The article discusses a growing threat known as 'quishing' where attackers leverage QR codes in PDF email attachments to spearphish corporate credentials from mobile devices. Sophos X-Ops team investigated phishing attacks targeting their employees, highlighting the challenges posed by QR codes that can obscure URLs, making it difficult to scrutinize the links. The attackers crafted emails to appear as legitimate and used techniques like sending PDF documents with QR codes as attachments
When scanned, the QR codes directed targets to phishing pages mimicking Microsoft365 login dialog boxes, capturing login credentials and MFA tokens. The attackers used Cloudflare protection to hide malicious domains. Sophos observed an increase in quishing attacks with sophisticated PDF designs tailored to specific targets. Recommendations for IT admins include implementing mobile security tools, monitoring sign-in activities, enabling advanced email filtering, and fostering employee vigilance through training. The human element in cybersecurity, such as prompt reporting and revoking compromised user sessions, is emphasized as crucial in combating phishing threats. https://news.sophos.com/en-us/2024/10/16/quishing/