Yet Another Phishing Campaign by Hackers That Abuses QR Codes To Redirect Targets to Phishing Landing Pages


 Attackers come up
with yet another phishing campaign that misuses QR codes to divert the targets
to phishing landing pages. Researchers responsible for discovering this crusade
distinguished that it quite effectively evades security solutions and controls
intended to stop such attacks in their tracks.
The attackers previously utilized a URL encoded in a QR code
target on the French Cofense customers to dodge the security software which
dissects and accordingly blocks  suspicious
or ‘blacklisted areas’ .
They even included a GIF image containing the QR code which
would redirect them to the
hxxps://digitizeyourart.whitmers[.]com/wp-content/plugins/wp-school/Sharepoint/sharepoint/index.php
domain intended to act like a SharePoint-related site.
The phishing mails were disguised as a SharePoint email with
a “Review Important Document” headline and a message body which would
welcome potential victims to  “Scan
Bar Code to View Document.”
Phishing Email
Removing the victims from the overall safety of their
computers thusly enables the cybercriminals to adequately sidestep any link
protection services ,secure email portals, sandboxes, or web content filters
set up by the targets’ corporate information security department.
To make the attack considerably progressively fruitful
against mobile users, the attackers have likewise upgraded their landing pages
for smartphones with the phishing page and thus providing a custom view on the
mobile devices.
Phishing landing page
Researchers from Cofense, the leading provider of
human-driven phishing defense solutions world-wide, state that QRishing is a
fairly notable technique utilized by cybercriminals to abstain from phishing
filters and security solutions build especially to block such attacks before
the pernicious emails reach the targets’ inboxes.
Phishing landing page on a mobile

Along these lines , a conceivable protection against them
named QRCS (Quick Response Code Secure), which would be “a universal
efficient and effective solution focusing exclusively on the authenticity of
the originator and consequently the integrity of QR code by using digital signatures,
“was proposed in a paper from the Carnegie Mellon University’s CyLab Study ,
which could perhaps prove to be valuable later on in the future.

Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *