Be careful with PDF documents you get in the mail, especially if they contain QR codes. Barracuda is noticing a notable increase in phishing attacks involving QR codes.
Barracuda researchers have discovered a striking trend in phishing attacks involving QR codes. Between June and September 2024, more than half a million emails were detected that contained PDF attachments with embedded QR codes. This technique, also known as quishing, differs from previous attacks in which QR codes were embedded directly in the text of emails.
New tactics
The attackers send simple-looking PDF documents, often of only one or two pages, as attachments in phishing emails. These documents contain only a QR code, with no other suspicious links or embedded files. The goal is to trick users into scanning the QR code with their cell phone, redirecting them to a phishing website designed to steal their login credentials.
According to the researchers, more than half of the cases (51%) imitate Microsoft, followed by companies such as DocuSign (31%) and Adobe (15%). Sometimes criminals pose as the HR department of the victim’s company. The attacks target various industries such as finance, healthcare and education, where sensitive data is processed.
read also
150,000 phishing emails sent by city of Antwerp
Well-hidden
This method poses a major challenge to traditional e-mail security systems because there are no direct links or suspicious files to scan. In addition, employees often scan the QR codes with a personal device that is less secure than the corporate network. This bypasses existing security measures and makes it more difficult to track or block attacks.
Adam Khan, VP of global security operations at Barracuda, advises companies to implement multilayered email security supported by advanced AI technology. These systems should not only analyze links and attachments, but also look at possible impersonation attempts within those attachments. He also stresses the importance of raising user awareness about the risks of scanning unknown QR codes, and properly configuring email filters and multi-factor authentication.
These findings underscore the importance of continuously evaluating and strengthening security strategies to stay ahead of new phishing tactics.