A major US energy company has fallen prey to a targeted phishing campaign involving over 1,000 malicious emails equipped with QR codes designed to pilfer Microsoft credentials.
Discovered by Cofense in May, the attack exploited PNG image attachments and redirect links linked to Microsoft Bing, Salesforce, and CloudFlare’s Web3 services, all containing embedded QR codes. The fraudulent messages exploited urgency tactics by posing as Microsoft security alerts, coercing recipients to update their account security settings, thereby redirecting them to a counterfeit Microsoft credential phishing page.
The US energy firm bore the brunt of the phishing scheme, receiving more than 29% of the harmful QR code-laden emails, while other sectors, including manufacturing, insurance, technology, and financial services, also encountered the malicious campaign. The attack’s momentum has rapidly escalated, witnessing an astronomical 2,400% surge in volume since its discovery in May, with a monthly growth rate surpassing 270%, according to Cofense.
Nathaniel Raymond, a cyber threat intelligence analyst at Cofense, revealed that the campaign’s utilization of QR codes spiked notably in mid-June, while by mid-July, the trend further intensified.
Despite the rarity of QR code usage in phishing emails due to their additional engagement step, these codes confer distinct advantages to attackers, leveraging file attachments to bypass Secure Email Gateways (SEGs) and increasing the likelihood of successful delivery. Nathaniel Raymond emphasized the importance of employee training to recognize evolving phishing techniques, particularly involving unconventional methods like QR codes.
Experts underscored the importance of skepticism and caution, urging users to refrain from scanning QR codes from unknown sources and reinforcing the necessity of verifying links before engaging with them.