Sophisticated QR Code Phishing Attack Targeting Microsoft 365 Users to Steal Logins

This code snippet demonstrates how the attack validates and exfiltrates user credentials while redirecting victims to legitimate Microsoft services post-compromise, leaving users unaware of the breach. This attack represents a significant evolution in phishing tactics, combining social engineering with technical sophistication to bypass traditional email security measures. Palo Alto Networks security researchers identified this threat in early March 2025, noting a substantial increase in QR code-based phishing attempts targeting enterprise users. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The attack begins with victims receiving seemingly legitimate emails purporting to come from Microsoft or IT departments, claiming that users need to verify their accounts or that their passwords are expiring. Rather than including suspicious links that might trigger security alerts, these emails contain QR codes that victims are instructed to scan with their mobile devices. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. A new sophisticated phishing campaign leveraging QR codes to steal Microsoft 365 login credentials has emerged in the cybersecurity landscape. The sophistication of these pages is notable, with attackers implementing JavaScript that validates email formats before submission, creating a more believable user experience while filtering out low-quality targets. When scanned, the QR code redirects users to convincing replica login pages designed to harvest Microsoft 365 credentials. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. This approach cleverly circumvents many email security solutions that scan for malicious URLs or attachments. Their analysis reveals that this campaign has successfully compromised credentials from organizations across multiple sectors, with financial services and healthcare being particularly affected. The campaign specifically targets corporate users, exploiting the increasing normalization of QR codes in daily business operations.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 03 Apr 2025 07:45:17 +0000

Cyber News related to Sophisticated QR Code Phishing Attack Targeting Microsoft 365 Users to Steal Logins

CVE-2022-48826 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago

Veeam adds BaaS capabilities for Veeam Backup for Microsoft 365 - Veeam Software has expanded its relationship with Microsoft. Veeam is making it easier for customers to protect Microsoft 365 with Cirrus by Veeam which brings the ease and flexibility of Backup-as-a-Service for Microsoft 365. Utilizing the power and ...
1 year ago Helpnetsecurity.com

What SOCs Need to Know About Water Dybbuk - According to the Federal Bureau of Investigation, BEC costs victims more money than ransomware, with an estimated US$2.4 billion being lost to BEC in the US in 2021. Recently, BEC scammers have been using stolen accounts from legitimate Simple Mail ...
2 years ago Trendmicro.com

Spear Phishing vs Phishing: What Are The Main Differences? - Almost half of them used phishing to obtain the passwords of users. Highly targeted phishing campaigns against specific individuals or types of individuals are known as spear phishing. It's important to be able to spot phishing in general. For ...
1 year ago Techrepublic.com

New Microsoft Incident Response guides help security teams analyze suspicious activity - Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for ...
1 year ago Microsoft.com

Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com

Combat Phishing Attacks With AI-Powered Threat Protection - According to statistics, 81% of organizations have seen an increase in phishing emails since 2020, with an estimated 3.4 billion emails sent every day. AI-generated phishing emails are a sophisticated and evolving cybersecurity threat. ...
1 year ago Gbhackers.com

Flipping the BEC funnel: Phishing in the age of GenAI - For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic email and fire it out to thousands of recipients in the hope that a few might take the bait. Common among these new techniques was a shift towards ...
1 year ago Helpnetsecurity.com

Microsoft 365 To Block Downloaded Excel XLL Add-Ins To Boost Security - Microsoft has recently announced that in order to help improve security, Microsoft 365 is now blocking the download of XLL add-ins for Excel on both Window PCs and Apple Macs. This new feature will be put into effect early 2021, affecting both Office ...
2 years ago Bleepingcomputer.com

Phishing Campaign Exploits Open Redirection Vulnerability In 'Indeed.com' - Phishing remains one of the most prevalent challenges facing organisations, with more than three billion malicious emails estimated to be sent around the world every day. Owing to the prevalence of the problem, Verizon's 2023 Data Breach ...
1 year ago Cyberdefensemagazine.com

Sophisticated QR Code Phishing Attack Targeting Microsoft 365 Users to Steal Logins - This code snippet demonstrates how the attack validates and exfiltrates user credentials while redirecting victims to legitimate Microsoft services post-compromise, leaving users unaware of the breach. This attack represents a significant evolution ...
18 hours ago Cybersecuritynews.com

Vade Releases 2023 Phishers' Favorites Report - PRESS RELEASE. SAN FRANCISCO, Feb. 15, 2024 /PRNewswire/ - Vade, a global leader in threat detection and response with more than 1.4 billion mailboxes protected, today announced its annual Phishers' Favorites report for 2023. Phishers' Favorites ...
1 year ago Darkreading.com

Microsoft named as a Leader in three IDC MarketScapes for Modern Endpoint Security 2024 - With these security concerns top of mind, there is no surprise that in the last five years, the Modern Endpoint Security market has nearly tripled in size to defend against emerging, sophisticated, and persistent threats. Microsoft Defender for ...
1 year ago Techcommunity.microsoft.com

"Quishing" you a Happy Holiday Season - QR Code phishing scams - What they are and how to avoid them. Originally invented to keep track of car parts in the early 90s, QR codes have been around for decades. Quishing, or QR Code phishing, exploits smartphone users scanning the 2D barcode, ...
1 year ago Netcraft.com

Microsoft Disables Verified Partner Accounts Used for OAuth Phishing - Microsoft has disabled multiple fraudulent, verified Microsoft Partner Network accounts for creating malicious OAuth applications that breached organizations cloud environments to steal email. In a joint announcement between Microsoft and Proofpoint, ...
2 years ago Bleepingcomputer.com

USPS Delivery Phishing Scam Exploits SaaS Providers to Steal Data - A new USPS Delivery Phishing Scam has surfaced, in which scammers are exploiting Freemium Dynamic DNS and SaaS Providers to steal victims' login credentials and other data. Cybersecurity researchers at Bloster AI have uncovered a new USPS Delivery ...
1 year ago Hackread.com

Microsoft fixes Outlook Desktop crashes when sending emails - Microsoft has fixed a known issue causing Outlook Desktop clients to crash when sending emails from Outlook.com accounts. These problems were first reported on Microsoft's community website and other social networks by customers saying they were ...
1 year ago Bleepingcomputer.com

New Sophisticated Phishing Attack Exploiting Microsoft 365 Infrastructure To Attack Users - What makes this attack particularly dangerous is that traditional email authentication mechanisms cannot detect it since emails originate from legitimate Microsoft domains and pass all standard email security checks, directing victims to voice-based ...
2 weeks ago Cybersecuritynews.com

Microsoft: Hackers steal emails in device code phishing attacks - "The invitations lure the user into completing a device code authentication request emulating the experience of the messaging service, which provides Storm-2372 initial access to victim accounts and enables Graph API data collection activities, such ...
1 month ago Bleepingcomputer.com

Microsoft365 Themed Attack Leveraging OAuth Redirection for Account Takeover - Threat researchers at @Proofpoint are tracking two ongoing, highly targeted campaigns combining OAuth redirection mechanisms with brand impersonation techniques, malware proliferation and #Microsoft365 themed #credential phishing for #Account ...
2 weeks ago Cybersecuritynews.com

Botnet targets Basic Auth in Microsoft 365 password spray attacks - SecurityScorecard also highlights that you may be able to see signs of the password-spray attacks in Entra ID logs, which will show increased login attempts for non-interactive logins, multiple failed login attempts from different IPs, and the ...
1 month ago Bleepingcomputer.com

New Astaroth 2FA Phishing Kit Targeting Gmail, Yahoo, Office 365, and 3rd-Party Logins - To safeguard against sophisticated phishing attacks like the Astaroth 2FA phishing kit, users should create strong, unique passwords, enable two-factor authentication (2FA) using authenticator apps, and exercise caution when handling links or ...
1 month ago Cybersecuritynews.com

Microsoft deprecates Defender Application Guard for Office - Microsoft is deprecating Defender Application Guard for Office and the Windows Security Isolation APIs, and it recommends Defender for Endpoint attack surface reduction rules, Protected View, and Windows Defender Application Control as an ...
1 year ago Bleepingcomputer.com

The Future of Phishing Email Training for Employees in Cybersecurity - One common method they use is through phishing emails. To counter this changing threat, companies must give importance to providing phishing email training for employees on identifying and responding properly to phishing attempts. Standard training ...
10 months ago Hackread.com

Microsoft links recent Microsoft 365 outage to buggy update - While Microsoft resolved the Microsoft 365 authentication problems over the weekend, another advisory published on the admin center states that Exchange Online users still have issues accessing their calendar entries and email messages using the iOS ...
1 month ago Bleepingcomputer.com