The way wars are fought today has changed, and our smartphones have become part of the battle. Hackers always want to cash in on political or regional conflicts, and they are now connecting their scams with the latest news about the US, Israel, and Iran.
As we know it, when people are worried about what they see on the news, they are more likely to make mistakes in real life. Researchers at email security firm Cofense have found that these scammers send out fake emergency alerts to scare people into handing over their passwords.
The QR code trap
The Cofense Phishing Defense Center (PDC) recently found that hackers are pretending to be the Ministry of Interior and Civil Defense, and send out emails with the subject Public Safety Advisory – Action Recommended. These emails often come from a fake address: [email protected].
While the phishing emails do not explicitly mention the phrase “Iran missile alert,” the language used, such as urgent missile warnings and instructions to seek shelter, closely mirrors real civil defence alerts seen during regional tensions involving Israel and Iran. This context makes the “Iranian missile alert” framing reasonable from an editorial standpoint, even if it is not directly stated in the scam message itself.
The messages are written to make you panic. They show a SEVERE / ACTIVE warning and tell you to take cover immediately because of a missile attack. Instead of a normal web link, they ask you to scan a QR code to see official emergency procedures. However, as per Cofense’s report, shared with Hackread.com, this is a trick to get past security filters.
“This is a classic example of social engineering, leveraging panic and authority to trick users into acting quickly without verification. The repeated phrasing, lack of personalization, and reliance on a QR code instead of a verified source all indicate a mass phishing attempt designed to exploit situations of panic and prompt impulsive actions,” researchers noted.
Stealing Microsoft passwords
When the victim scans the code, they are redirected to a fake human check page at ministry.sharedfilescorps.com/interior/$, where they have to click a box to prove they are not a robot. When done, they are sent to a fake Microsoft login page, which looks just like the real one, but it is actually a trap used to steal their login credentials.
By using the famous Microsoft name and pretending to be a government office, these hackers make their lies look very real. According to researchers, they are “exploiting fear-driven narratives” to catch people while they are distracted by the news. Experts suggest that to stay safe, you should never type your password into a site you found through an unexpected QR code.
