Cyber criminals are increasingly sophisticated, finding creative ways to deceive even the most cautious users. Recently, a new trend has emerged involving phishing scams on Microsoft Teams, where attackers use fake QR codes in a tactic called ‘quishing’ (QR code phishing) to gain access to sensitive information.
This threat has already impacted companies worldwide, and as a result, staying informed and vigilant is more critical than ever. In this article, we’ll break down how these scams work, what to watch out for, and how to protect yourself and your business.
The latest scam leverages Microsoft Teams to trick employees into revealing sensitive information. Here’s how it typically unfolds:
1. Fake alerts via Teams messages:
Cyber criminals gain access to Teams and send fraudulent messages pretending to be from trusted departments within the organisation, such as IT, finance or HR.
2. QR code links (quishing):
These messages often contain QR codes, asking employees to scan them to complete an urgent task, such as updating their login credentials or verifying their account for security purposes.
3. Redirected to phishing sites:
Scanning the QR code leads employees to fake login pages that look identical to Microsoft’s legitimate sites. When employees enter their login information, attackers capture it and gain access to company systems and data.
4. Data theft and further exploits:
With these stolen credentials, attackers can access sensitive company data, potentially leading to theft, ransomware attacks, or other malicious activities.
Microsoft Teams has become a trusted platform for workplace collaboration, especially as more people work remotely. Attackers are capitalising on this trust, knowing that employees are less likely to question messages coming through this familiar platform. Furthermore, QR codes make it difficult for employees to quickly assess if the link they’re clicking is legitimate, adding another layer of deception.
Knowing what to look for can be your first line of defence. Here are some red flags:
Unexpected requests:
Be wary of QR codes appearing in Teams messages that ask you to take immediate action, especially if it’s something you haven’t discussed previously with your colleagues or other departments.
Vague language and urgency:
Scammers often create a sense of urgency, claiming there is a problem that must be fixed immediately.
Unusual or generic language:
If the message lacks personalisation or has grammatical errors, or just doesn’t sound like the company’s usual tone of voice, then it could be a sign of a phishing attempt.
Check with IT:
Before scanning any QR code from a Teams message, contact your IT department or support team directly to verify the legitimacy of the request.
To prevent your organisation from falling victim to QR code phishing on Teams, consider the following steps:
1. Educate employees on quishing:
Share information on this type of scam with your team and consider undertaking Human Risk Management training. Make sure they know not to scan QR codes or follow links without verifying the source first.
2. Implement multi-factor authentication (MFA):
MFA, sometimes referred to as two-factor authentication (2FA), adds an additional layer of security, making it harder for attackers to access accounts, even if they manage to steal login credentials.
3. Encourage employees to verify requests:
If employees receive a Teams message requesting sensitive information, they should confirm the request with the IT department through another channel.
4. Monitor and restrict permissions:
Limit access to sensitive information to only those who absolutely need it. Monitoring permissions helps minimise potential damage in the event of an attack.
5. Use anti-phishing tools and cyber security solutions:
Anti-phishing tools can help detect and block phishing attempts across platforms, including Teams. Regularly update these tools to stay protected against evolving threats.
6. Adopt a zero-trust approach:
Trust nothing by default, and verify every access request, especially if it involves sensitive data or critical systems.
If you or one of your team has already scanned a suspicious QR code, here are some immediate steps to take:
1. Report the incident to IT:
Quickly inform your IT department so they can take necessary measures to secure your account and assess potential damage.
2. Change your password:
Immediately update your Microsoft account password and any other accounts that may share similar credentials.
3. Run a security check:
Have your IT team check for any unusual account activity and secure any affected systems.
4. Alert other team members:
Notify your colleagues so they can be vigilant and avoid scanning similar QR codes.
With cyber threats evolving, awareness and proactive measures are essential to protect your business. Scams on platforms like Microsoft Teams highlight the need for constant vigilance, education, and robust security practices.
By keeping employees informed and implementing essential security protocols, your business can stay one step ahead of cyber criminals.
READ MORE – CYBER SECURITY TRAINING
Stay safe, stay informed, and remember—if something feels suspicious, it’s always best to double-check with your IT team before taking any action.