Hackers Use QR Codes to Steal Banking Credentials in Recent Phishing Attempts
Users Are Advised to Avoid Clicking on Buttons, URLs, or QR Codes that Send Them to External Websites.
Last updated on June 9, 2022
Over the last few weeks, a new phishing operation focusing on e-banking users from Germany has been in progress, using QR codes during the credential-stealing operation.
As explained by BleepingComputer, the cybercriminals behind this phishing campaign employ a variety of techniques to get through security measures and persuade their victims to read the emails and act in accordance with the instructions.
Cofense security experts sampled many of these messages and meticulously detailed the attackers’ methods in their analysis.
More About the Phishing Campaign
According to the researchers, the messages have been attentively created, including financial institution logos, well-structured information, and a generally consistent style.
The phishing emails’ subjects range from requesting the user’s approval regarding the bank’s data policy modifications to asking that they review new security measures.
Furthermore, the attackers register their custom domains, which are utilized for both the re-directions and the phishing websites. By doing this, threat actors plan to deceive email and internet security systems into not raising any suspicions during the phishing operation.
The domains are newly registered sites on the REG.RU Russian registrar and follow a standard URL structure depending on the targeted bank.
When the user visits the phishing webpage, they are prompted to disclose the location of their bank, their code, username, and PIN.
After the victims enter this information on the fake website, they are validated and then urged to enter their login information again because they are erroneous.
You might wonder about the request to re-enter the credentials. Well, this is a frequent quality strategy used in phishing attacks to remove typing errors when the victim enters their credentials the first time.
Users are advised to avoid clicking on buttons, URLs, and QR codes that lead to an external website, regardless of how authentic an email appears to be.
By using over 125 vectors of analysis and being fully supported by threat intelligence, it detects phraseology changes, performs IBAN/Account number scanning, identifies modified attachments, malicious links, and Man-in-the-Email attacks. Furthermore, it integrates with O365 and any mail filtering solutions and includes live monitoring and alerting 24/7 by our specialists.
As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.