QR Code Scam Emails

Email scams just got more tech savy

The race is still on between scammers and email applications to produce/ protect from new technology for scams emails. Recently scammers have come up with an alarmingly clever new idea - QR codes. Spam filters rely, at least in part, on the text of an email to determine whether it is legitimate or part of a scam.

So phishing emails, as I've discussed before, tend to have spelling or grammatical errors, employ urgency or threats, come from weird or incomprehensible sender addresses, contain links which clearly do not go to where they claim to go etc etc. Spam filters have become fairly good at picking all of this up and sending such emails straight to junk. So scammers have a new plan - use a QR code instead of that text. 

What to look out for, specifically

The phishing emails using QR codes most frequently purport to come from Microsoft, and relate to your Microsoft 365 account. The goal is to attempt to replicate the legitimate MS365 Windows Hello process that does involve the use of a QR code on your computer, to set up multi-factor authentication using your phone. In fact, the emails will specifically claim that they relate to 'Authentication'. It's quite cunning - they have the Microsoft logo, and ironically, claim to be for the purpose of security - "You are being held responsible to review security update as of (date). Quickly scan the above QR Code with your phone camera, to set up two-factor authentication on your account."

What would happen if you did scan the QR code?

The main goal of these emails is to harvest User login details, allowing scammers access to the SharePoint systems of businesses. Having scanned the QR code on your phone you would be redirected to a site asking for your login details.

Once they're in they could copy and delete vital files for ransom, impersonate staff and request money transfers or payments, or change the bank account number on outgoing invoices. Targeting businesses is potentially very lucrative. This is a serious and sophisticated scam.

How to avoid this scam

As always, be very suspicious of emails, especially those asking you to click on a link. A QR code is a link. It is almost always much safer to go the website or portal independently of the email and check whether the specified action is legitimately required. You can also check the email address of the sender; this should still be a dead give-away for this particular scam. More specifically, Microsoft will ask you to scan a QR code one time during the Windows Hello process when you first set up Multi-factor Authentication with your phone. They will not send you another email later asking you to scan a QR code in an email. 

As always, if in doubt, chuck it out. Here at Green Mouse we are very happy to look at any email you are suspicious of. It's vastly better to be safe than sorry.