The Rise of QR Code Phishing Attacks in the Targeting of Major US Energy Companies

Major US Energy Company Targeted in Sophisticated Phishing Campaign

The Attack

A major US energy company has been targeted in a sophisticated phishing campaign that has utilized malicious QR codes in an attempt to steal Microsoft credentials. The campaign, discovered by cybersecurity firm Cofense in May, involved more than 1,000 emails containing PNG image attachments and redirect links associated with well-known business applications such as Salesforce and CloudFlare. These emails, which contained embedded QR codes, used deceptive tactics to create a sense of urgency, often purporting to be Microsoft security alerts requiring recipients to update their account’s security settings.

Interestingly, while this campaign affected multiple industries, the US energy company appears to have borne the brunt of the attacks, receiving over 29% of the phishing emails. The manufacturing, insurance, technology, and financial services sectors were also heavily targeted, further highlighting the widespread nature of this phishing campaign. Cofense has chosen not to disclose the name of the energy firm.

Uncommon but Effective Method

The use of QR codes in phishing attacks is relatively uncommon due to the additional step it requires in engaging with victims. However, this method offers certain advantages over traditional phishing techniques. QR codes have a higher chance of reaching inboxes compared to phishing links or malicious file attachments. This campaign cleverly embedded QR codes in PDF or image attachments, making it easier for the emails to bypass secure email gateways (SEGs). While SEGs can scan links, they are typically unable to scan QR codes. The majority of the campaign’s phishing emails contained PNG image attachments with embedded QR codes, leading victims to Microsoft credential phishing pages or phishing redirects via Bing URLs.

Rise in Campaign Volume

The campaign has seen a rapid increase in volume since May, with the number of phishing emails growing by more than 2,400%. Cofense noted a significant rise in the use of QR codes for credential phishing in mid-June, which continued into August. While unusual, this method seems to have proven effective for the attackers, as QR code usage allows them to bypass traditional email security measures.

Enhancing Security and Preventing Attacks

Dangers of QR Codes and Employee Training

As this phishing campaign demonstrates, QR codes can be used as a deceptive tool to trick individuals into compromising their credentials. In order to prevent falling victim to such attacks, it is crucial for organizations to train their employees to recognize and respond to advanced phishing techniques. Employees should be made aware of the potential risks associated with scanning QR codes from unfamiliar sources, especially within email communications. By implementing regular employee training and promoting a culture of security awareness, organizations can bolster their defenses against phishing attacks.

Avoiding Suspicious QR Codes

The simplest precaution against phishing campaigns that utilize QR codes is to refrain from scanning any unknown codes sent via email, particularly in corporate accounts. It is essential for individuals to exercise caution and not follow links, especially those contained within scanned QR codes, unless they can be trusted. By extending the principle of “don’t click links you don’t trust” to QR code scanning, individuals can significantly reduce the risk of falling victim to phishing attacks.

Conclusion

The targeted phishing campaign using malicious QR codes represents a significant example of cybercriminals’ adaptability and innovation in exploiting emerging techniques. The rise in the volume of attacks and their reported success underscore the urgency for organizations to continuously educate and train their employees regarding evolving cyber threats. By combining robust security measures with a vigilant and well-informed workforce, companies can effectively mitigate the risk of falling victim to phishing attacks and safeguard their valuable data and resources.