[Tech-l] FW: AMBER - Cybersecurity Notification: Increase in QR Code Phishing Emails

Thor Sage sage at mveca.org
Wed Sep 27 10:42:27 EDT 2023 

Please see the below cybersecurity notification on "quishing."

Thor Sage
Executive Director
Miami Valley Educational Computer Association
937-767-1468  x3101
[http://www.mveca.org/images/logo.gif]<http://www.mveca.org/>       [i] <https://www.linkedin.com/company/mveca/>
Not-for-profit Technology Services for Education and Local Governments


From: Burner, Jillian <jburner at OhioSOS.Gov>
Sent: Wednesday, September 27, 2023 10:30 AM
Subject: TLP: AMBER - Cybersecurity Notification: Increase in QR Code Phishing Emails

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Cybersecurity Notification - September 27, 2023

NOTICE: TLP:AMBER UNCLASSIFIED//FOR OFFICIAL USE ONLY



Increase in QR Code Phishing Emails ("Quishing")

Recently, the SOS Cyber Defense Team has observed an increase in phishing emails containing QR codes. Like typical phish, they use a sense of urgency to trick the recipient into clicking a link. The difference is that the link is embedded in a QR code. This technique makes it difficult for email security tools to identify the dangerous website link.

Attackers are using images of QR codes to bypass email security tools; however, they still require the victim to scan the code to be compromised. Think carefully before you click links in emails or scan QR codes.

The following screenshot is an example of "quishing." This "quish" was sent to SOS staff and county board of elections staff. At this time, email security tools cannot identify emails like this as malicious.

[Graphical user interface, text, application  Description automatically generated]

Pause and think before clicking a link or downloading an attachment. Phishing scams rely on users moving quickly through their inbox. It is important to stop and review emails, links and QR codes before you click, download, scan or reply. Use the Report Phishing button if available. If you need assistance, please open a ticket with the Cyber Defense Team at help at ohiosos.gov<mailto:help at ohiosos.gov>

Recommendations

·         Never scan a QR code from an unfamiliar source.

·         If you receive a QR code from a trusted source via email, confirm via a separate medium -- e.g., text message, voice call, etc. -- that the message is legitimate.

·         Stay alert for hallmarks of phishing campaigns such as a sense of urgency and appeals to your emotions -- e.g., sympathy, fear, etc.

·         Review the preview of the QR code's URL before opening it to see if it appears legitimate. Make sure the website uses HTTPS rather than HTTP, doesn't have obvious misspellings and has a trusted domain. Don't click on unfamiliar or shortened links.

·         Be extremely wary if a QR code takes you to a site that asks for personal information, login credentials or payment.

·         Report suspicious emails to the EI-ISAC Security Operations Center (SOC at cisecurity.org<mailto:SOC at cisecurity.org>).

References:

·         https://www.inky.com/en/blog/fresh-phish-malicious-qr-codes-are-quickly-retrieving-employee-credentials

·         https://www.bleepingcomputer.com/news/security/major-us-energy-org-targeted-in-qr-code-phishing-attack/#:~:text=QR%20codes%20in%20phishing&text=The%20emails%20carry%20PNG%20or,add%20a%20sense%20of%20urgency.

·         https://www.techtarget.com/searchsecurity/feature/Quishing-on-the-rise-How-to-prevent-QR-code-phishing

TLP:AMBER
UNCLASSIFIED//FOR OFFICIAL USE ONLY

NOTICE: The following document is not subject to disclosure as a public record pursuant to R.C. §149.433.  DO NOT DISCLOSE


[logo for the Office of Frank LaRose Ohio Secretary of State]

Jillian Burner | Chief Information Security Officer
Office of the Ohio Secretary of State
O: 614 696 8875
OhioSoS.gov<https://ohiosos.gov/>

This message and any response to it may constitute a public record and thus amy be publically available to anyone who requests it.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20230927/5ac584a5/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 6768 bytes
Desc: image001.png
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20230927/5ac584a5/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.jpg
Type: image/jpeg
Size: 16870 bytes
Desc: image004.jpg
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20230927/5ac584a5/attachment-0003.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 3184 bytes
Desc: image002.jpg
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20230927/5ac584a5/attachment-0004.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 1229 bytes
Desc: image003.jpg
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20230927/5ac584a5/attachment-0005.jpg>

More information about the Tech-l mailing list