A new phishing technique dubbed “GhostLink” has emerged. Attackers compromise a user’s account (e.g., Teams or Zoom) and join a legitimate meeting. They then silently share their screen, displaying a malicious QR code (often disguised as a “meeting feedback survey” or “file download”) as a virtual background, tricking other participants into scanning it.
Business Impact
This is a highly effective social engineering attack that bypasses traditional email filters. Scanning the QR code leads users to credential harvesting sites or malware downloads, directly compromising their mobile devices or laptops and giving attackers a foothold inside the trusted corporate network.
Why It Happened
Attackers are exploiting the high level of trust and frequent use of QR codes in a corporate setting. By inserting the malicious QR code into a live, trusted meeting, they create a sense of legitimacy and urgency that encourages users to act without suspicion.
Recommended Executive Action
Immediately issue an advisory to all employees warning them against scanning QR codes presented in video meetings, even if they appear to be from colleagues. Mandate “out-of-band” verification for any unexpected links or files shared during meetings.
Hashtags: #Phishing #QRCode #SocialEngineering #Zoom #MicrosoftTeams #CyberSecurity #InfoSec #CyberAwareness