Site icon The Cybersecurity Daily News

QR codes used for stealing Microsoft credentials and crypto funds

QR codes

Researchers discovered an email-based phishing scam: emails containing QR codes for pilfering users’ Microsoft details and other data.

Between September 15 and October 13, Abnormal reported that it warded off 200 emails that constituted the phishing scam.

Hackers tried to deceive unaware users with messages having QR codes, which seemed to offer access to a missed voicemail.

On clicking the voicemail, the user is tricked by what appears to be playing the message, but the user is directed to a false Microsoft landing page that seeks victims credentials.

A legitimacy appearance to emails containing QR codes

Hackers use compromised Outlook accounts to give phishing emails a semblance of legitimacy.

They used enterprise survey services linked to Amazon and Google IP addresses to host the phishing pages.

QR images were generated on the same day that emails were sent. Most likely, to evade reporting and blocking by the security system.

Stealing cryptocurrency via fake QR codes

Many people transact their crypto via QR codes linked to crypto accounts. Here are some tricks hackers used in the past to extract cryptocurrency from people from the article

 

Exit mobile version