Inky uncovers malicious QR codes used in phishing attacks
According to Inky Technology Corp., image-based emails with integrated Quick Response (QR) codes are being used in phishing attacks.
To fool receivers more readily and collect critical information, the attackers utilize highly customized image-based spam emails that incorporate QR codes within their bodies. Users who scan these codes are routed to bogus websites meant to steal their credentials.
To generate a false impression of credibility, the emails frequently appear to come from email accounts within the recipient’s own organization. The emails provide directions for employees to handle critical security problems such as two-factor authentication enrollment or password updates. These emails also warn recipients of potential penalties for failing to comply, in order to compel them into compliance. Unsuspecting victims who click on the embedded QR code are routed to a phony website posing as a real corporate site. This fake webpage steals their passwords and sends them to the attackers covertly.
Inky refers to this campaign as the “spray and pray” technique since it seeks to reach as many individuals as possible in order to maximize its success rate. The emails, on the other hand, lack any written content and rely primarily on attached picture assets. By doing so, the attackers circumvent security safeguards that generally focus on analyzing email text. Some email programmes and services show attached photos automatically, leaving receivers unaware that the email itself includes no visible text.
It adds QR codes within the photos to allow attackers to shorten the time it takes recipients to access the infected site, reducing the risk of suspicion. When a user scans the malicious QR code, they are routed to a credential-harvesting website that seems like a legitimate service, such as those provided by Microsoft Corp., to increase the credibility of the phishing effort.
According to the Inky researchers, combating the issue of malicious QR codes necessitates a multidimensional strategy that involves optical character recognition to extract text from attached photos as well as artificial intelligence techniques to detect these risky emails. It went on to say that over 545 emails have been logged so far, including victims in the United States and Australia. Nonprofits, wealth management organizations, management consultants, a land surveyor, and even a flooring company are among the targets.
The sources for this piece include an article in ArsTechnica.