A major US energy company has been targeted in a sophisticated phishing campaign that sent over 1,000 emails containing malicious QR codes. The attack, which was discovered by cybersecurity firm Cofense in May, used a combination of PNG image attachments and redirect links associated with well-known business applications to deceive victims.
The phishing emails employed various tactics to create a sense of urgency and trick recipients into clicking on the malicious QR codes. The messages impersonated Microsoft security alerts, claiming that the recipients needed to update their account’s security settings, including two-factor authentication and multi-factor authentication. Once victims clicked on the QR codes or links, they were directed to a fake Microsoft credential phishing page.
While the campaign targeted multiple industries, the US energy company bore the brunt of the attacks, receiving over 29% of the phishing emails. Other highly targeted industries included manufacturing (15%), insurance (9%), technology (7%), and financial services (6%). Cofense did not disclose the name of the energy firm for security reasons.
The phishing campaign has been rapidly growing since May, with a staggering increase of over 2,400%. On average, the volume of phishing emails has been growing by more than 270% month-to-month. It appears that the attackers were initially testing the effectiveness of QR codes in mid to late June before observing a significant increase in their usage. This upward trend has continued into August, according to Nathaniel Raymond, a cyber threat intelligence analyst at Cofense.
QR codes are not commonly used in phishing campaigns due to their additional requirement of engaging with the victim. However, they offer several advantages over traditional phishing links or malicious file attachments. QR codes have a higher chance of bypassing Secure Email Gateways (SEGs) as they are often not scanned by these security systems. By embedding QR codes in PDF or image attachments, the attackers can increase the chances of their emails reaching the intended recipients’ inboxes.
The majority of phishing emails in this campaign contained PNG image attachments with embedded QR codes delivering Microsoft credential phishing links. Most of these links were Bing redirect URLs, which are legitimate domains owned by Microsoft but can also be exploited for malicious purposes.
To mitigate the risk of falling victim to such phishing campaigns, it is crucial to train employees to identify sophisticated techniques as they evolve. According to Raymond, a trained employee would immediately be suspicious of QR codes in day-to-day email operations, emphasizing the importance of regular employee training. The general advice is to avoid scanning unknown QR codes from unfamiliar sources found in corporate emails and to only follow trusted links.
Phishing attacks continue to evolve, and attackers are devising new methods to deceive users and steal sensitive information. It is imperative for individuals and organizations to remain vigilant, stay updated on the latest phishing techniques, and implement robust cybersecurity measures to protect against such threats.