Cyble Research and Intelligence Labs has discovered a new QR code-based phishing campaign targeting users in China. The attackers are distributing malicious Word documents that appear to be official communications from the Ministry of Human Resources and Social Security. These documents are designed to trick users into providing sensitive bank card information under the pretense of verifying their identity for government subsidies.
The phishing scheme uses QR codes embedded in these documents to direct users to fraudulent websites. Once on the site, users are prompted to enter personal details such as names, national IDs, and bank card information, which are purportedly needed to process the subsidy application. This approach exploits the growing familiarity with QR codes, which has made users less cautious about scanning them.
The campaign employs a Domain Generation Algorithm (DGA) to frequently change the domain names used for the phishing sites, making them harder to block and detect. The sites are designed to look official and credible, with government logos and formal language, further deceiving victims into believing the scam is legitimate.
To protect against such phishing attacks, users should only scan QR codes from trusted sources, verify the legitimacy of URLs before entering any personal information, and use reputable antivirus software. Staying informed about phishing techniques and monitoring financial statements regularly can also help in identifying and mitigating these threats.
Reference:
