Large-Scale QR Code Campaign Aimed At Major Energy Company

Cofense has seen a significant phishing effort that uses QR codes to target individuals from a variety of businesses' Microsoft credentials, starting in May 2023.  

About 29% of the more than 1,000 emails sent to the most prominent target, a significant US-based energy corporation, contained malicious QR codes.

The other top four industries that are being targeted are manufacturing,  insurance, technology, and financial services, which receive, respectively, 15%, 9%, 7%, and 6% of campaign visitors. 

Although Bing redirects URLs made up the majority of phishing links, other noteworthy domains include cf-ipfs[.]com (refers to Cloudflare's Web3 services) and krxd[.]com (connected to the Salesforce application). 

Major energy company targeted in large QR code campaign

Although the QR campaign had an impact on other industries, the main target was a significant US-based energy firm. 

The bulk of phishing emails are Bing redirect URLs, and most of them contain PNG image attachments that send phishing links or phishing redirects using Microsoft credential codes that are contained in QR codes. 

Email lures took the shape of security updates for 2FA, MFA, and overall account protection. 

The Energy firm saw 29% of the total traffic, while 81% of the campaign that employed Bing redirect URLs was seen by the company.

Read more: Key Initiative Website & QR Code Launched by National Registry