Security News > 2023 > August > Major U.S. energy org targeted in QR code phishing attack

A phishing campaign was observed predominantly targeting a notable energy company in the US, employing QR codes to slip malicious emails into inboxes and bypass security.
According to Cofense, who spotted this campaign, this is the first time that QR codes have been used at this scale, indicating that more phishing actors may be testing their effectiveness as an attack vector.
The threat actors use QR codes embedded in images to bypass email security tools that scan a message for known malicious links, allowing the phishing messages to reach the target's inbox.
Hiding the redirection URL in the QR code, abusing legitimate services, and using base64 encoding for the phishing link all help evade detection and get through email protection filters.
QR codes have been used in phishing campaigns, albeit on a smaller scale, in the past, including one in France and one in Germany.
Apart from training, Cofense also suggests that organizations use image recognition tools as part of their phishing protection measures, although these are not guaranteed to catch all QR code threats.
News URL
Related news
- How QR code attacks work and how to protect yourself (source)
- Week in review: How QR code attacks work and how to protect yourself, 10 must-reads for CISOs (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- Google binning SMS MFA at last and replacing it with QR codes (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)