HomeNewsHackers are using rogue QR codes to steal Microsoft credentials and crypto...

Hackers are using rogue QR codes to steal Microsoft credentials and crypto funds


Last Updated on 22/11/2021 by Sanskriti

Some abnormalities have been identified between September 15th and October 13th, and nearly 200 emails were blocked which were sent out to the customers which were part of a phishing effort aiming to steal Microsoft credentials. That wasn’t unusual in and of itself, because Microsoft 365 login credentials are among the most sought after.

QR codes or QR responses are not as simple as they look. Nowadays they are being used by hackers to lure out customers and steal away important information.

What makes these messages stand out is that they included QR codes that provided access to a missed voicemail, evading the URL scan function found in secure email gateways and native security restrictions.

Because all of the QR code pictures were made and distributed on the same day, it’s unlikely that they’ve been reported before and would be recognized by a security blocklist. Six different identities were utilized to send messages for the campaign, the majority of which were created to look to be in the same industry as the target.

The attackers used hacked email accounts to carry out their plan, making use of the target organization’s genuine Outlook infrastructure to deliver the QR codes directly.

Phishing websites were hosted using an enterprise survey service and were linked to Google or Amazon IP addresses at the end of the QR code scans.

This email was first received in September, and it had a URL link concealed beneath a picture of what appeared to be an audio file. To make the scam emails more authentic, hackers used outlook accounts which also let them get beyond email security checks. 

QR codes linked to crypto accounts are used by a significant number of people to perform crypto transactions. Here are some of the methods that hackers have used in the past to steal bitcoin from victims. Scammers were discovered in August demanding money from consumers by directing them to a fake Bitcoin ATM at a fuel station. The Better Business Bureau has received complaints about a number of similar situations, involving utility services and job offers, among others.

Sanskriti loves technology in general and ensures to keep TheDigitalHacker audience aware of the latest trends, updates, and data breaches.
- Advertisment -

Must Read

Data Science Drives Personalized Marketing and Customer Engagement to New Heights...

Personalized marketing and customer engagement are crucial for businesses to thrive in the current digital era. Because data science makes it possible for marketers...