"QR Code Phishing Campaign Targets Top US Energy Company"

A major US energy company was the target of a phishing campaign that sent more than 1,000 emails containing malicious QR codes designed to steal Microsoft credentials. The campaign, which Cofense discovered in May, used both PNG image attachments and redirect links associated with Microsoft Bing and well-known business applications, such as Salesforce and CloudFlare's Web3 services, with embedded QR codes. The fake Microsoft security alerts claimed that recipients were required to update their account's security settings for two-factor authentication (2FA), multi-factor authentication (MFA), and more. The images and links within the messages led recipients to a phishing page aimed at stealing Microsoft credentials. Although the campaign impacted multiple industries, a leading energy company in the US received the lion's share of the phishing emails, with its employees receiving over 29 percent of the more than 1,000 emails containing malicious QR codes. This article continues to discuss findings regarding the QR code phishing campaign.

Dark Reading reports "QR Code Phishing Campaign Targets Top US Energy Company"