News
Sophisticated QR Code Phishing Campaign Targets Office 365 Users
September 2024 by Fortra
Fortra has discovered a sophisticated QR code phishing campaign specifically targeting Microsoft Office 365 users across various industries, including finance and healthcare. In this campaign, employees are tricked into scanning a QR code sent through a blank email. That code redirects them to a highly personalized phishing page tailored to look like their company’s Office 365 login portal.
Why this matters:
• QR code phishing attacks are becoming more prevalent due to the reliance on remote and hybrid work environments, which often use QR codes for authentication, document sharing, and security. While often perceived as convenient or harmless, they are now being weaponized to bypass traditional email security measures.
• The phishing campaign was designed specifically to exploit Office 365, a platform used by over a million companies globally. With over 290,000 email addresses targeted in this attack, this finding represents a major security risk for companies relying on Office 365.
• The high level of personalization in the phishing attacks can easily trick even trained employees, increasing the risk of credential theft and data breaches.
• QR codes are under the radar for many cybersecurity protocols, as most rely on anti-phishing tools that scan links in emails, creating blind spots for security teams.
