Threat Alert: VOICEMAIL QR CODE LURES

• Threat actors continue to distribute malicious threats by abusing .eml (EML) attachments. Recently, some have leveraged EML attachments with QR codes contained in PNG image files. The codes pointed to a credential phishing landing page.
• The use of EML attachments along with QR codes embedded in a PNG is an obfuscation technique designed to add additional layers between a security scanner and the destination of the malicious link.
• Threat actors also continue to leverage voicemail-themed lures.

How is it used in the wild?

• Threat actors crafted messages that purported to be a missed voicemail 
  notification from RingCentral.
• The emails claimed that the voice message was provided via an EML attachment. If opened, the attachment rendered as a separate email message containing a PNG with a QR code in the message body.
  

Key Action: Stay Alert!

• Be cautious of attachments, particularly in unsolicited emails or if they seem out of character for a known sender. If a known contact sends something out of the ordinary, such as notifications from platforms or apps they do not regularly use, the message’s contents may be malicious.
• Familiarize yourself with standard voicemail services. Communications regarding voicemails should come from known, legitimate services and should not 
  include additional steps to access it. Make sure you can identify potentially suspicious communications related to voicemails.
• Report ANY suspicious emails via Phish Alarm.