ALERT! – QR Fraud, Microsoft 365 App Phishing – ALERT!

Published On May 7, 2021 | By Tom Huskerson | Alerts, News and Analysis

It seems that hackers just don’t give up trying to hurt you.  They are using every possible avenue to attack you, your device and your information.

QR Fraud Alert

Everyone by now has seen those QR speckled squares just about everywhere. After the pandemic took hold they showed at restaurant tables where you scan one to bring up the menu. They are used to open websites, download apps, collect loyalty program points, make payments and transfer money, and give to charity. We have here a practical technology that has become nearly indispensable. But, predictably, cyber criminals have launched a variety of QR-based schemes. Using those speckled squares can go sideways fairly quickly. We’ll show you how and how to use them without fear.

So whats happening with the QR Code? First of all you have no idea what you are scanning. Its just not readable by human eyes. So we rely on the honesty of the code creator. That never works online. A QR code created by cyber criminals might point to a phishing site that looks like the login page of a social network or online bank. A QR code can trick users into downloading malware instead of the intended game or tool. At that point, the sky’s the limit; malware can steal passwords, send malicious messages to your contacts, and more. What else can the QR code do? It may contain a command to perform all kinds of actions including;

  • Add a contact;
  • Make an outgoing call;
  • Draft an e-mail and populate the recipient and subject lines;
  • Send a text;
  • Share your location with an app;
  • Create a social media account;
  • Schedule a calendar event;
  • Add a preferred Wi-Fi network with credentials for automatic connection.

How do you protect yourself? Good question. Follow these simple rules to protect yourself when using QR codes;

  • Do not scan QR codes from obviously suspicious sources;
  • Pay attention to the links displayed when scanning the code. Be especially wary if the URL has been shortened, because with QR codes, there is no compelling reason to shorten any link. Instead, use a search engine or official store to find what you’re looking for;
  • Do a quick physical check before scanning a QR code on a poster or sign to make sure the code isn’t pasted over the original image;
  • Use a program such as Kaspersky’s QR Scanner (available for Android and iOS) that checks QR codes for malicious content.

QR codes can also hold valuable information such as e-ticket numbers, so you should never post documents with QR codes on social media.

Microsoft Office 365 Apps

So who is not using Microsoft Office?

So since everybody, and I mean everybody, is using Microsoft Office we know why this phishing attack is happening. Phishers are targeting Microsoft Office 365 users more frequently. The hacker are so clever they are sending specialized links that take users to their organization’s own email login page. After logging in the link prompts them to install a malicious but innocently named app. Once installed the app gives the attacker persistent, password-free access to any of the user’s emails and files. These are then plundered and used to launch malware and phishing scams against others.

Use caution. The app may look like this.

The malware is fairly well thought out and allows attackers to even bypass multi-factor authentication. This happens because they have been approved by the user after logging in. The attack is so well thought out that  the malware will persist in a user’s Office 365 account indefinitely until removed and can survive even a password reset.

Proofpoint published some new data on the rise of these malicious Office 365 apps, noting that a high percentage of Office users will fall for this scheme. “High percentage” means that you are likely to fall for it! Last year Proofpoint reported on a service in the cyber criminal underground where customers could access various Office 365 accounts without a username or password. The service also advertised the ability to extract and filter emails and files based on selected keywords, as well as attach malicious macros to all documents in a user’s Microsoft OneDrive. Told you it was well thought out.

How has Microsoft responded? The world’s largest software maker added a policy that allows Office 365 administrators to block users from consenting to an application from a non-verified publisher. Also, applications published after November 8, 2020, are coupled with a consent screen warning in case the publisher is not verified, and the tenant policy allows the consent. Microsoft’s instructions for detecting and removing illicit consent grants in Office 365 are here.

So the bottom line here the same old cyber security point I stress repeatedly. Be careful what you click on. I don’t care if does say Microsoft. Think twice about any app that wants to introduce itself to you. Alert your IT  department if you do suspect this type of attack or other malware.




Like this Article? Share it!

About The Author

Tom Huskerson Bio Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. Tom attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco. At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University. After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst. As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors. Tom has also written both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and Tom is not the chief editor for the OnTechStreet. com. A news and information blog that focuses on tech news for African-Americans. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.

Comments are closed.