How to defend against QR code phishing attacks

QR code phishing campaigns have become the fastest-growing type of email-based attack. To evade detection, these attacks embed QR code images linked to malicious content directly into the email body. They often entice unwitting users with seemingly genuine prompts, like a password reset or a two-factor authentication request. In this article, we'll share more details on how Microsoft Defender helps your IT teams address the threat of QR code phishing and keeps your end-users safe.

Why use QR codes for phishing?

QR Codes present a unique challenge for security providers as they appear as images during mail flow and are unreadable until rendered. Once the QR Code is rendered (what the human eye sees), it can be scanned/processed for further analysis.

QR codes are used in phishing attacks for mainly two reasons:

• They move the attack away from well-protected corporate environments and onto the victim's personally owned mobile device, which may be less secure.

• They leverage the most common credential theft vector, the uniform resource locator (URL).
  
   

QR codes are easily manipulated to redirect unsuspecting victims to malicious websites or to download malware in the same way as a URL. However, as QR codes typically require a smartphone to read, the constrained screen size can make recognising the warning signs of a potential phishing attack much more difficult. Couple this with the ease of creating malicious QR codes using free online tools, and it's easy to see why this attack method is gaining so much traction.

So, what can you do to stay protected?

Extended Detection and Response (XDR): Microsoft Defender XDR provides comprehensive defence against advanced threats like QR code phishing, offering end-to-end protection with unified detection, investigation, and response experience. QR code phishing often targets account identities through adversary-in-the-middle (AiTM) attacks, intercepting credentials and session cookies. Microsoft Defender XDR can effectively disrupt attacks like these thanks to its holistic approach to detection. Defender XDR disrupts attacks early, limiting their impact and progression, and safeguarding organisations before they can cause widespread damage by correlating signals across products into high-fidelity detections.

Endpoint Protection: Users scan QR codes using mobile devices, opening the embedded URL in the device web browser. Microsoft Defender for Endpoint on Android and iOS includes anti-phishing capabilities that apply to QR code phishing attacks, blocking phishing sites from being accessed. Microsoft Defender for Endpoint also provides protection against malware that may be downloaded or installed through the URL link.

End-User Training: Defender for Office 365 customers can use Attack Simulation Training to educate end users by simulating real-world phishing attacks and other cyber threats. This training can help users recognise the signs of a phishing attack, such as suspicious emails or links, and teach them how to respond appropriately to these threats. Attack Simulation Training can also provide users with feedback and guidance on improving their security practices by enabling multi-factor authentication.

It's essential to be cautious when scanning QR codes from unknown sources and to always verify the legitimacy of the email and its contents before taking any action.

The capability to defend against QR code phishing attacks is included with Microsoft 365 Business Premium and more specifically Defender for Business. For more information, check out this webinar Nviron ran in November 2023. 

If you would like to learn more about how Microsoft Defender helps your IT teams address the threat of QR code phishing and keeps your end-users safe, please Click Here to speak to one of our specialists. Alternatively, existing customers can contact their designated Account Manager.