In an age when almost everything is becoming digitized, cyber criminals are increasingly using more sophisticated and diverse methods to launch attacks. According to a report by renowned cybersecurity firm, Kaspersky, QR codes, once lauded as a convenient means of sharing information, have now become a tool for fraudsters to carry out phishing attacks.
Initially, attackers started leveraging QR codes for scam email campaigns towards the end of 2021. Imitating delivery services such as FedEx and DHL, the scammers tricked recipients into believing that they needed to pay custom duties. The victims were then led to a fake bank card data entry page after scanning the QR code provided in the email.
While the scale of this activity slowed down by mid-2022, the method caught on and evolved to a new modus operandi in spring 2023. This time, corporate users of Microsoft products were the main targets. The attackers distributed messages which warned the recipients that their corporate email account passwords were about to expire. To retain access, victims were instructed to scan a QR code. Interestingly, the emails varied in origin – some came from free email addresses and others from newly registered domains. To boost credibility, some fraudsters even added the Microsoft Security logo to the QR codes.
Once the user scanned the QR code from the phishing email, they were redirected to a fake login page designed to resemble a Microsoft sign-in page setting a successful trap for unwary users.
The cybersecurity experts at Kaspersky also found that QR codes were used in another phishing scam – an ‘undelivered email notification’ activity. Here, the QR codes also redirected users to a faux Microsoft account sign-in page.
From June through August 2023, Kaspersky detected 8,878 phishing emails containing QR codes. The activities peaked in June with 5,063 instances, gradually reducing to 762 cases by August.
The exploitation of QR codes in scams offers benefits to the fraudsters. Using QR codes makes it harder for cybersecurity solutions to detect and block malicious emails. As QR codes do not contain traditional phishing links, there is a reduced need for cybercriminals to register additional accounts or domains to hide their actions.
Despite the increasing use of QR codes in phishing emails, it’s essential to keep in mind that legitimate senders rarely use these in their emails. Therefore, the presence of a QR code in an email should automatically raise suspicion.
The ever-evolving landscape of cyber threats necessitates constant vigilance, and this recent increase in QR code-related phishing attacks just goes to show that scam techniques continually adapt and find new ways to exploit unsuspecting users. It’s crucial, more than ever, to stay one step ahead by keeping up-to-date with the evolving tactics of cybercriminals.
