QR codes in email phishing

How to avoid the latest Trend in Phishing: Quishing QR code phishing

What is a QR code?

A QR code, or Quick Response code, is a 2D matrix bar code consisting of several squares and multiple dots (modules) arranged in a square pattern on a white background. QR codes can be scanned using an image processing device. It will first identify the code’s location by the squares and then read the information encoded in the dots. In addition to the actual code, the square field can accommodate decorative elements, such as a company logo.

QR codes allow to encode more data than 1D bar codes. They are often used to encode hyperlinks to various resources, such as a store catalog, a checkout page, or a building info page.

How are they used?

Like the above email, Fraudsters use QR codes to encode links to phishing and scam pages. The attackers were distributing messages advising their victims that their corporate email account passwords would soon expire. To preserve access to their accounts, the users were to scan a QR code. Some emails would come from free mail addresses, others, from domains registered recently. In some messages, the scammers added the Microsoft Security logo to the QR code to improve credibility.

After receiving a phishing letter and scanning the code, the user would be redirected to a fake login page styled as a Microsoft sign-in page. As soon as the login and password were typed in, the attackers would gain access to the account.

In addition to messages urging users to change their password or update their personal data, we detected an undelivered email notification activity that also employed QR codes redirecting to a fake Microsoft account sign-in page.


Scammers benefit from using QR codes in a number of ways. First, the codes allow them to avoid detection and blocking of their emails. It is not that easy to check a QR code content, and there are no phishing links in the message. Also, a letter cannot be blocked for merely having a QR code inside: even though not a popular email element, a QR code can be used in legitimate correspondence as well, for example, in the sender’s automatic signature. Secondly, since the messages contain no links, there is no need to register additional accounts or domains to redirect users and thus conceal phishing.

In short we recommend not following any QR codes that you’ve not been told specifically to click on by one of your higher ups or on the phone with someone like Intuity.

One of our specialities is security, which you can follow in some of our recent blog posts:

Is that Microsoft email actually a phishing attack?

Don’t forget home office security: A guide

And if any of this is too much for you please dont hesitate to reach out to us

Data and images from: https://securelist.com/qr-codes-in-phishing/110676/