The recovered Microsoft Word document includes a logo from the targeted company and a malicious quick-response (QR) code claiming to direct the target to the document needing review. Upon scanning the QR code, targets are redirected to a site that poses as a Microsoft login page. Any entered credentials are forwarded to threat actors.
Recommendations
- Avoid clicking links and opening attachments in unsolicited emails.
- Confirm requests from senders via contact information obtained from verified and official sources.
- Type official website URLs into browsers manually.
- Facilitate user awareness training to include these types of phishing-based techniques.
- Maintain robust and up-to-date endpoint detection tools on every endpoint.
- Consider leveraging behavior-based detection tools rather than signature-based tools.
- Report malicious activity to the FBI's IC3 and NJCCIC.
