SquarePhish

SquarePhish is an advanced phishing tool that uses a technique combining OAuth Device code authentication flow and QR codes (See PhishInSuits for more about OAuth Device Code flow for phishing attacks).Scanning QR codes. Additionally, using dedicated QR code scanning apps that provide previews of the URLs before users are redirected can further enhance security. Organizations should also implement robust security awareness training for employees and encourage multi-factor authentication (MFA) to add an extra layer of protection.

Squarephish is a reminder of the evolving nature of phishing attacks, where cybercriminals adapt to new technologies and methods to exploit users' trust. As QR codes become more ubiquitous in both personal and professional contexts, it's crucial to remain vigilant and adopt proactive security measures to prevent falling victim to such deceptive tactics.

Attack Steps:

• Send malicious QR code to victim

• Victim scans QR code with mobile device

• Victim directed to attacker controlled server (Triggering OAuth Device Code authentication flow process)

• Victim emailed MFA code (Triggering OAuth Device Code flow 15 minute timer)

• Attacker polls for authentication

• Victim enters code into legit Microsoft website

• Attacker saves authentication token

Install:

git clone https://github.com/secureworks/squarephish; cd squarephish; pip install -r requirements.txt

Note: Before using either module, update the required information in the settings.config file noted with Required.

Usage (Email Module):

usage: squish.py email [-h] [-c CONFIG] [--debug] [-e EMAIL]

optional arguments:
  -h, --help            show this help message and exit

  -c CONFIG, --config CONFIG
                        squarephish config file [Default: settings.config]

  --debug               enable server debugging

  -e EMAIL, --email EMAIL
                        victim email address to send initial QR code email to

Usage (Server Module):

usage: squish.py server [-h] [-c CONFIG] [--debug]

optional arguments:
  -h, --help            show this help message and exit

  -c CONFIG, --config CONFIG
                        squarephish config file [Default: settings.config]

  --debug               enable server debugging

Square phishing attacks, which use social engineering tactics to deceive users into providing sensitive information, require a multi-faceted approach. Natural Language Processing (NLP) techniques, such as the "DARTH" model, can be used to analyze the content and metadata of phishing emails. Machine learning classifiers can also be used to enhance detection, with studies showing an impressive accuracy rate of 97.52% in identifying phishing emails. These models can adapt to emerging phishing tactics and remain effective as attackers refine their methods. Raising awareness and building robust detection systems are also crucial in combating square phishing. By integrating advanced machine learning, NLP techniques, and user awareness training, organizations can improve their ability to detect square phishing attacks and prevent data breaches.