Forum Discussion
Recieving increasing number of phishing attempts mimicking Microsoft MFA QR Codes
Even though we are MS 365 defender customers for all our users (EMS + E3) we are receiving an increasing number of phishing attempts based on good looking MFA connection requests. Furthermore these ...
MGessner did you check your service health notifications sent by Microsoft? because Microsoft this week send a message status in service health in O365 portal that Some users are receiving large amounts of spam messages from specific senders in Exchange Online
elieelkarkafi ideally we should be able to alert on QR codes sent by unfamiliar (first contact) senders. While Microsoft boasts of safelinks, too many of these are making it through.
- I think I am going to look at building a homegrown solution for scanning images for QR codes and building some rules around alerting on it (uncommon senders and from public email domains). Shouldnt be too difficult to do. Nice little side project.
Babsvald currently the effective ways to protect against QR codes phishing emails is :
- Token Protection through Conditional Access
- Network Protection in block mode in MDE for both endpoint and mobile devices (iOS/ Android).
- threat analytics in M365D
- Web content filtering in MDE to block parked/ newly registered domains categories.
- While all the above is a good practice. Not allowing malicious QR codes through to begin with should be the focus. Much easier keeping the doors locked if we aren't handing out the keys.
