Home
Forums
New posts
Search forums
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Home
Forums
CARDING & HACKING
Carding News
QR Code, CAPTCHAS, and Logos as the Art of Hidden Threats in Your Email
Message
<blockquote data-quote="Brianwill" data-source="post: 873" data-attributes="member: 15"><p>How do the 3 most reliable methods of stealing data from inattentive victims work?</p><p></p><p>According to statistics from the information security company ANY.RUN, in 2023, the use of QR codes, CAPTCHAS, and steganography became a popular phishing method.</p><p></p><p>One of the new phishing techniques - Quishing (QR and phishing), involves hiding malicious links in QR codes. This method avoids detection by traditional anti-spam filters focused on text messages. Many security tools are not able to decipher the contents of QR codes, which makes the method particularly effective for cybercriminals.</p><p></p><p><img src="https://www.securitylab.ru/upload/medialibrary/90e/25k4jbh5y6nks0stqp21lnk26q4n2yqb.jpg" alt="25k4jbh5y6nks0stqp21lnk26q4n2yqb.jpg" class="fr-fic fr-dii fr-draggable " style="" /></p><p><em>Malicious QR code in an email</em></p><p></p><p>Phishing attacks also use CAPTCHA, a website security tool. Criminals use CAPTCHAS to mask forms of credential collection on fake sites by creating hundreds of domain names using the Randomized Domain Generated Algorithm (RDGA) and implementing CAPTCHAS. For example, in an attack on a Halliburton Corporation employee, the victim is first asked to complete a CAPTCHA check, and then redirected to a fake Office 365 login page.</p><p></p><p><img src="https://www.securitylab.ru/upload/medialibrary/4eb/7r0oybwbtm4f888a9b624aydjwmq0rkz.jpg" alt="7r0oybwbtm4f888a9b624aydjwmq0rkz.jpg" class="fr-fic fr-dii fr-draggable " style="" /></p><p><em>Passing a CAPTCHA on a phishing site</em></p><p></p><p>Phishing campaigns also use steganography, a method of hiding data in various media. For example, in a fake email from a Colombian government organization that contains a link to a file on Dropbox, a hidden VBS script extracts an image with malicious code when executed, infecting the victim's system.</p><p></p><p><img src="https://www.securitylab.ru/upload/medialibrary/5e3/hoktrmpn43u1gqhcol38yup56atv5sfj.jpg" alt="hoktrmpn43u1gqhcol38yup56atv5sfj.jpg" class="fr-fic fr-dii fr-draggable " style="" /></p><p><em>Malicious code is hidden in the document's logo</em></p><p></p><p>With the evolution of phishing attacks and new techniques such as QR codes, captchas, and steganography, users and organizations need to be more alert and aware of potential threats. It is important to use modern tools and services to analyze and prevent malicious attacks. Cybersecurity training and awareness also play a key role in combating cybercrime.</p></blockquote><p></p>
[QUOTE="Brianwill, post: 873, member: 15"] How do the 3 most reliable methods of stealing data from inattentive victims work? According to statistics from the information security company ANY.RUN, in 2023, the use of QR codes, CAPTCHAS, and steganography became a popular phishing method. One of the new phishing techniques - Quishing (QR and phishing), involves hiding malicious links in QR codes. This method avoids detection by traditional anti-spam filters focused on text messages. Many security tools are not able to decipher the contents of QR codes, which makes the method particularly effective for cybercriminals. [IMG alt="25k4jbh5y6nks0stqp21lnk26q4n2yqb.jpg"]https://www.securitylab.ru/upload/medialibrary/90e/25k4jbh5y6nks0stqp21lnk26q4n2yqb.jpg[/IMG] [I]Malicious QR code in an email[/I] Phishing attacks also use CAPTCHA, a website security tool. Criminals use CAPTCHAS to mask forms of credential collection on fake sites by creating hundreds of domain names using the Randomized Domain Generated Algorithm (RDGA) and implementing CAPTCHAS. For example, in an attack on a Halliburton Corporation employee, the victim is first asked to complete a CAPTCHA check, and then redirected to a fake Office 365 login page. [IMG alt="7r0oybwbtm4f888a9b624aydjwmq0rkz.jpg"]https://www.securitylab.ru/upload/medialibrary/4eb/7r0oybwbtm4f888a9b624aydjwmq0rkz.jpg[/IMG] [I]Passing a CAPTCHA on a phishing site[/I] Phishing campaigns also use steganography, a method of hiding data in various media. For example, in a fake email from a Colombian government organization that contains a link to a file on Dropbox, a hidden VBS script extracts an image with malicious code when executed, infecting the victim's system. [IMG alt="hoktrmpn43u1gqhcol38yup56atv5sfj.jpg"]https://www.securitylab.ru/upload/medialibrary/5e3/hoktrmpn43u1gqhcol38yup56atv5sfj.jpg[/IMG] [I]Malicious code is hidden in the document's logo[/I] With the evolution of phishing attacks and new techniques such as QR codes, captchas, and steganography, users and organizations need to be more alert and aware of potential threats. It is important to use modern tools and services to analyze and prevent malicious attacks. Cybersecurity training and awareness also play a key role in combating cybercrime. [/QUOTE]
Name
Verification
Post reply
Home
Forums
CARDING & HACKING
Carding News
QR Code, CAPTCHAS, and Logos as the Art of Hidden Threats in Your Email
Top