Article Details

QR code scam emails are becoming one of the latest techniques used by hackers and cybercriminals to break into victims’ accounts.

This QR-based email scam was first identified by cybersecurity researchers at Kaspersky. According to their report, attackers trick victims using emails that appear to come from major corporations.

Shockingly, hackers impersonate well-known brands such as Microsoft or cloud services like Office 365 to deceive users.

In their attacks, cybercriminals send QR code emails pretending to be from Microsoft or other trusted companies, urging recipients to take suspicious actions.

These fake emails typically instruct users to scan the QR code to prevent their password from “expiring.”

Hackers also threaten that failure to scan the QR code will result in the user losing access to their email, according to a press release on Tuesday (January 9, 2024).

Other phishing emails may warn recipients that their “authentication session has ended today.”

To avoid this, users are urged to “scan the QR Code below with your smartphone immediately to re-authenticate your password security,” or risk losing access to their inbox.

Kaspersky has issued a warning along with several tips to help users avoid falling victim to QR-based phishing emails.

What Users Should Do When Receiving a QR Code Email

Roman Dedenok, a security expert at Kaspersky, emphasized that legitimate authentication systems never require scanning a QR code as the only option.

“Therefore, if you receive an email asking you to confirm something, sign in to your account, reset your password, or perform a similar action—and the email only contains a QR code—there’s a high chance it’s a scam,” Dedenok explained.

“You can safely ignore and delete the email,” he added.

If you must scan an unknown QR code, Kaspersky recommends using a security solution capable of analyzing QR content and warning users if it detects anything suspicious inside the code.

Source: Liputan6.com