Berkleley Lab

Information Technology

You are here: Home / News / Cyber Security / New Phishing Tactics: QR codes and SMS

New Phishing Tactics: QR codes and SMS

Published on by Leslie Van Every.

The Berkeley Lab Cyber Security group has identified a new phishing tactic that uses an image file and QR codes to bypass spam filters. The attacker then takes the attack to your phone, communicating with you via SMS messages. The attacker’s goal with this phishing scam is to acquire your MFA code. 

Attackers start by sending you a generic email that includes a QR code with an image file attached. If you scan the QR code, you are sent to a URL that looks like the lbl.gov login page, but is actually a phishing page. If you put in your phone number, the attacker will reach out to you via SMS and actively try to convince you to send your MFA code to them. 

Keep reading for a specific example of this phish and tips on how to recognize and report these incidents.

Email and Website Example

Here is an example email featuring a QR code the attacker wants you to scan with your phone. Microsoft software and systems are commonly used so the recognizable brand might trick staff into thinking it’s real. The generic text in the email also makes the request seem routine. Please note that the lab will never ask you for your phone number or use QR codes to log in. 

Original Message:

If you use the QR code, you end up on a page that looks a lot like the lbl.gov login page, but as you can see, the URL is incorrect. In this specific case, the attacker is using a free Wix site, so the banner about it being designed with Wix stands out, but other future attacker sites may not have this giveaway.

SMS Example

What makes this phishing attack unusual is the use of live humans to actively engage with you via SMS, so it feels more personalized. This tactic is used to obtain your MFA code, which you should never share with anyone.

Here is a sample exchange:

Recommended Actions

Berkeley Lab Cyber Security group believes it is important to understand the attackers are always evolving their phishing tactics with new ways to steal your information. If you experience any sort of QR codes that lead you to incorrect Berkeley Lab URLs, it is a scam that should be reported to security@lbl.gov

Tips to help protect the Lab from scammers: 

  1. Be wary of any unknown senders
  2. If you use a QR code, be sure to check the URL you are being sent to confirm it is a true lbl.gov address
  3. Never give your MFA code to anyone
  4. Report any emails that you think could be spam and forward emails to: security@lbl.gov
  5. Stay up to date with Cyber Security Training requirements.

Remember: the best defense for phishing attacks is to be aware of the latest tactics such as unusual social engineering emails or this recent QR/SMS method, remain vigilant, and report anything suspicious.

Was this page useful?

Send
like not like
Back to Top