Rogue QR Codes Steal Microsoft Credentials and Crypto Funds

What’s happening?

• Hackers attempted to lure unsuspecting users with messages containing QR codes offering access to a missed voicemail.
• While trying to play the voice message, victims get redirected to a fake Microsoft landing page that prompts the victim to give away their credentials.

Evading detection by adding legitimacy

• Criminals used compromised Outlook accounts to add legitimacy to the phishing emails, which also helped them bypass email security checks.
• They leveraged enterprise survey services connected to Amazon and Google IP addresses to host the phishing pages.
• The QR code images were apparently developed the same day of sending emails, most likely to avoid quick reporting and getting blocked by security systems.

Stealing cryptocurrency via fake QR codes

• In August, scammers were found requesting money from users by asking them to pay a visit to a Bitcoin ATM at a gas station equipped with a rogue QR code. A variety of similar incidents, including utility services and employment offers, among others, were brought to notice by Better Business Bureau.
• Last year, a scammer introduced a network of fake bitcoin QR code generators to trick people out of their bitcoins.

Safety tips

• One of the top tactics used by scammers for QR codes in public involves tampering with them by placing a new QR code over an original. Watch closely!
• Wherever a QR code requests for login details, verify the web address. Avoid it, if possible.
• When dealing with businesses, you can always confirm the code authenticity.