Barracuda Report: QR Codes Fuel Rising Phishing Threats

Security vendor Barracuda recently released the findings of their latest threat report, this time highlighting the growing prevalence of QR codes in phishing attempts through PDF documents emailed to would-be victims.

QR codes new step in established phishing tool: business emails

Barracuda’s researchers said they found over half a million examples of phishing emails containing QR codes directing to malicious links. These emails follow longstanding trends in business email threats, where unsuspecting employees think the attack is just a typical email from a coworker or superior.

The difference highlighted in this report between new threats and existing ones is the introduction of PDFs. In the past, according to the report, threat actors using QR codes would paste it directly into the body of the email. Now, PDFs, often similar to brand guidelines an employee would be used to seeing, are attached to the emails and include the QR code.

“Recipients are directed to scan the QR code with the camera on their mobile phone, so they can view a file, sign a document, or listen to a voice message. If they do so, they are brought to a phishing website designed to capture their login credentials,” researchers said in a press release announcing their findings.

QR codes have exploded in popularity over the last several years, used in everything from restaurants for menus to commercials for calls to action. As users have become broadly comfortable with QR codes, Barracuda vice president of global security operations Adam Khan says the threat actors have become more willing to use them in phishing attacks.

“Threat actors evolve based on success just like the rest of us, and so they’re seeing the shift in how often people interact with QR codes and they’re evolving with business communications to create new attacks,” Khan said.

Tools will help, but human error still requires training and awareness

Microsoft, including SharePoint and OneDrive, is impersonated in more than half (51%) of all the attacks, followed by DocuSign (31%), and Adobe (15%), meaning again that many of these threats are likely harder for employees to identify as problematic.

“Our use of technology, and how comfortable we are trusting tools from companies like Docusign, who so many people use now, is making these kinds of attacks more prevalent because threat actors know they can make their attempts more believable,” Khan said.

The research suggests stronger email security, multi factor authentication (MFA) enablement, and AI technology as necessary tools alongside a wider need: employee training and security education.

“Being proactive through the latest security technology is better than any education, because people are human and therefore users will always be susceptible,” Khan said, though he emphasized channel partners should still be in regular contact with their clients ensuring they understand the latest security threats.

“MSPs and channel partners are a critical part of end-customers’ security posture. MSPs act as strategic advisors for their clients and are trusted with keeping an organization up to date and secure. Sharing resources like our security reports, whether they are actually Barracuda partners or not, builds a knowledge base with end customers that is needed.”

Security remains moving target for MSPs

This research further proves a point virtually every MSP knows: security risk continues to grow, expand and change, and businesses of every size are under threat. Khan said the Barracuda team has seen a nearly 300 percent increase in attacks across every attack vector their products monitor.

To attack the problem head on, Khan recommends partners continue to prioritize open dialogue with their clients and stay educated on developing and emerging threats. To that end, Khan stresses the importance of sharing information throughout the channel community and facing cybersecurity together whenever possible.

“We’re not just a vendor, we’re a member of a larger community, and we think it’s very important for everyone in our industry to share information and things we’re seeing, because we’re all working towards the same goal, and that’s protecting businesses.”

Barracuda also recently announced a new partner community for sales engineers. Read more about how that program aims to deepen cybersecurity awareness and skills.