Hackers have discovered a new way to target people. This method not only targets common citizens but also entire companies. Keeping this in mind, cyber security researchers at Microsoft have issued a warning. He says that phishing scams related to QR codes are increasing rapidly. Scammers have also started using fake emails, PDF files, and CAPTCHA verification pages to steal users’ IDs and passwords. Through these methods, thousands of people have already been targeted in many countries.
People can be targeted in India too
According to Microsoft Defender Research, cybercriminals have used this technique to target approximately 35,000 users from 13,000 companies in 26 different countries. Although most of the victims are in the United States, this type of cyber attack can also be carried out on people in other countries including India.
How does a scam start?
To target people, scammers usually start by sending an email. This email is created in such a way that it looks as if it has come from the HR department of the recipient’s company. To create an atmosphere of panic or urgency, emails often mention issues like internal reviews or policy violations. The email also includes a QR code. Users are instructed to scan this code to view the “required documents”. In many cases, the email will redirect the user to a CAPTCHA verification page that they must complete to proceed to the next step. If a user inadvertently scans the code or fills in the CAPTCHA, he or she is immediately redirected to a fake website.
Scammers impersonating Microsoft
According to cybersecurity experts, users are redirected to a sign-in page that looks exactly like Microsoft’s original sign-in page. As a result, if a user accidentally enters their login information on this page, that sensitive information goes straight into the hands of scammers. Microsoft says that these phishing scams — which are carried out via email — are very difficult to detect. In these attacks, along with social engineering tricks, such tools and websites are used which look very real.
What are the preventive measures?
If an email asks you to quickly verify your account, review a complaint, or scan a QR code, it’s important to verify the identity of the sender before taking any action.
Companies can stay safe by turning on network security and informing their employees about such scams. Avoid opening emails or downloading attachments from any unknown source.