A rising threat has surfaced in the ever-evolving landscape of cyber threats, catching many businesses off-guard. Scammers can use QR code phishing campaigns, frequently sent via email, with links to malicious content. 

This innovative method bypasses conventional online detection systems, enticing victims with seemingly legitimate prompts like password resets or two-factor authentication requests.

Understanding QR codes

QR codes are two-dimensional barcodes that store information, such as URLs or contact details. They can be scanned with smartphones or other camera-equipped devices, often directing users to websites or apps. 

Hackers disguise these QR codes to appear legitimate. Once scanned, they can redirect to phishing sites or initiate malware downloads. The limited screen size of mobile devices exacerbates the issue, making it harder for users to recognise red flags.

The considerable danger here is that users cannot see what links or online apps are being opened when they scan the code. By the time they realise that it’s malicious content, it’s often too late. 

Why are QR codes used for phishing?

1. Device shift: These codes move the attack from secured corporate systems to potentially less secure personal devices like mobile phones. 
2. Credential theft: They exploit the most common vector - the URL but in a less detectable form.

You can view an example below of an attempt from a Facebook impersonation where the user is given a QR code to secure their account.

The role of Microsoft Defender for Office 365

Recognising the threat, as of yesterday, Microsoft has now enhanced its Defender for Office 365 to combat QR code phishing effectively. 

Here's how:

• Image detection: Advanced image extraction technologies detect QR codes in emails, extracting URL metadata for analysis.
• Threat signals analysis: A combination of various mail flow signals, including QR code detection, feeds into machine learning algorithms for a robust threat assessment.
• URL analysis: URLs extracted from QR codes undergo scrutiny through machine learning models and reputation checks. For higher-tier licenses, sandboxing is employed for deeper investigation.
• Heuristic-based rules: Microsoft uses these rules to adapt swiftly to evolving attack patterns, efficiently blocking malicious QR code phishing emails.

Impact and results

Additional protection measures

• Extended Detection and Response (XDR): Offers comprehensive defence, including account identity protection.
• Endpoint Protection: Anti-phishing capabilities for mobile devices, blocking access to phishing sites.
• End-User Training: Attack Simulation Training helps users identify and respond to phishing attacks, including QR code-based threats.

Staying vigilant

As QR code phishing represents a shift in tactics, it's crucial to remain cautious and vigilant. Always verify the legitimacy of the email and its contents before acting. Regularly review policies and configurations and utilise Microsoft's resources to maintain a secure posture.

Book a 1-2-1 call with Niomie to find out more about what you can do about phishing.