A recent report by cybersecurity firm Check Point has unveiled a new and dangerous method of QR code phishing attacks. Hackers now employ a technique called Conditional QR Code Routing Attacks. They deploy custom templates tailored to each targeted organization, making every attack unique and highly personalized. Over the past 14 days, hackers have sent more than 2,000 phishing emails to over 1,100 customers, as reported by Check Point.
How the Campaign Works
This phishing campaign disguises itself as an authentication update, delivered via email to potential victims. The email warns recipients that their account authentication is about to expire and urges them to re-authenticate to avoid disruptions to their email service. The messages include the legitimate company logo and personalized details, adding an air of authenticity and urgency.
When users scan the QR code, they are redirected to a credential-harvesting site. The urgency of the message, suggesting imminent email access issues, increases the likelihood that users will act quickly without verifying the legitimacy of the email.
Aslo read | How to Keep Your Personal and Financial Info on UPI Apps
Dangers of the QR Code Phishing Attack
Using QR codes adds trust, as people widely use them, especially in India with its prevalent digital payments. However, scanning the QR code on a mobile device can lead to serious security breaches on that device.
To protect themselves, users are advised to be cautious with emails and messages that demand urgent action or seem unusual. It’s essential to verify the authenticity of the message by checking for discrepancies such as suspicious email addresses and spelling errors.
Stay Safe from QR Code Phishing Attacks
QR code phishing attacks are evolving, with hackers employing more sophisticated and targeted methods. Users must remain vigilant and skeptical of urgent requests to scan QR codes, ensuring they verify the source before taking any action. As phishing tactics become more personalized, awareness and caution are critical in preventing security breaches.