July 2, 2019 By David Bisson 2 min read

Security researchers noticed fraudsters incorporating QR codes into various phishing attack campaigns as a way to evade URL analysis.

Cofense observed that the phishing campaigns used simple emails to evade URL analysis from respected security solutions. Overall, the body of the messages used just a few basic HTML elements and an embedded GIF of a QR code to set up an effective disguise as a SharePoint email. With this mask in place, the attack messages instructed recipients to scan the QR code to review an important document.

If they complied, the QR code redirected the recipients to a phishing website located at hxxps://digitizeyourart[.]whitmers[.]com/wp-content/plugins/wp-college/Sharepoint/sharepoint/index[.]php via their smartphone’s browser. In so doing, the campaign moved the phishing attack away from the corporate business network, not to mention whatever URL analysis tools might be in place, and onto a user’s mobile device. The site then instructed recipients to sign in to their AOL, Microsoft or “Other” account so the phishers could make off with their login credentials.

QR Codes and Other Clever Phishing Tactics

QR codes have been used for malicious purposes before. Back in 2012, for instance, The Register reported a surge of activity in which threat actors printed out stickers displaying QR codes that pointed to malicious websites. These individuals then placed these stickers over legitimate QR codes deployed in well-trafficked areas such as airports and city centers.

In 2016, Vade Secure came across a phishing campaign leveraging QR codes. This operation ultimately redirected users who scanned the embedded QR codes to a compromised WordPress website. There, they received instructions to fill out a form by entering their login credentials.

Supplementing URL Analysis for Email Defense

Security professionals can help supplement URL analysis and thereby boost their organization’s email defenses by conducting test phishing engagements to empower each and every employee in defending the corporate network. Approaches such as ahead-of-threat detection can also help block potentially malicious domains, including those leveraged in phishing attacks, before they become active.

More from

Generative AI security requires a solid framework

4 min read - How many companies intentionally refuse to use AI to get their work done faster and more efficiently? Probably none: the advantages of AI are too great to deny.The benefits AI models offer to organizations are undeniable, especially for optimizing critical operations and outputs. However, generative AI also comes with risk. According to the IBM Institute for Business Value, 96% of executives say adopting generative AI makes a security breach likely in their organization within the next three years.CISA Director Jen…

Q&A with Valentina Palmiotti, aka chompie

4 min read - The Pwn2Own computer hacking contest has been around since 2007, and during that time, there has never been a female to score a full win — until now.Valentina Palmiotti, aka chompie, changed that. At the March 2024 competition, Palmiotti scored a full win with her discovery of an Improper Update of Reference Count bug to escalate privileges on Windows 11. It was her first time entering Pwn2Own.Pwn2Own is considered one of the most — if not the most — prestigious…

Self-replicating Morris II worm targets AI email assistants

4 min read - The proliferation of generative artificial intelligence (gen AI) email assistants such as OpenAI’s GPT-3 and Google’s Smart Compose has revolutionized communication workflows. Unfortunately, it has also introduced novel attack vectors for cyber criminals. Leveraging recent advancements in AI and natural language processing, malicious actors can exploit vulnerabilities in gen AI systems to orchestrate sophisticated cyberattacks with far-reaching consequences. Recent studies have uncovered the insidious capabilities of self-replicating malware, exemplified by the “Morris II” strain created by researchers. How the Morris…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today