Researchers at Abnormal Security have identified a new phishing campaign that used QR codes to trick victims into giving away their credentials instead of the usual malicious attachment or link. The threat actor used compromised email accounts within the organization to share the phishing email and used a lure of a missed voicemail. All the QR code images were created the same day they were sent, which makes it likely that they had not been reported as malicious previously. Abnormal Security stated that when scanned, the codes led users to phishing pages hosted on Google and Amazon domains. It is unclear how well the threat actor anticipated the emails to work. Due to the fact that QR codes need to be scanned manually, it is a longer process for the victim as opposed to simply clicking a link. According to the Better Business Bureau, a survey conducted on 4,400 Americans showed that just over 37% would be able to identify when a QR code is malicious.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security