A recent report from cybersecurity firm Netskope has uncovered attack campaigns exploiting Microsoft Sway and CloudFlare Turnstile, as well as the use of QR codes to deceive users into providing their Microsoft Office login credentials to phishing sites. These campaigns have primarily targeted victims in Asia and North America in industries such as technology, manufacturing, and finance.
Quishing, the process of using QR codes to redirect users to malicious websites or prompt them to download harmful content, poses a significant risk. Cybercriminals take advantage of the design of QR codes to lead users to phishing sites where personal and financial information can be stolen. This method, referred to as quishing, is a growing trend that makes it difficult for users to verify the legitimacy of content.
In one campaign discovered by Netskope Threat Labs, there was a significant increase in traffic to phishing pages via Microsoft Sway, with the majority of these pages utilizing QR codes. Microsoft Sway, a free online app from Office, is an attractive target due to its ease of use in creating web-based presentations.
Another attack uncovered involved CloudFlare Turnstile, a tool that replaces captchas on websites. Attackers use this tool to add a layer of protection against detection, requiring users to click on a verification code before being redirected to a phishing page. This stealthier approach makes it harder for users to detect fraudulent activity.
The attacker-in-the-middle phishing technique, which collects credentials without immediately redirecting users, is also employed in these campaigns. This method makes it less noticeable to users that their credentials have been stolen.
Detecting malicious QR codes poses a challenge due to their image-based nature and lack of standard security measures. To prevent falling victim to QR code phishing, users should use QR code readers that provide previews of URLs before scanning and remain cautious of QR codes prompting actions such as login or sharing personal information. Security solutions can also help detect phishing URLs, and payments should not be made through QR codes unless users are certain of their legitimacy.
It is important for users to be vigilant and aware of potential threats, as cybercriminals may exploit various legitimate platforms for phishing purposes. Training employees to distinguish suspicious URLs from legitimate ones is crucial in preventing cyber attacks.