Malicious QR code cyberattacks target education sector, Microsoft report shows

The education sector faces more than 2,500 cyberattack attempts each week, including malicious QR code campaigns, according to a report Microsoft published Thursday.

The October report, part of Microsoft’s Cyber Signals series, includes an overview of the state of cybersecurity in K-12 and higher education, which notes the rise of malicious QR codes targeting the education sector. According to the report, Microsoft’s Defender for Office 365 product blocked more than 15,000 emails each day that targeted the education sector with phony QR codes.

“Images in emails, flyers offering information about campus and school events, parking passes, financial aid forms, and other official communications all frequently contain QR codes. … This creates an attractive backdrop for malicious actors to target users who are trying to save time with a quick image scan,” the report reads.

Microsoft notes that universities face unique challenges when it comes to warding off cyberattacks, given their commitments to collaboration, openness and research.

“Professors, researchers, and other faculty operate under the notion that technology, science—simply knowledge itself—should be shared widely. If someone appearing as a student, peer, or similar party reaches out, they’re often willing to discuss potentially sensitive topics without scrutinizing the source,” the report reads.