Mytech Knowledge Center

Security Alert: Phishing Attacks via QR Code

Written by Jonathan Fondell | Jun 27, 2023 3:30:00 PM

There's recently been an uptick in targeted phishing attacks attempting to steal Microsoft 365 credentials via a unique method - QR codes. We have now seen several organizations receive a version of the message copied below, which impersonates Microsoft 365 using fear-based language and encourages users to scan a QR code with their smartphone camera - an unusual request, which takes victims to a credential-harvesting site.

Please share this information with your team to boost their awareness and put them on guard.

 
 
Be hyper vigilant about phishing attacks in the coming days, especially around holidays - a favorite time for attackers. Not all malicious messages are sloppy or full of typos; some of them are quite convincing, and can only be detected by careful analysis. The most sophisticated may even steal logos and branding from an organization's website to lend credibility to their attacks!
 
As such, there is no guaranteed method for detecting a phishing email, but there are several core features that may tip you off:
 

Surprise

If you weren't expecting a message (email, text, or otherwise), proceed with caution. If the request seems plausible but you're not sure if it's legitimate, reach out to the person or organization by other channels to verify that the request is real.
 

Urgency

Stop and think about every request you receive. Malicious actors know that the longer you're allowed to think about the request, the more likely you are to spot inconsistencies. If a message is pushing you excessively to act right away, it may be a sign of illegitimacy.
 

Fear

If a message's contents scare you, be particularly cautious. Phishing attacks rely on gut instinct to overpower rational thought and will use fear-based language to imply you're about to lose something if you don't obey, no questions asked.
 
---
 
Mytech employs multiple defenses against cyberattack and unauthorized access, but none of them are a replacement for an informed and security-savvy workforce. By offering our clients routine Security Awareness Training and alerting them about actionable cybersecurity news, we hope to increase our clients' resiliency against bad actors while also improving their peace of mind. 
 
Mytech is standing by, ready to help your team stay productive and secure no matter what comes your way.