These phishing emails use QR codes to bypass defences and steal Microsoft 365 usernames and passwords


Level 37
Thread author
Top poster
Feb 4, 2016
QR codes have less chance of being picked up by cybersecurity defences than links or attachments -- and cyber criminals are trying to exploit them.

Cyber criminals are sending out phishing emails containing QR codes in a campaign designed to harvest login credentials for Microsoft 365 cloud applications.

Usernames and passwords for enterprise cloud services like Microsoft 365 are a prime target for cyber criminals, who can exploit them to launch malware or ransomware attacks, or sell stolen login credentials onto other hackers to use for their own campaigns.

Cyber criminals are looking for sneaky new ways to dupe victims into clicking links to phishing websites designed to look like authentic Microsoft login pages, accidentally handing over their credentials.