• 07 3184 7575
  • February 5, 2024

there have been a surge of phishing emails cyberattack that ask victims to scan
a QR code with their phone. The QR code then redirects users to phishing pages
controlled by threat actors.

What I have
seen, the typical phishing is Microsoft branded, playing on how users were
previously (legitimately) instructed by their IT to set up Microsoft
Authenticator by scanning a QR code with their phone. These phishing campaigns
have resulted in a high rate of incidents because it is difficult for
cybersecurity products such email gateway, content filter, or antivirus to
detect malicious URLs in QR Codes as it is presented as an image in the email.

the device used to scan the QR code is their phone, which bypasses desktop
endpoint protection and network-based security.

the threat actors have adapted MFA-aware phishing kit to overcome MFA (Multi
Factor Authentication), which means if the user does follow through with
entering their password and following MFA prompts, the ability to detect threat
actors before they achieve their objectives reduced.

So how do
we protect our organization against QR-Based phishing if you are wondering? We
are not aware of any protection software able to detect this type of threat,
therefore we rely on human beings as our firewall, and we achieve this through
cyber awareness program that requires members of our organization to complete
each month. The topic of the program is regularly updated and attendance as
well as the quiz results are monitored.

Contact us
if you would like to find out more about the cybersecurity awareness program
that we run in our organization.

#Tips #cybersecurity #security #SmallBusiness #nistframework #cyberawareness

Previous Post
Cybersecurity Threat Advisory: New malware campaign from Log4j security flaw
Next Post
Cybersecurity Threat Advisory: Threat actor targets government

Subscribe to our newsletter

Subscribe to our newsletter and get the latest updates on news, technology, tips, and tricks on how to securing your business.

Join Our Newsletter

Please complete this form to create an account, receive email updates and much more.
*Required Fields
Note: It is our responsibility to protect your privacy and we guarantee that your data will be completely confidential.