Be on Alert Upon Receiving Emails Containing QR Codes; Thousands Already Targeted, Microsoft Issues Warning

Phishing Email Scam: Microsoft has issued a warning regarding emails containing QR codes. Thousands of users across 26 countries have already been targeted by this scam.

Phishing Email Scam: Hackers have devised a new method to target individuals. This scheme targets not only private individuals but also corporate entities. In light of this, Microsoft's cybersecurity researchers have issued a warning. The alert states that phishing scams involving QR codes are on the rise. To steal users' IDs and passwords, scammers have begun utilizing fake emails, PDF files, and even CAPTCHA verification pages. Through these methods, thousands of people across numerous countries have already been targeted.

People in India Could Also Be Targeted

According to Microsoft Defender Research, cybercriminals have used this method to target approximately 35,000 users across 13,000 companies in 26 different countries. While the majority of the victims are based in the United States, similar cyberattacks could potentially be launched against users in other nations, including India.

How the Scam Unfolds

To target victims, scammers typically begin by sending an email. The email is designed to appear as though it originated from the recipient's company's HR department. To instill a sense of panic or urgency, the email often references issues such as internal reviews or policy violations. The email also contains an embedded QR code. Users are instructed to scan this code in order to access "important documents." In many instances, the email also displays a CAPTCHA verification page that users must complete to proceed to the next step. If a user inadvertently scans the code or fills out the CAPTCHA, they are redirected to a fraudulent website.

Scammers Are Impersonating Microsoft

According to cybersecurity experts, users are redirected to a sign-in page that is meticulously crafted to look exactly like an authentic Microsoft sign-in page. Furthermore, if someone inadvertently shares their details on this page, that information falls into the hands of scammers. Microsoft states that detecting scams perpetrated through phishing emails is quite difficult, as they employ social engineering tactics alongside tools and websites that appear completely authentic.

What are the preventive measures?

If an email requests immediate account verification, a review of a complaint, or the scanning of a QR code, it is essential to verify the sender's identity before taking any action.
Companies can safeguard themselves by enabling network protection and educating their employees about such scams.
Refrain from opening emails or downloading attachments from any unknown sources.