• Log In
  • Skip to main content
  • Skip to primary sidebar

Ethical Hacking

Wade Mackey

Scammers are emailing waves of unsolicited QR codes, aiming to steal Microsoft users’ passwords

November 7, 2021 by Matthew Bryan 3 Comments

Adversaries are taking advantage of increased QR code adoption by launching phishing campaigns using the technology. “Quishing” is the usage of a QR code lure to harvest credentials and/or deliver a malicious payload.

A recent phishing campaign contained a QR code that prompted users to scan it in order to listen to an “encrypted voicemail.” When users scanned the QR code they were directed to a fake Microsoft login page which harvested their credentials.

QR codes have seen increased adoption at restaurants and other venues that require hands free exchange of information. The recent campaign is a good reminder to be mindful of what you’re scanning and where it may take you.

Author: AJ Vicens
Published: October 26, 2021
Link

 

Tagged With: Week 11

Reader Interactions

Comments

  1. Ryan Trapp says

    November 8, 2021 at 9:25 am

    Hi Matt,

    Good read. Personally, I’m always wary of scanning QR codes into my phone. It does not stop and ask for confirmation before loading up whatever webpage the QR code is set to direct the user to. With restaurants being more conscientious of germs due to the COVID-19 pandemic, we have seen a significant rise in QR codes being used in lieu of traditional menus. It seems like it is something that is only growing in popularity of use.

    Log in to Reply
  2. Vanessa Marin says

    November 8, 2021 at 6:36 pm

    I will fully admit to scanning QR codes indiscriminately up until Dr. Mackey let me in on the secret… They are incredibly vulnerable! Restaurants, payment applications, advertising, coupons, tickets, etc. are all prime examples of QR codes that we trust to scan. But you can also create a QR code at will for any website. I personally have a button on my browser that allows me to create a QR code for the site I’m surfing.

    Log in to Reply
    • Matthew Bryan says

      November 11, 2021 at 8:31 am

      Same here. I never thought about it until it came up in class. I’ve been looking into app that can sand box the links within the code. I may try this out https://www.kaspersky.co.in/qr-scanner

      Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Uncategorized (1)
  • Week 1 (1)
  • Week 10 (1)
  • Week 11 (1)
  • Week 12 (2)
  • Week 2 (2)
  • Week 3 (1)
  • Week 4 (2)
  • Week 5 (3)
  • Week 6 (0)
  • Week 6 (2)
  • Week 7 (5)
  • Week 8 (5)

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in