare sight.

Some of Google’s new domain names could pose a serious security risk>These dangerous phishing attacks are more common than ever - here’s what you need to know>Here’s our list of the best endpoint protection software

Cofense says that the attackers distributed roughly 1,000 emails, with almost a third (29%) targeting a single, unnamed but prominent U.S. energy company. Other emails were sent to companies operating in the manufacturing (15%), insurance (9%), technology (7%), and financial services (6%) sectors.

The QR codes redirected the victims to a malicious landing page resembling aMicrosoft365 login page, with the obvious goal of stealing the login credentials for the service. In the email, the victims were told they needed to update their account settings within three days, adding a false sense of urgency.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The good news is that victims still need to take action to get compromised, which shouldn’t be easy for well-trained employees. However,recent reportshave shown that many workers are still falling for fake and dangerous emails.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Nokia confirms data breach leaked third-party code, but its data is safe

Best CDN provider of 2024

Black Friday is here: Sony XM5 over-ears drop to their lowest-seen price – act fast!