According to researchers, hackers use custom templates specific to each organisation, making every attack unique to the company and individual. The attack tries to pose as an authentication update. It notes that account authentication will quickly expire and that to avoid it, one needs to re-authenticate the account. Check Point says the formula is the same — add company logo, add victim name, and implore them to update their authentication before incurring issues with their email.

Techniques

Balasubramanian says this is a particularly tricky and clever attack. It’s incredibly personalised and targeted, by providing the legitimate company logo and using the correct name and user name. By changing dynamically depending on the target, this attack is scalable, as well. It plays on urgency. By suggesting that email access will be altered, users might be inclined to act quickly. Since one has to scan the QR code on the phone, it also opens the door for a compromise on that device. This is a crafty attack that has the potential to cause serious damage, he says.

Guidance and recommendations

* To guard against these attacks, security professionals can do the following

* Implement security that automatically decodes QR codes embedded in emails and analyse the URLs for malicious content

* Utilise security that rewrites the embedded QR code in the email body and replace it with a safe, re-written link

* Implement security that utilises advanced AI to look at multiple indicators of phishing

* As always, if it is urgent or feels out of ordinary, don’t scan the code QR Code