A warning has recently surfaced online about a new scam involving the scanning of QR codes. Hackers are targeting unsuspecting victims by posing as Microsoft and sending QR codes that are supposedly for authentication purposes. According to cyberdefence24.pl, journalists from the website have uncovered information about attempted scams where the perpetrators impersonate Microsoft, specifically the administration responsible for the security of the Microsoft 365 suite.
The hackers send emails to users, claiming that the validity of their multi-factor authentication (MFA) has expired. In the message, which notifies users that their account access expires ‘today,’ they also provide instructions on what to do in such cases. Interestingly, the hackers’ recommendations suggest that users need to follow a different procedure than in similar campaigns.
Typically, in similar situations, the email about renewing the validity of multi-factor authentication contains a button leading to a specific website. However, in this case, recipients see a QR code in the email content, and they are instructed to scan it, which is supposed to redirect them to the appropriate address. Unfortunately, after scanning the QR code, users are redirected to a fake login panel, where scammers attempt to extract the victim’s data.
This serves as a reminder to be cautious of fake QR codes. Just a few weeks ago, Netflix users received fake emails claiming that they had not paid for their service package. Clicking on the link sent by the hackers led to the retrieval of the users’ login details and credit card information, which could result in funds being depleted from their bank accounts.
In another instance, during Black Friday, hackers targeted users of the Wolt food ordering app. They created fake websites that informed users about the possibility of obtaining a discount coupon, reducing the order amount by up to 80 percent. However, in reality, such a coupon did not exist, and the cybercriminals aimed to obtain the payment card details of the unsuspecting victims.
It is crucial to stay vigilant and take precautions to protect ourselves from these scams. Here are a few tips:
- Be skeptical of emails claiming to be from reputable companies like Microsoft. Always double-check the sender’s email address and look for any signs of suspicious or unusual activity.
- Never click on links or download attachments from emails that seem suspicious or unexpected. Instead, go directly to the official website of the company in question and log in from there.
- If you receive an email asking you to scan a QR code, exercise caution. Verify the legitimacy of the email by contacting the company directly through their official customer support channels.
- Keep your devices and software up to date with the latest security patches. This helps protect against known vulnerabilities that scammers may exploit.
- Regularly monitor your financial accounts for any unauthorized activity. If you notice anything suspicious, report it to your bank or credit card company immediately.
Remember, scammers are constantly coming up with new ways to trick unsuspecting individuals. By staying informed and taking necessary precautions, we can protect ourselves and our personal information from falling into the wrong hands.
Stay safe online!
