Major US Energy Organization Targeted in QR Code Phishing Attack
By [Your Name]
In a recent discovery, cybersecurity firm Cofense has uncovered a sophisticated phishing attack targeted at US energy companies. The attackers utilized QR codes to deliver malicious emails directly to the victims’ inboxes while bypassing security systems.
This marks the first time that such a large-scale use of QR codes has been observed in phishing campaigns, indicating that attackers may be testing the effectiveness of QR codes as a delivery mechanism for their attacks.
Of the 1,000 emails attributed to this campaign, approximately one-third (29%) targeted a large US energy company. The remaining emails were aimed at companies in the manufacturing sector (15%), insurance industry (9%), technology industry (7%), and financial services sector (6%).
Cofense, however, has not disclosed the specific name of the targeted energy company, only categorizing it as a “large” company in the United States.
According to Cofense, the attack begins with a phishing email informing recipients that they need to update their Microsoft 365 account settings urgently. The email contains PNG or PDF attachments with QR codes, prompting recipients to scan them to verify their accounts. To amplify the sense of urgency, the email stresses that the recipients must complete this step within 2-3 days.
The threat actors behind the attack used QR codes embedded within images to bypass email security tools, which typically scan for known malicious links and prevent phishing emails from reaching the target inbox. To evade detection, the phishing campaign leveraged the redirect functionality in Bing, Salesforce, and Cloudflare’s Web3 services, redirecting targets to a phishing page impersonating Microsoft 365. Concealing the redirect URLs within the QR codes, abusing legitimate services, and encoding the phishing links with base64 all contributed to eluding detection and bypassing email protection filters.
QR codes have been previously utilized by attackers in phishing campaigns in France and Germany, albeit on a smaller scale. Additionally, scammers have exploited QR codes to lure individuals into scanning them and redirecting victims to malicious websites in an attempt to steal their money.
In January 2022, the Federal Bureau of Investigation (FBI) issued a warning that cybercriminals are increasingly using QR codes to steal credentials and financial information. While QR codes can successfully bypass certain security measures, they still require actions from the victims to be compromised, which serves as a mitigating factor that favors well-informed individuals.
Furthermore, most QR code scanners on modern smartphones require users to verify the target URL before launching a browser, serving as an additional layer of protection.
In addition to training, Cofense advises enterprises to incorporate image recognition tools as part of their phishing prevention measures, although these tools are not foolproof in capturing all QR code threats.
References: Major U.S. energy org targeted in QR code phishing attack (bleepingcomputer.com)