Microsoft Credentials Are the Target of A Malicious QR Code Hacking Effort

The benefit of scanning a QR code is generally known, but the consequences of scanning a malicious one are less well-known. 

That is the topic of a brand-new study that security researchers at Cofense Inc., a provider of phishing detection and response solutions, released recently.

The credentials of users from a variety of businesses are targeted by a malicious QR code campaign, according to Cofense experts. 

A malicious QR code hacking campaign is targeting Microsoft credentials

The campaign has grown 2,400% in size since May, with an average growth rate of almost 270% month over month.

The most prominent target, a significant American energy corporation, was found to be getting emails with malicious QR codes in 29% of all incoming emails. 

Manufacturing, insurance, technology, and financial services are among the more highly targeted sectors.

Most emails asked users to scan a QR code while posing as Microsoft security alerts with PNG or PDF attachments. 

Any QR code scan, much alone one that is harmful, removes the user from the corporate environment's security.

The Cofense researchers add that they have not before encountered significant malicious QR code campaigns.

The elaborate effort may also be evidence that the bad guys are trying out QR codes as an attack method.

The Cofense researchers issue a warning: 

"While QR codes do have legitimate uses, malicious actors also have uses for them." 

They go on to say that it is "critical" that staff members receive training on avoiding scanning QR codes in emails they receive since doing so "will help ensure that accounts and business security remain safe."

Read more: Google Experiments Scan-To-Call QR Codes on Sponsored Ads