Quick Responses codes, or famously known as QR codes, are used to track product information in a supply chain. These QR codes have several functions: bill payment, product checker, website shortcuts, online shop shortcuts, and many more.
However, even the QR codes’ functionality is intended for the excellent use of people; there are times when several criminals commit malicious acts.
Recently, a research team has discovered an email phishing scam that contains that attempt to steal the user’s saved cryptocurrency, information, and Microsoft credentials.
Cybersecurity firms reported and blocked about 200 phishing attempts.
Earlier this month, a cybersecurity firm reported that they blocked over 200 emails from phishing espionage. Threat actors tried to lure unaware users with messages containing compromised QR codes that offer access to missed voicemails. If the users try to play the voice message, they will be redirected to a bogus Microsoft page that will automatically gather and steal their saved.
Threat actors avoid detection protocols by increasing their legitimacy.
Malicious threat actors used compromised MS Outlook accounts to increase their legitimacy and make their phishing emails more convincing. In addition, an increase in account legitimacy also helps the threat actors to evade email security systems. The threat actors also attached enterprise survey services connected to Google IP addresses and Amazon to host their phishing pages.
The QR Codes were known to be developed by threat actors during the same day when they sent their phishing emails.
Researchers believe that the threat actors do that mainly because to avoid detection and prompt reporting.
What should the people do to avoid getting tricked?
Legitimate QR codes help a lot during the pandemic, but people always want to take advantage of things that can give them easy money. If an unaware victim scans a compromised QR code, they will give the hackers a chance to steal all their credentials. It is advised to double-check or ask if the QR code is legit and safe to scan.
Lastly, if QR codes ask the users for login details such as username and password, verify the web address first before making any sudden movements.
