Forum Discussion
Recieving increasing number of phishing attempts mimicking Microsoft MFA QR Codes
Even though we are MS 365 defender customers for all our users (EMS + E3) we are receiving an increasing number of phishing attempts based on good looking MFA connection requests. Furthermore these ...
elieelkarkafi ideally we should be able to alert on QR codes sent by unfamiliar (first contact) senders. While Microsoft boasts of safelinks, too many of these are making it through.
- I think I am going to look at building a homegrown solution for scanning images for QR codes and building some rules around alerting on it (uncommon senders and from public email domains). Shouldnt be too difficult to do. Nice little side project.
Babsvald currently the effective ways to protect against QR codes phishing emails is :
- Token Protection through Conditional Access
- Network Protection in block mode in MDE for both endpoint and mobile devices (iOS/ Android).
- threat analytics in M365D
- Web content filtering in MDE to block parked/ newly registered domains categories.
- While all the above is a good practice. Not allowing malicious QR codes through to begin with should be the focus. Much easier keeping the doors locked if we aren't handing out the keys.
- Hi Robert,
I agree, it would be helpful if suspected malicious QR codes could be checked in a sandbox environment by Defender before the user gets to open them, similar to suspicious emails with malicious links. This way users will need to report not receiving them to IT Security who will check and take the necessary actions depending upon whether they are safe or not.
