Warning, there is a new QR code scam phishing email about
We haven’t seen this kind of phishing email before and it’s bound to catch some people out. In the examples I have seen the email comes from a hacked email account which means it is more likely to pass through spam filters undetected. The body of the email looks like this-
We’ve modified this image to replace the scam QR code with an innocuous one but other than that this is exactly what the scam email looks like. If you scan the QR code you are taken to the scammers website which prompts you with a standard Microsoft 365 sign-in prompt, no doubt the website is saving the sign-in session cookie and from that moment can access your 365 account without further MFA prompts. It’s a clever ruse and will certainly catch a lot of unsuspecting people.
If you receive an email like this, delete it and if you are unsure call your I.T. support provider.