Recently
there have been a surge of phishing emails cyberattack that ask victims to scan
a QR code with their phone. The QR code then redirects users to phishing pages
controlled by threat actors.

What I have
seen, the typical phishing is Microsoft branded, playing on how users were
previously (legitimately) instructed by their IT to set up Microsoft
Authenticator by scanning a QR code with their phone. These phishing campaigns
have resulted in a high rate of incidents because it is difficult for
cybersecurity products such email gateway, content filter, or antivirus to
detect malicious URLs in QR Codes as it is presented as an image in the email.

Additionally,
the device used to scan the QR code is their phone, which bypasses desktop
endpoint protection and network-based security.

Finally,
the threat actors have adapted MFA-aware phishing kit to overcome MFA (Multi
Factor Authentication), which means if the user does follow through with
entering their password and following MFA prompts, the ability to detect threat
actors before they achieve their objectives reduced.

So how do
we protect our organization against QR-Based phishing if you are wondering? We
are not aware of any protection software able to detect this type of threat,
therefore we rely on human beings as our firewall, and we achieve this through
cyber awareness program that requires members of our organization to complete
each month. The topic of the program is regularly updated and attendance as
well as the quiz results are monitored.

Contact us
if you would like to find out more about the cybersecurity awareness program
that we run in our organization.

#cybersafebusiness
#Tips #cybersecurity #security #SmallBusiness #nistframework #cyberawareness
#cyberawarenessmonth