QR Code Phishing

Threat Level: Medium
Threat Type: Phishing
Advisory Date: 10/16/2023

Description

Description

The University has been receiving QR Code Phishing attempts.  This attack uses a technique referred to as ‘Quishing’. The observed activity consists of actors sending malicious links embedded in QR Codes attached to legitimate looking emails claiming to be from trusted sources.  For example, we have seen malicious emails masquerading as Microsoft 2FA security requests.

When the malicious QR Code is scanned by a device, it will lead potential victims to a legitimate looking, yet malicious website requesting the employee’s username and password, most commonly for their Microsoft account. These malicious emails create a false sense of urgency to encourage users to submit their credentials quickly, potentially enabling malicious actors to perform further actions such as data theft, system damage, or unauthorized access to your device.

 

Example Email:

From: "Uregina |Support" <Unknown@BadGuy.net>

To: Regina.User@uregina.ca

Subject: Authentication Required For URegina User

qrcode-phishing.png

 

Impact

 

This style of phishing attack can be successful because it's often mistaken for a legitimate email.

Resolution

The email can be reported to report.phishing@uregina.ca and deleted.

If you receive a phishing email or are uncertain about the legitimacy of an email message, please forward the email message as an attachment to the report.phishing@uregina.ca.

 

If you are concerned about the security of your account after receiving a phishing message, you can take the following actions:

  • Change your password. https://novapp.cc.uregina.ca/perl/chpass.pl
  • Choose a password that is:
    • Completely different than your previous password.
    • Not used anywhere else.
    • Does not contain your previous password.
  • Check your account for email forwarding and mailbox rules.

Resources

Please contact the IT Support Centre if you have any questions or require assistance:

Email IT.Support@uregina.ca

Phone 306-585-4685

Webform https://www.uregina.ca/is/forms/ticket.html

In person at ED 137 or Archer Library Commons

Take cyber security awareness training available to all faculty and staff on Beauceron - https://www.uregina.ca/is/security/training/training-register.html

External links

https://www.cyber.gc.ca/en/guidance/security-considerations-qr-codes-itsap00141