Security News > 2023 > August > Major US Energy Company Hit by QR Code Phishing Campaign

Major US Energy Company Hit by QR Code Phishing Campaign
2023-08-24 21:29

Cofense, a U.S.-based email security company, released a new report about a massive QR code phishing campaign that targets numerous industries.

QR codes are not often used in phishing campaigns; cybercriminals tend to use them more in day-to-day life, leaving QR codes in different places so curious people will scan them and possibly get scammed or infected by malware.

There is at least one benefit for cybercriminals to use QR codes in emails, especially for launching phishing campaigns: There are a lot more chances to bypass security and land in the user's mailboxes because the phishing link is hiding inside the QR image.

QR codes need a scanning device to be used, which in most cases will be a mobile phone, as those devices now usually embed a QR code scanner that works with their camera.

On mobile devices, only allow QR codes to be opened by security applications such as antivirus that include QR code scanning as a feature.

In companies where no QR code is used, employees should never scan any QR code from any source that pretends to come from the organization.


News URL

https://www.techrepublic.com/article/major-us-energy-company-hit-by-qr-code-phishing-campaign/