A new form of phishing that uses QR codes to trick people into visiting malicious websites is becoming more popular among cybercriminals. It is not the first time crooks have abused legitimate services or applications.
Sway is a free application within Microsoft 365 that enables users to present ideas using a web-based canvas. Anyone with a Microsoft account can share presentations at no cost. However, this accessibility makes it attractive to attackers.
Using QR codes to direct victims to phishing websites presents challenges for defenders. Because the URL is embedded within an image, email security scanners that can only scan text-based content may be bypassed. Additionally, when a user receives a QR code, they may use another device, such as their mobile phone, to scan it. Security measures on mobile devices, especially personal cell phones, are generally not as robust as those on laptops and desktops, making victims more susceptible to exploitation.
Takeaways:
- Check URLs carefully before entering any information
- Type URLs directly into your browser instead of scanning QR codes
#ALTACyber
------------------------------
Genady Vishnevetsky
Chief Info Security Officer
Stewart Title Guaranty Company
Houston TX
------------------------------