We have seen an increase in email phishing attacks that include QR codes like the one below. They ask you to scan the code with your phone’s camera, which then opens a web page with malware or a fake login page designed to trick you into entering your password and sometimes your multi-factor code. These pages may be customized to look like IC or Microsoft pages, and may even be prepopulated with your username or email address.
QR codes in email are not currently scanned by Microsoft to detect threats like normal links are, and criminals want you to open malicious web pages on your phone because we can’t help secure it. There are many legitimate uses for QR codes, but it’s never a good idea to scan a QR code from an email sender you don’t know or from some unknown Gmail or other address purporting to be someone you know.
