This post is also available in: heעברית (Hebrew)

The telecommunications company AT&T warns of a new cybercrime trend of embedding malicious QR codes into phishing attempts.

This new type of attack was demonstrated in an email some users recently received from Microsoft containing a PDF file with a QR code and an urgent message instructing users to set up multi-factor authentication (MFA). Once the users scanned the QR code, they were redirected to a fake Microsoft sign-in page on their phone where they entered their legitimate login credentials, which were then stored and made available to the threat actor.

The MTDR security operations center reported a notable increase in emails with QR codes over the past several months, with an unfortunately large number of users who fell victim to the attack and had their credentials compromised.

According to Cybernews, attackers often encourage their victims to act quickly in the hope of convincing them to forgo proper security practices, and scanning QR codes can be even more dangerous than clicking on malicious links as phones are often less secure than the rest of the company’s network.

“Phishing attacks and credential harvesters have been in use for some time. However, as the use of QR codes becomes more commonplace, take care to verify the domain that a QR code is associated with before you scan it. Additionally, avoid scanning the QR code with your mobile device. Typically, there are fewer security measures in place on a mobile device than on a network-connected corporate device,” explain AT&T’s researchers.

Experts recommend that in cases when attackers manage to acquire credentials, users should immediately close all active sessions for compromised services prior to any credential resets, which is critical since the threat actor will retain access to the user’s account until they are completely logged out.

This information was provided by Cybernews.