Security News > 2021 > December > Phishing attacks use QR codes to steal banking credentials

A new phishing campaign that targets German e-banking users has been underway in the last couple of weeks, involving QR codes in the credential-snatching process.
If the embedded button is clicked, the victim arrives at the phishing site after passing through Google's feed proxy service 'FeedBurner.
The actors register their own custom domains that are used for these re-directions as well as for the phishing sites themselves.
In the most recent phishing campaigns, the threat actors use QR codes instead of buttons to take victims to phishing sites.
Once the victim arrives on the phishing site, they are requested to enter their bank location, code, user name, and PIN. If these details are entered on the phishing page, the user waits for validation and then is prompted to enter their credentials again due to them being incorrect.
This repetition is a common quality tactic in phishing campaigns to eliminate typos when the user enters their credentials the first time.
News URL
Related news
- How QR code attacks work and how to protect yourself (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- How New AI Agents Will Transform Credential Stuffing Attacks (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Week in review: How QR code attacks work and how to protect yourself, 10 must-reads for CISOs (source)
- Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)