Evolution of Sophisticated Phishing Tactics: The QR Code Phenomenon

Summary

• Omnipresent and multipurpose, QR codes are incorporated into many aspects of daily life, making them an attractive choice for threat actors who aim to phish credentials through deception.
• The growing trend of QR code phishing, or “quishing”, takes advantage of this by embedding phishing URLs in deceptive QR codes, typically themed around topics that would entice people to exercise insufficient caution, such as payroll or HR announcements.
• URL extraction and analysis reveal that attackers often disguise phishing URLs via URL redirection on legitimate websites or by using open redirects, making users more likely to trust the URL and increasing the complexity for security crawlers.
• Since late 2024, Unit 42 researchers have observed attackers using several new tactics, including the use of legitimate websites’ redirection mechanisms and Cloudflare’s Turnstile human verification for user verification, thus enabling them to evade security crawlers and convincingly redirect targets to a login page.
• Some of these phishing sites appear to be specifically targeting the credentials of particular victims, suggesting pre-attack reconnaissance.

By Aiden Huang and Vishwa Thothathri

Original Article