Over 1,000 emails were issued with security-related lures and containing malicious barcodes.
Cyberattackers took aim at a major US energy company with emails including a malicious QR code and a massive phishing campaign seeking to obtain the recipient’s Microsoft credentials.
The massive and highly misleading campaign was first discovered in May by Cofense.
The email scam campaign used image attachments in PNG format as well as redirect links associated with well-known business applications such as Microsoft Bing, Salesforce and CloudFlare’s Web3 services. They included an embedded QR code that functioned maliciously when scanned, according to the researchers who recently published a post on the subject.
The email messages were designed to draw people to click the links or scan the barcode based on a sense of urgency. The emails were a spoof of Microsoft security alerts and wrongfully informed the recipients that they were required to update the account security settings they had associated with their two-factor authentication (2FA) and their multi-factor authentication (MFA) among other security steps. The links and emails sent within the emails directed recipients to a phishing page for Microsoft credentials.
The malicious QR code was also embedded into each email, so it took only a scan to be sent to the phishing site.
The campaign impacted a number of industries, including a leading US energy firm, which received most of the phishing emails that were distributed. Employees of that company were the recipients of over 29 percent of the total emails with the links and barcodes.
The other industries affected by this scam included manufacturing (15 percent), insurance (9 percent), technology (7 percent) and financial services (6 percent). Cofense did not issue the names of affected companies, including the energy firm that received the most attention from the scammers.
The campaign with the QR code is far from over. It is an ongoing scam that is rapidly spreading. Since May, the volume of the phishing scam campaign is estimated to have grown by 2,400 percent, with an average month-to-month growth rate of about 270 percent, according to Cofense’s estimates.
“The campaign represents what might have been a testing for efficacy phase in mid/late-June,” said Cofense cyber threat intelligence analyst Nathaniel Raymond, who wrote the report. “Then, Cofense observed a considerable increase in QR codes being used for credential phishing for a brief time.”