Cyber criminals are sending out phishing emails containing QR codes in a campaign designed to harvest login credentials for Microsoft 365 cloud applications.
Usernames and passwords for enterprise cloud services like Microsoft 365 are a prime target for cyber criminals, who can exploit them to launch malware or ransomware attacks, or sell stolen login credentials onto other hackers to use for their own campaigns.
Cyber criminals are looking for sneaky new ways to dupe victims into clicking links to phishing websites designed to look like authentic Microsoft login pages, accidentally handing over their credentials.
One recent campaign detailed by cybersecurity researchers at Abnormal Security sent hundreds of phishing emails that attempted to use QR codes designed to bypass email protections and steal login information. This is known as a “quishing” attack.
QR codes can be useful in attempts at malicious activity because standard email security protections like URL scanners won’t pick up any indication of a suspicious link or attachment in the message.
The campaign is run from previously compromised email accounts, allowing the attackers to send emails from accounts used by real people at real companies to add an aura of legitimacy to the emails, which could encourage victims to trust them. It’s not certain how the attackers initially gain control of