Phishing Campaign Uses QR Codes to Evade URL Analysis

Some security products attempt to prevent phishing attacks by wrapping or analyzing URLs. However, a new phishing campaign uses QR codes to evade this URL analysis by tempting users to “scan bar code to view document” in a fraudulent SharePoint email. If scanned, the QR code redirects the user to a SharePoint-branded phishing website and prompts them to sign in with AOL, Microsoft, or “Other” account services. In addition, the phishing site is optimized for mobile viewing. Scanning the QR code on mobile devices may evade standard corporate security controls including secure email gateways, link protection services, sandboxes, and web content filters. The NJCCIC recommends users avoid scanning QR codes, clicking on links, and opening attachments from unsolicited or unexpected emails, even those appearing to be from known companies. Users are advised to, instead, navigate to websites by manually typing the URL into the address bar of their browser. Additionally, educating end users about this and similar threats can reduce victimization. Additional details may be found in the Cofense post.