Written by AJ Vicens
Oct 26, 2021 | CYBERSCOOP
Email fraudsters are seizing on the attention around the quick response codes that have become more common in restaurants and stories, leveraging QR codes try to steal users’ Microsoft credentials and other data.
The latest campaign, uncovered Tuesday by the email security company Abnormal, leveraged compromised email accounts in order to bypass standard security screening, then target nearly 200 email accounts between Sept. 15 and Oct. 13, 2021. The operation is the latest example of QR code-enabled phishing, with warnings about “QRishing” or “quishing” dating back to at least 2012. The Better Business Bureau warned of such scams this summer, and the Army Criminal Investigation Command’s Major Cybercrime Unit warned of potential problems in March.
An earlier version of the effort unveiled Tuesday embedded a malicious link behind what looked like a voicemail .WAV file. When that link was flagged by security screening services, attackers then switched to a QR code to redirect a victim to a credential harvesting page. The research did not identify the attackers behind the campaign.
A message below the QR code instructed the victim to scan it to “enable you to listen to encrypted Voicemail.”