Security News > 2023 > August > Major US Energy Company Hit by QR Code Phishing Campaign

Cofense, a U.S.-based email security company, released a new report about a massive QR code phishing campaign that targets numerous industries.
QR codes are not often used in phishing campaigns; cybercriminals tend to use them more in day-to-day life, leaving QR codes in different places so curious people will scan them and possibly get scammed or infected by malware.
There is at least one benefit for cybercriminals to use QR codes in emails, especially for launching phishing campaigns: There are a lot more chances to bypass security and land in the user's mailboxes because the phishing link is hiding inside the QR image.
QR codes need a scanning device to be used, which in most cases will be a mobile phone, as those devices now usually embed a QR code scanner that works with their camera.
On mobile devices, only allow QR codes to be opened by security applications such as antivirus that include QR code scanning as a feature.
In companies where no QR code is used, employees should never scan any QR code from any source that pretends to come from the organization.
News URL
https://www.techrepublic.com/article/major-us-energy-company-hit-by-qr-code-phishing-campaign/
Related news
- Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes (source)
- Google binning SMS MFA at last and replacing it with QR codes (source)
- 2024 phishing trends tell us what to expect in 2025 (source)
- How QR code attacks work and how to protect yourself (source)
- Week in review: How QR code attacks work and how to protect yourself, 10 must-reads for CISOs (source)
- US cities warn of wave of unpaid parking phishing texts (source)