Improve user resilience against QR code phishing by info.odysseyx@gmail.com September 10, 2024 written by info.odysseyx@gmail.com September 10, 2024 0 comment 14 views 14 QR codes are gaining popularity as an easy way to access information about services and products. While QR codes are often used as a convenient shortcut, they can also be used by cybercriminals to trick users into accidentally scanning a QR code, exposing them to danger. It is important to understand the risks of QR codes, such as redirecting to fake websites or downloading malware. Education can help users verify that a QR code is genuine, research the destination URL, and use a trusted app to scan it. In the ongoing fight against phishing, informed end users are a vital line of defense, preventing possible threats and enhancing the resilience of your organization. Recently, we have observed a new trend in phishing campaigns that leverage QR codes embedded in emails to evade detection and trick users into visiting malicious links. To help customers defend against these new threats, Microsoft Defender for Office 365 has introduced several prevention enhancements to detect and block QR code-based attacks. Check out this blog to learn more about QR codes and how Defender for Office 365 protects end users from these attacks. Protect your organization from QR code phishing with Defender for Office 365 We’ve also introduced several improvements to our investigation, hunting, and response capabilities to help security teams hunt and respond to these threats. You can read more about these improvements here. Hunt and respond to QR code-based phishing attacks using Defender for Office 365 We’re excited to announce that Microsoft Defender for Office 365 has made several updates to its prevention, detection, and investigation capabilities, as well as simulation and training capabilities. As part of the simulation improvements, you can now: Run simulations and track user responses using QR codes Leverage ready-to-use global payloads and create custom payloads with QR codes Leverage educational content through video modules and how-to guides Running the simulation There is no change in running the simulation. The current flow including user selection, payload selection, training schedule and notifications can also be applied to QR code-based simulations. You can select a payload with a QR code within the simulation to use in the simulation. Currently configuring payloads with QR codes and using these payloads in simulations is applicable to email platforms and the attack techniques below. Support for Teams platforms and attachment link and attachment malware techniques will be provided later. Collect credentials Links to malware Drive by URL OAuth consent grant Given that QR codes are another vector for phishing URLs, the user events related to read/delete/compromise/click remain the same. That is, if a user scans a QR code and then navigates to a URL, it is tracked as a click event. The existing mechanisms for tracking compromise, deletion, and reporting events remain the same. Global and Tenant Payloads Global Payload Our payload library now contains 75 payloads in 5 languages, covering a variety of real-world scenarios related to QR code attacks. These payloads can be found in the Content Library – Global Payloads, and each starts with: QR Code Payload (for example, QR Code Payload: Winner Notification) You can find it by entering “QR” in the search box. Before implementing these payloads in a simulation, it is recommended to thoroughly review the various fields and contents. Image: Attack Simulation Training Library Tenant Payload You can create a custom payload by duplicating an existing global payload or creating a payload from scratch. You can insert a QR code within the payload editing environment using dynamic tags (insert QR code) or formatting controls (QR code icon). There are options to choose the size and position of the QR code. Image 1: Insert QR Code dropdown Image 2: Inserting a QR Code Image 3: Insert QR Code Menu Image 4: Payload configuration and preview The generated QR code is mapped to the phishing URL you selected while configuring the payload in the Payload Wizard. When this payload is used in a simulation, the service replaces the QR code with a dynamically generated QR code to track click and compromise metrics. The size, position, and shape of the QR code match the configuration of the QR you configured in the payload. Training content We provide two mechanisms to learn about QR-based attacks: how-to guides and new training modules provided by our content partners. How to use guide How-to guides are designed to provide end users with a light guide on how to report phishing messages directly via email. By delivering these guides directly to your end users’ inboxes, you can ensure that your end users have the information they need to confidently report suspicious emails. You can filter the how-to guides by one of the following: Filter by technology = How-to guide Search by name = ” Training Guide: How to Recognize and Report QR Phishing Messages Image 5: Training Guide Unconventional education Added new trainings within the Training List (Content Library – Training Module). Malicious digital QR code, This is a short tutorial to educate users on what to do when they receive a QR code in their email. You can assign the training as part of a simulation or use a training campaign to assign the training to users. Image 6: Ready-to-use training configuration Image 7: Preview of ready-to-use training More information If you have other questions or feedback about Microsoft Defender for Office 365, please reach out to the community and Microsoft experts.Defender for Office 365 Forum. Source link Share 0 FacebookTwitterPinterestEmail info.odysseyx@gmail.com previous post Native JSON support now in preview in Azure SQL Managed Instance next post Introducing SDAIA and Their Latest Arabic LLM on Azure AI Model Catalog You may also like 7 Disturbing Tech Trends of 2024 December 19, 2024 AI on phones fails to impress Apple, Samsung users: Survey December 18, 2024 Standout technology products of 2024 December 16, 2024 Is Intel Equivalent to Tech Industry 2024 NY Giant? December 12, 2024 Google’s Willow chip marks breakthrough in quantum computing December 11, 2024 Job seekers are targeted in mobile phishing campaigns December 10, 2024 Leave a Comment Cancel Reply Save my name, email, and website in this browser for the next time I comment.