Security researchers noticed fraudsters incorporating QR codes into various phishing attack campaigns as a way to evade URL analysis.

Cofense observed that the phishing campaigns used simple emails to evade URL analysis from respected security solutions. Overall, the body of the messages used just a few basic HTML elements and an embedded GIF of a QR code to set up an effective disguise as a SharePoint email. With this mask in place, the attack messages instructed recipients to scan the QR code to review an important document.

If they complied, the QR code redirected the recipients to a phishing website located at hxxps://digitizeyourart[.]whitmers[.]com/wp-content/plugins/wp-college/Sharepoint/sharepoint/index[.]php via their smartphone’s browser. In so doing, the campaign moved the phishing attack away from the corporate business network, not to mention whatever URL analysis tools might be in place, and onto a user’s mobile device. The site then instructed recipients to sign in to their AOL, Microsoft or “Other” account so the phishers could make off with their login credentials.

QR Codes and Other Clever Phishing Tactics

QR codes have been used for malicious purposes before. Back in 2012, for instance, The Register reported a surge of activity in which threat actors printed out stickers displaying QR codes that pointed to malicious websites. These individuals then placed these stickers over legitimate QR codes deployed in well-trafficked areas such as airports and city centers.

In 2016, Vade Secure came across a phishing campaign leveraging QR codes. This operation ultimately redirected users who scanned the embedded QR codes to a compromised WordPress website. There, they received instructions to fill out a form by entering their login credentials.

Supplementing URL Analysis for Email Defense

Security professionals can help supplement URL analysis and thereby boost their organization’s email defenses by conducting test phishing engagements to empower each and every employee in defending the corporate network. Approaches such as ahead-of-threat detection can also help block potentially malicious domains, including those leveraged in phishing attacks, before they become active.

More from

BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration

9 min read - This blog was made possible through contributions from Kat Metrick, Kevin Henson, Agnes Ramos-Beauchamp, Thanassis Diogos, Diego Matos Martins and Joseph Spero. BlackCat ransomware, which was among the top ransomware families observed by IBM Security X-Force in 2022, according to the 2023 X-Force Threat Intelligence Index, continues to wreak havoc across organizations globally this year. BlackCat (a.k.a. ALPHV) ransomware affiliates' more recent attacks include targeting organizations in the healthcare, government, education, manufacturing and hospitality sectors. Reportedly, several of these incidents resulted…

9 min read

Now Social Engineering Attackers Have AI. Do You? 

4 min read - Everybody in tech is talking about ChatGPT, the AI-based chatbot from Open AI that writes convincing prose and usable code. The trouble is malicious cyber attackers can use generative AI tools like ChatGPT to craft convincing prose and usable code just like everybody else. How does this powerful new category of tools affect the ability of criminals to launch cyberattacks, including social engineering attacks? When Every Social Engineering Attack Uses Perfect English ChatGPT is a public tool based on a…

4 min read

Despite Tech Layoffs, Cybersecurity Positions are Hiring

4 min read - It’s easy to read today’s headlines and think that now isn’t the best time to look for a job in the tech industry. However, that’s not necessarily true. When you read deeper into the stories and numbers, cybersecurity positions are still very much in demand. Cybersecurity professionals are landing jobs every day, and IT professionals from other roles may be able to transfer their skills into cybersecurity relatively easily. As cybersecurity continues to remain a top business priority, organizations will…

4 min read

How I Got Started: White Hat Hacker

3 min read - White hat hackers serve as a crucial line of cyber defense, working to identify and mitigate potential threats before malicious actors can exploit them. These ethical hackers harness their skills to assess the security of networks and systems, ultimately helping organizations bolster their digital defenses. But what drives someone to pursue a career as a white hat hacker, and how do you get started in leveraging so-called “evil” skills for the greater good?? In this exclusive Q&A, we spoke with…

3 min read