Beware of the Latest Phishing Email Trick: QR Code Scams

Cybercriminals have devised a new tactic that involves using images and no text to deceive recipients into scanning QR codes, leading to compromised accounts and stolen credentials. We’ve written before about how to recognize dangerous phishing attempt via email, and even how avoid being a victim of phone/voice-based scams. However, we want to be sure you know about this concerning new trend in phishing emails.

In essence, these attackers send emails with embedded QR codes. This method aims to bypass security measures and manipulate users more effectively.

Here are some common characteristics to watch out for to avoid getting scammed via one of these emails:

  • Image-only content: This kind of phishing email does not include any text, but there are images of text. This makes it harder to identify their malicious intent at first glance.
  • QR code: The email will include an image that contains a QR code, which might seem harmless, but could be a gateway for hackers.
  • Impersonation of trusted entities: To gain trust, the sender will impersonate well-known organizations, such as Microsoft or other IT-related entities.
  • Internal impersonation: The attackers may attempt to appear as if they are from within your organization, using either email spoofing or compromised accounts to mislead recipients.
  • Urgency and intimidation: The email’s message will often demand urgent action and threaten consequences if the recipient fails to comply. They might mention issues like Multi-Factor Authentication (MFA) setup, account verification or password changes. The goal is to encourage you to take immediate action.

Given the severity of these threats, we urge you to follow these precautionary steps if you encounter any suspicious email:

  • Avoid scanning QR codes: Refrain from scanning any QR codes directly sent to your email, especially if you weren’t expecting them or the source seems untrustworthy.
  • Verify through alternative channels: Instead of replying to the email, verify its authenticity using other means of communication. For example, call or message the sender on a known, official number or account. Internal emails should also be cross-checked through different channels.
  • Examine the sender’s address: Scrutinize the sender’s email address carefully to ensure it matches the legitimate domain of the supposed organization. Cybercriminals often employ clever tricks with similar-looking addresses.
  • Test the email body: Click on the email body and attempt to select the text. If you find that you can’t highlight any text, it’s likely a disguised image, which is a big red flag.

If you come across any suspicious emails fitting the above criteria, do not hesitate to immediately delete the email and, if needed, reach out to us for professional assistance and guidance.

Stay vigilant and protect yourself and your data from these insidious phishing attempts!

About arobasegroup

arobasegroup has been consulting with clients and advising the best use of Apple Technology since 1998. We listen to our customers and solve problems by addressing their specific, unique needs; we never rely on a one-size-fits-all solution or require them to use a specific product. arobasegroup is your advocate in all things related to information technology. Contact us to learn how we can help:

Keep Up-to-Date: An Invitation
Keep on top of all the latest Apple-related news via our social media feed. When you follow us on our social media channels, you will always be up-to-date with the most relevant Apple news and have easy access to tips and useful articles relevant for Apple, iPhone, iPad and Apple Watch users. You won’t want to miss these articles and suggestions. Please follow arobasegroup on LinkedIn by tapping here. Thank you!