New Phishing Scheme Detected

Vade Retro detected on May 30th what we believe is an entirely new type of phishing scheme: QR codes embedded in an email that lead unwary users to a phishing site that logs their credentials.

So far, we have only seen this phishing scheme on email servers in France, but we suspect it will quickly spread across the globe and additional brands.

This clever new scheme bypasses the vast majority of phishing, virus, spam, and malware filters because there is no obvious URL for the filters to examine for legitimacy. Very few standard security systems will protect users against this threat… all they see is an innocuous image… not the malicious domain behind it.

The phishing page itself is hosted on a hacked WordPress website.

Once a victim enters their credentials, the form tells them that an error occurred and asks them to try again… and again and again…

The strategy behind this phishing attack may be larger than just getting credentials. Many people use the same passwords for many accounts, so the attackers might thereby gain access to many other online services such as email, banking, and e-commerce sites.

Underlines the Importance of Heuristic Filters

Vade Retro artificial intelligence was able to flag these messages as suspicious when our servers intercepted the very first message. Why? Vade Retro’s unique heuristic learning engine examines every aspect of an email in a holistic fashion and benefits from thousands of constantly-updated rules to decide if a given email is legitimate.

Quickly evolving threats like this QR code phishing scheme underlie the importance of not relying on traditional spam, virus, and malware protections. Rote pattern recognition will not succeed in the face the increasingly sophisticated black hats. We must deploy email filters as smart as our opponents.

For more phishing news and to stay abreast of the latest phishing schemes, subscribe to our newsletter.