Beware of QR code attacks that can bypass even two-factor authentication (2FA)


Nowadays, QR codes have become a popular tool that helps users quickly access online information. However, not everyone is aware that QR codes are being exploited by cybercriminals to carry out sophisticated phishing attacks. According to a report from security experts at Sophos, this form of attack, known as "quishing," is on the rise and poses a direct threat to users' personal information security.

Sophisticated and dangerous QR code attacks

Quishing is a phishing attack method that uses QR codes. Attackers send emails containing malicious QR codes to victims. When scanned, users are redirected to a fake website, where their login information, and even multi-factor authentication (MFA) codes, can be stolen.

A Sophos employee shared that he had become a victim of a quishing scam. He received an email from an unfamiliar account containing a QR code. The email appeared trustworthy, so out of curiosity, he scanned the QR code and was led to a fake Microsoft 365 login page. Immediately, all his login credentials, account details, and even MFA codes were stolen.

Some advice from technology experts

Experts recommend that users:

  • Be cautious when scanning QR codes,especially those in emails or messages from unknown senders. Always carefully check the URL before logging into any website.
  • Businesses should raise employee awarenessabout quishing attacks.
  • Implement appropriate security measuresto protect organizational information.
  • Two-factor authentication with the physical security key Yubikey: This robust hardware authentication device from Sweden, developed by Yubicoand officially distributed by HPT Vietnam, effectively protects users from phishing and quishing attacks. YubiKey ensures that only those who possess the device can log into your account, safeguarding it from cyberattacks. 

Some information security monitoring and protection solutions for businesses from HPT:

  • Information Security (IS) Monitoring Service: HPT offers 24/7 Information Security monitoring services, providing continuous oversight and early detection of abnormal activities within your business’s system. With a team of highly experienced experts, we help protect your business from dangerous attacks, ensuring that your systems remain secure.
    • Information Security (IS) Assessment: To ensure that your company’s security system operates efficiently, HPT provides a comprehensive Information Security Assessment service. This service helps identify security vulnerabilities in a timely manner, offering suitable solutions to address them, ensuring your business is always prepared to tackle threats.

      Stay vigilant against modern phishing schemes and strengthen maximum security measures for both personal and business accounts. HPT is always ready to provide optimal technology solutions to help protect you and your business from dangerous cyberattacks.

      If you'd like to learn more about our Information Security Monitoring and Protection Solutions, feel free to contact HPT today!

      📞
      📧
      🌐