Cybersecurity researchers from Cofense recently observed a large-scale phishing campaign that targeted, among others, a “major” U.S. energy company.
What makes this campaign unique is the fact that the attackers used QR codes to bypass email security solutions at scale, which is not something we see very often.
Phishing is a key attack vector, with nine in ten cyberattacks starting through this communications channel. However, email security solutions have become quite good at filtering abusive content over the years, which is why the majority of phishing emails that carry either malicious links, or attachments, never usually make it to victims’ inboxes.
This has prompted some threat actors to get creative, and use innovative methods to sneak past security gateways. One such method is the deployment of QR codes, which redirect the victim to a phishing site.
As the QR codes come in the form of a .PNG or .JPG, they’re able to evade detections. Another unique aspect of this particular campaign is its scale, with thousands of emails being sent out – again a rare sight.
Cofense says that the attackers distributed roughly 1,000 emails, with almost a third (29%) targeting a single, unnamed but prominent U.S. energy company. Other emails were sent to companies operating in the manufacturing (15%), insurance (9%), technology (7%), and financial services (6%) sectors.
The QR codes redirected the victims to a malicious landing page resembling a Microsoft 365 login page, with the obvious goal of stealing the login credentials for the service. In the email, the victims were told they needed to update their account settings within three days, adding a false sense of urgency.
The good news is that victims still need to take action to get compromised, which shouldn’t be easy for well-trained employees. However, recent reports have shown that many workers are still falling for fake and dangerous emails.