This content is viewable by Everyone
Dec 2022: Microsoft OneDrive and QR Codes Used in Phishing Campaign
Threat Alert: What to Watch For
- Recent email-based attacks have used compromised Microsoft OneDrive accounts to send phishing emails. These emails encourage recipients to click a link to view a shared document.
- The OneDrive links lead targets to shared PDF documents containing quick response (QR) codes. The documents may encourage recipients to scan the codes or rely on users’ tendency to scan them automatically.
- The PDFs hosted on OneDrive have subjects like “Confirm Info,” “Payment instruction,” or “payment.”
Key Action: Report Suspicious Emails
- Report ANY suspicious emails using the Phish Alarm button in your email menu bar.
- Remember: Our organization occasionally sends phishing simulations that are used to evaluate the potential impact of a real phishing attack. Report any emails that match the tactics described above.
- If a reported message is a simulation, you will see a notification alerting you to that. No further action is needed on your part.
- If a reported message was not a simulation, and you are concerned about a time-sensitive request, you must take additional steps to verify the email is valid before acting on it.
Tips to Remember (at Work and at Home)
- Treat QR codes with caution. While many of us have gotten comfortable with using QR codes, remember they can be used by attackers to direct you to dangerous websites.
- Never scan a QR code sent in an email. These are often malicious.
- Keep in mind that cybercriminals regularly abuse legitimate services like OneDrive. This may allow them to send malicious emails from legitimate sending addresses. If you see an unexpected email from an organization linking you to an unknown document, it should be regarded as potentially malicious.