"Torrent of Image-Based Phishing Emails Are Harder to Detect and More Convincing"
A torrent of image-based phishing emails has been released. They contain QR codes to bypass security protections and provide a level of customization that makes it easier to deceive recipients. In many cases, the emails are sent from a compromised email address within the recipient's organization, providing a false sense of authenticity, according to researchers from the security firm Inky. The emails detected by Inky instruct the employee to address security issues, such as a missing two-factor authentication (2FA) enrollment, and warn of potential consequences if the employee does not comply. Those who click on the QR code are led to a website masquerading as a legitimate one used by the organization, but it captures and sends credentials to the attackers. Inky referred to the campaign's strategy as "spray and pray" because the threat actors behind it send emails to as many individuals as possible. Several factors distinguish this campaign from others. First, there is no text in the emails. Instead, only an image file is attached, thus enabling the emails to evade security measures that analyze the text-based words within an email. Some email programs and services automatically display attached images in the message body by default. Therefore, recipients often miss that the image-based email contains no text. This article continues to discuss image-based phishing emails that embed QR codes into their bodies.