It moves the attack channel from the protected email environment to the user’s mobile device, which is often less secure. QR Code phishing represents a new and challenging threat. Once scanned, a fake SharePoint login screen prompts the user to provide credentials. Instead of including a link for the target to click, the bad actor included a QR code scam instructing the recipient to scan with their mobile phone’s camera to review the documentation. In this scenario, a bad actor crafted a phishing lure purporting to contain completed documentation about the target’s wages. Fortunately, our Aegis platform detected the threats and broke the attack chain. We recently detected a phishing attack hidden behind a QR code at an agriculture company with more than 16,000 employees. This illicit entry often results in financial loss, data breaches and supplier account compromise that leads to further attacks. Bad actors constantly devise new methods and tools to gain authenticated access to users’ accounts. Phishing, especially credential phishing, is today’s top threat. We’ll also explore the mechanisms employed by our AI-driven detection stack that ultimately prevented the email from reaching the inbox of its intended target. In this post, we explore a recent detection of a phishing attack in which the URL was encoded into a QR code. All of these are examples of threats we regularly detect for our customers before they’re delivered to users. In our past installments, we have covered supplier compromise, EvilProxy, SocGholish and e-signature phishing. The first two steps of the attack chain: reconnaissance and initial compromise. The series is designed to help you understand how to fortify your defenses to protect people and defend data against emerging threats in today’s dynamic threat landscape. Cybersecurity Stop of the Month focuses on the critical first steps in the attack chain-reconnaissance and initial compromise-in the context of email threats. This blog post is part of a monthly series exploring the ever-evolving tactics of today’s cyber criminals.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |