Patcay.com – Email scams utilizing QR codes have become a favored tactic among hackers and cybercriminals for breaching their victims’ accounts.
This strategy involving QR code-laden emails was initially exposed by the cybersecurity team at Kaspersky. In their report, victims are deceived through emails claiming to be from giant corporations.
The perpetrators don’t hold back, using well-known names such as Microsoft or Office 365 cloud services to mislead their victims.
In their cunning actions, the criminals deliberately send QR code-laden emails, pretending to be from Microsoft or other companies, containing suspicious invitations.
In these emails, cybercriminals demand that users immediately scan the attached QR code to prevent their passwords from expiring.
The perpetrators also issue threats, stating that failure to scan the QR code will result in users losing access to their emails, as explained in the press release on Tuesday (1/9/2024).
Other fake emails may warn recipients that their “authentication session will expire today.”
To avoid falling into this trap, users are advised to “promptly scan the QR code below with your smartphone to update the security authentication of your password” or risk losing access to their mailboxes.
Kaspersky also provides warnings and advice to avoid falling victim to QR code-scanning email scams.
Roman Dedenok, a security expert at Kaspersky, emphasizes that no legitimate authentication system requires QR code scanning as the sole option.
“Therefore, if you receive an email requesting confirmation, logging into an account, resetting a password, or similar actions, and the email only contains a QR code, it is likely a scam,” Dedenok said.
“It can be ignored and safely deleted,” he added.
If there is a genuine need to scan an unfamiliar QR code, Kaspersky recommends using security solutions that can inspect the QR code’s contents and issue a warning if anything suspicious is detected in fake QR codes.
Kaspersky also reminds users to stay vigilant even with emails labeled “verified,” as they should still be treated with caution.
According to the company, senders of emails with the mentioned modus operandi aim to deceive less cautious users.
They may also assume that the recipient is already familiar with authenticator apps, which typically use QR codes.
In their findings, Kaspersky reports that scanning QR codes in phishing emails can lead users to fake Microsoft login sites with highly convincing appearances.
Interestingly, some phishing QR code links redirect to IPFS (Inter Planetary File System) resources, a communication protocol for file sharing with many similarities to torrents.
This enables the publication of any file on the internet without the need for domain registration, hosting, or other technical issues.
In other words, the phishing page is located directly on the phisher’s computer and can be accessed via links through a specific IPFS gateway.
Perpetrators opt for the IPFS protocol because it is easier to publish and harder to remove phishing pages compared to blocking conventional malicious websites. Consequently, these links remain active for a longer duration.