A phishing campaign using QR codes has been detected targeting various industries, with the aim to acquire Microsoft credentials. The attack begins with the victims receiving a phishing email containing a PNG or PDF attachment that prompts them to update Microsoft security settings or add 2-factor authentication to their account by scanning a QR code. Most of the embedded QR code leads to Bing redirecting URLs. The QR codes are practical for threat actors because they can hide malicious links or can be hidden within images, which allows them to bypass email scanning solutions.
Read more: https://www.helpnetsecurity.com/2023/08/17/qr-codes-phishing/