"QR-Code Phishing Has Multiplied: How Detection Helps Security Teams Win"

A new wave of Microsoft-themed email messages emerged in June. The messages appeared legitimate, with the Microsoft logo prominently displayed and a familiar email template requiring the user to update their two-factor authentication (2FA) code. There were no attachments or links, just a QR code. When the user scans the QR code with their mobile device, they are taken to a Microsoft-themed web portal where they must enter their login credentials and subsequent MFA code. If they enter their credentials, the information is sent to an attacker, and the user's account is compromised. What follows could be a variety of sinister outcomes, such as access to other sensitive systems. QR codes have become increasingly common in phishing attacks and continue to evade traditional email security solutions. This article continues to discuss why QR codes are an attractive phishing lure.

SC Magazine reports "QR-Code Phishing Has Multiplied: How Detection Helps Security Teams Win"

Submitted by grigby1