QR Code Phishing Campaign Targets Top US Energy Company

Attackers sent more than 1,000 emails with 2FA, MFA, and other security-related lures aimed at stealing Microsoft credentials.

Attackers targeted a major US energy company with a phishing campaign that overall sent more than 1,000 emails armed with malicious QR codes aimed at stealing Microsoft credentials.
The campaign, discovered by Cofense in May, used both PNG image attachments and redirect links associated with Microsoft Bing and well-known business applications — including Salesforce and CloudFlares Web3 services — with embedded
QR codes
, the researchers revealed in a post published today.
The messages used lures aimed at fostering a sense of urgency, spoofing Microsoft security alerts and claiming that recipients were required to update their accounts security settings associated with two-factor authentication (2FA) and multi-factor authentication (MFA), among others. The images and links included within the messages ultimately sent victims to a Microsoft credential phishing page.
While the campaign affected multiple industries, a top US energy company received the lions share of the phishing emails, with employees there on the receiving end of more than 29% of the 1,000-plus emails containing malicious QR codes. The other top four targeted industries included manufacturing, receiving 15% of the phishing messages; insurance (9%), technology (7%), and financial services (6%). Cofense did not reveal the name of the energy firm.
Moreover, the campaign, which is ongoing, is spreading quickly. The volume of the campaign has increased by more than 2,400% since May, with average month-to-month growth percentage at more than 270%, according to Cofense.
The campaign represents what might have been a testing for efficacy phase in mid/late-June, explains Nathaniel Raymond, cyber threat intelligence analyst at Cofense and the report writer. Then, Cofense observed a considerable increase in QR codes being used for credential phishing for a brief time.
By mid-July, however, the researchers observed a steady upward trend in QR code usage that extended into August, he adds.
Attackers often dont use QR codes in phishing emails, mainly because they require an extra step in terms of engaging with a victim to fall for a lure, and thus could hinder the chance of success.
QR codes are uncommon to see, especially in
larger phishing campaigns
, as they are limited to delivering credential phishing via a device with scanning capabilities such as a mobile device, Raymond says.
Still, they have several advantages over merely sending a phishing link or malicious file embedded directly in an email, he says. Thats because QR code delivery methods
have a much better chance
of reaching an inbox.
This campaign makes use of a PDF or image file attachment with the QR code embedded into it, Raymond says. This makes it easier for the emails to bypass Secure Email Gateways (SEGs). Because SEGs are typically not able to scan QR codes but they are capable of scanning links, QR codes have an immediate advantage over normal credential phishing campaigns.
The bulk of the campaigns phishing emails contain PNG image attachments delivering Microsoft credential phishing links or phishing redirects via an embedded QR code with the majority of them being Bing redirect URLs, the researchers found. While Bing is a legitimate domain owned by Microsoft — and these URLs were originally meant for marketing purposes — they can also be used for malicious purposes.
Training employees to spot advanced phishing techniques as they evolve can help in preventing those targeted from getting scammed.
When it comes to QR codes and how uncommon they are in day-to-day email operations, a trained employee would be immediately suspicious, Raymond says. As such, it is imperative to have regular employee training implemented.
Indeed, the easiest way to avoid being compromised by a
phishing campaign
that uses QR codes is not to scan any unknown codes from unfamiliar users found in emails that appear in a persons corporate account.
In terms of overall advice, this is simply an extension of dont click links you dont trust, Raymond says. Dont follow links, especially from scanned QR codes, unless you trust them.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
QR Code Phishing Campaign Targets Top US Energy Company