QR Code Email Phishing Attempt - How Harmony Helps

Date Posted:

27/09/2023

Author:

Mike

Share this Post:

QR Code Email Phishing Attempt – How Harmony Helps

Pretty much all of the leading cyber security vendors agree that email is one of, if not the most targeted attack vectors.

In recent years, many organisations have taken advantage of moving their email platform from legacy on-prem to more modern cloud-native tools based predominantly on either Microsoft 365 or Google Workspace. This transition led to many organisations reviewing their cyber security tooling that is in place for securing their email, as the more modern offering also provided some feature sets that can provide good basic email security, especially with regards to standard SPAM filtering.

We now see organisations that have completed that transition are finding that their email security protections are reduced and that some of the more sophisticated phishing and impersonation attacks are now getting through.

SEP2 have partnered with Check Point since we started the organisation, both our CEO Paul Starr and I have worked with Check Point for 15+ years each. When the Check Point CloudGuard SaaS platform was first released, and more recently as the evolution of that being the Check Point Harmony Email platform, we knew that they would be providing only the best email security.

We’re proud to say that we “eat our own dogfood” and use the Check Point Harmony Email platform ourselves. If you’ve been on the receiving end of a Harmony Email demonstration from me, you will know that as I use our tenant to give the demo. No better way of demonstrating to our customers how the system work in my opinion!

This last week we’ve seen a further evolution in advanced targeting phishing which many of the inbuilt email security tools aren’t aware of and are therefore allowing into a user’s inbox.

A very well-crafted email impersonating a DocuSign e-signature request, with a QR code embedded with the directive to “Scan the QR code to access the shared document”.

A built-in security tool allowed this through, but the Check Point Harmony Email platform actually understood that what the QR code is, decoded it, found that it linked to a URL shortening site as a further layer of obfuscation, followed that through to where it was actually taking you, and found a drive by download of malware as well as a credential harvesting page.

This is yet further proof that although there are savings to be had and efficiencies in not running the complicated Exchange email platform in house, taking just the vendor supplied tooling for email protection isn’t enough, you need a dedicated cyber security provider as well to give you peace of mind that your users are safe.

The attackers are only getting smarter, and it only takes one misstep by a user to bring things crashing down.

If you’d like a demo of the Check Point Harmony Email platform, or would like a 14 day trial, please get in touch and we can get that arranged.

Share this Post:

Tech Driven. People Powered.

Protect your business today

To find out more about how we can secure your organisation against all forms of cyber security attack, get in touch with SEP2 now or sign up to our newsletter.

Cookie	Duration	Description
__cfruid	session	Cloudflare sets this cookie to identify trusted web traffic.
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
_lfa	2 years	This cookie is set by the provider Leadfeeder to identify the IP address of devices visiting the website, in order to retarget multiple users routing from the same IP address.
AWSALBCORS	7 days	This cookie is managed by Amazon Web Services and is used for load balancing.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional	1 year	The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to store the user consent for cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
aka_debug	session	Vimeo sets this cookie which is essential for the website to play video functionality.
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
_calendly_session	21 days	Calendly, a Meeting Schedulers, sets this cookie to allow the meeting scheduler to function within the website and to add events into the visitor’s calendar.
AWSALB	7 days	AWSALB is an application load balancer cookie set by Amazon Web Services to map the session to the target.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_LSE9RP433S	2 years	This cookie is installed by Google Analytics.
_gat_UA-89994160-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
mf_user	3 months	Mouseflow sets this cookie to identify whether a visitor is new or returning.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Security Intelligence Services

Technical Services

Security Audit Services

QR Code Email Phishing Attempt - How Harmony Helps

Date Posted:

27/09/2023

Author:

Mike

Tags:

Share this Post:

QR Code Email Phishing Attempt – How Harmony Helps

Share this Post:

You May Also Like:

A Year in Review at SEP2 - 2024

Cyber Security Awareness Month 2024 - Key Takeaways For Your Business

When should a growing business invest in a Security Operations Centre (SOC)?

Tech Driven. People Powered.

Protect your business today

Sign Up

join our newsletter today

Kieron

Central Response Team Manager

Connect with Kieron on LinkedIn