Phishing emails are one of the most common ways to obtain user credentials. They’ve been around for years, but recently many phishers have found new methods to trick users into giving up their Microsoft 365 accounts. If you receive a QR code in an email from your company, follow these steps to make sure it isn’t dangerous: • Scan the QR Code with your smartphone camera without opening any apps. • If no error is shown on screen after scanning the code then proceed with caution and delete the email immediately if possible or change all passwords associated with that account as soon as possible.,
The “this phishing attack is using a sneaky trick to steal your passwords, warns Microsoft” is a recent phishing email that contains a QR code. The QR code can be used to steal the user’s Microsoft 365 credentials.
Alexandru Poloboc is an author.
Editor of the News
Alex spent the most of his time working as a news reporter, anchor, and on TV and radio, with an overriding drive to always get to the bottom of things and find the truth… Continue reading
- Abnormal Security’s experts have discovered a new email phishing scheme.
- The emails include QR codes that, if scanned, may result in dire consequences.
- There are allegedly voicemail messages in addition to the scannable codes.
- This approach is used by attackers to obtain victims’ Microsoft 365 credentials.
Hackers are again at it, this time sending out phishing emails with QR codes in an attempt to steal login credentials for Microsoft 365 cloud apps.
Make sure you don’t fall victim to these unscrupulous third parties since fraudsters are after usernames and passwords for business cloud services like Microsoft 365.
These nefarious people or groups may use them to launch malware or ransomware attacks, or even sell stolen login credentials to other hackers for use in their own operations.
Attackers are increasingly included QR codes in their phishing emails.
Hackers have devised yet another brilliant method of duping users into unwittingly giving up their passwords by clicking links to phishing websites that seem to be genuine Microsoft login pages.
One of the most recent phishing attacks, spotted and reported by cybersecurity experts at Abnormal Security, involves emails with QR codes.
These codes are intended to get through email security and steal login information. This is referred to as a quishing assault.
What makes these messages stand out is that they included QR codes that provided access to a missed voicemail, evading the URL scan function found in secure email gateways and native security restrictions. Because all of the QR code pictures were made and distributed on the same day, it’s unlikely that they’ve been reported before and would be recognized by a security blocklist. Six different identities were utilized to send messages for the campaign, the majority of which were created to look to be in the same industry as the target.
Because normal email security precautions like URL scanners won’t pick up any evidence of a suspicious link or attachment in the message, QR codes may be effective weapons when deployed by hostile third parties.
The above-mentioned campaign is really being conducted through previously hacked email accounts.
This clever approach enables attackers to send emails from actual people’s accounts at real firms, giving them an air of validity that encourages victims to believe them.
The phishing emails claim to include a voicemail message from the owner of the email account from which they were sent, and the victim is instructed to scan a QR code to listen to the audio.
It’s also worth noting that all of the QR codes examined by security experts were produced on the same day they were delivered.
While employing QR codes allows victims to overcome email defenses more quickly, they must still go through a number of additional steps before they are in a position to give hackers their login information by accident.
The user must first scan the QR code for this to operate, and if they’re reading the email on their phone, they’ll struggle to do so without a second phone.
To avoid being a victim of these phishing emails, you should be very cautious when scanning QR codes offered in unexpected communications, even if they seem to originate from recognized contacts.
Enabling multi-factor authentication for Microsoft 365 accounts may also help keep login information safe.
Have you received any strange emails with QR codes in them? Please share your thoughts in the comments box below.
Was this page of assistance to you?
Thank you very much!
There are insufficient details It’s difficult to comprehend Other Speak with a Professional
Start a discussion.
Phishing emails containing QR codes can steal your Microsoft 365 credentials. These are often sent to users via email, but they also may be sent via text message or social media. The phishing email will have a link that leads to a fake website. If you click on the link, your Microsoft account information is stolen. Reference: phishing news.
- qr code phishing
- zoom phishing email
- microsoft phishing
- zdnet phishing