Major US Energy Organization Targeted In QR Code Phishing Attack 13
A phishing campaign has targeted a notable energy company in the U.S., bypassing email security filters to slip malicious QR codes into inboxes. BleepingComputer reports: Roughly one-third (29%) of the 1,000 emails attributed to this campaign targeted a large US energy company, while the remaining attempts were made against firms in manufacturing (15%), insurance (9%), technology (7%), and financial services (6%). According to Cofense, who spotted this campaign, this is the first time that QR codes have been used at this scale, indicating that more phishing actors may be testing their effectiveness as an attack vector. Cofense did not name the energy company targeted in this campaign but categorized them as a "major" US-based company.
Cofense says the attack begins with a phishing email that claims the recipient must take action to update their Microsoft 365 account settings. The emails carry PNG or PDF attachments featuring a QR code the recipient is prompted to scan to verify their account. The emails also state that the target must complete this step in 2-3 days to add a sense of urgency. The threat actors use QR codes embedded in images to bypass email security tools that scan a message for known malicious links, allowing the phishing messages to reach the target's inbox.
To evade security, the QR codes in this campaign also use redirects in Bing, Salesforce, and Cloudflare's Web3 services to redirect the targets to a Microsoft 365 phishing page. Hiding the redirection URL in the QR code, abusing legitimate services, and using base64 encoding for the phishing link all help evade detection and get through email protection filters.
Cofense says the attack begins with a phishing email that claims the recipient must take action to update their Microsoft 365 account settings. The emails carry PNG or PDF attachments featuring a QR code the recipient is prompted to scan to verify their account. The emails also state that the target must complete this step in 2-3 days to add a sense of urgency. The threat actors use QR codes embedded in images to bypass email security tools that scan a message for known malicious links, allowing the phishing messages to reach the target's inbox.
To evade security, the QR codes in this campaign also use redirects in Bing, Salesforce, and Cloudflare's Web3 services to redirect the targets to a Microsoft 365 phishing page. Hiding the redirection URL in the QR code, abusing legitimate services, and using base64 encoding for the phishing link all help evade detection and get through email protection filters.
Re: (Score:2)
I'm sure all political parties are collective thugs and bullies. As the recently denounced Kari Lake demonstrated, only one political party openly demands voters assault anyone who disagrees with it.
Change Ms Lake's "Democrat" to "politician" and I'll agree with her, 200 percent.
Password Managers FTW again! (Score:3)
If you're not on the actual legitimate site, a password manager won't present the saved password - no matter how much the page looks like the real page or the URL looks like the real URL to you.
Not-so-side note: QR Codes suck.
Re: (Score:3)
Ahh yes., the QR code - the digital equivalent of the 'glory hole'.
Maybe I've completely missed the point here, but I'm personally quite surprised this was ever successful - to see a QR code in an email you've got to download images - Out of 100 legitimate emails I get from places I actually have a relationship with, I download the images maybe 0 times. I mean, almost never - the only times are if one of the kids gets some sort of certificate or congratulatory email, then I'll get the images before I print
Long-time coming (Score:2)
QR codes for redirecting to malware aren't new: They have the benefit of not being human readable, so there's no way to check their honesty. It's surprising that malicious QR codes are rare, particularly since smart phones have evolved to use QR codes ubiquitously and to hold the owner's entire digital life.
QR codes were invented as a way of easily transferring information between devices. (SMS vCard never worked and mesh networks didn't exist at the time.) Most times, this information relates to securi
This doesn't work (Score:2)
I got such an email a couple of days ago. Opened it in my laptop, scanned the QR code with my Nokia 110 smartphone... nothing happened. These hackers are incompetent.
This isn't newsworthy (Score:2)
It's par for the course for energy companies (not just in the US) to have their employees or contractors subject to phishing attacks. A typical large energy company will fend off these kinds of attacks literally daily. Phishing for credentials as well as financial transfers is one of the biggest concerns for this industry and at this point this is about as newsworthy as some grandma getting an email from a Nigerian prince.
Cybersecurity (Score:1)