Unnamed US Energy Company Targeted with QR code Phishing Campaign

September 26, 2023


Cybersecurity researchers uncovered a large phishing campaign using malicious QR codes with the hopes of acquiring Microsoft credentials at several targets, including a major U.S. energy company.

QR codes have become widely adopted since the onset of the COVID-19 pandemic, with thousands of restaurants and businesses replacing physical menus and guides with the machine-readable images that pull up webpages containing the same information. But hackers have been quick to exploit the trend, launching campaigns that spread fake QR codes to steal user information.

Cybersecurity firm Cofense released a new report on Wednesday identifying a campaign that began in May targeting a wide array of industries. The hackers sent thousands of emails containing malicious QR codes to companies, which took users to a Microsoft credential phishing page. The author of the report declined to name the energy company that was attacked but said that about 29% of the emails they tracked as part of the campaign were sent to the energy company.

Incident Date

May 20, 2023

Estimated Cost

No cost values disclosed.


No victims identified

Type of Malware

No Malware identified

Threat Source

No threat source identified