If the user scans the QR code with their mobile device, they are directed to a fake Microsoft authentication page whose domain (hxxps://parameterstore[.]<wbr />fechuvu[.]com) is not associated with the target’s organization. The phishing page impersonates the target organization by including their logo and branding and embedding a Google Maps image of the organization's specific work location in the background, creating a false sense of trust and increasing the scam's effectiveness. It also prepopulates the user’s email address to trick them into providing their password, multi-factor authentication (MFA) code, associated session cookies, and sensitive information.
Recommendations
- Exercise caution with unexpected or unsolicited communications.
- Confirm requests from senders using contact information obtained from verified, official sources before taking action, such as clicking links, scanning QR codes, or opening attachments.
- Use email security tools that can scan embedded images for malicious QR codes.
- Enter official website URLs manually into your browser and submit sensitive information only on official websites.
- Keep systems and browsers up to date.
- Report malicious cyber activity to the NJCCIC and the FBI's IC3.
