Missile Alert Phishing Exploits Iran-US-Israel Conflict for Microsoft Logins

Summary

Security researchers at Cofense discovered a phishing campaign impersonating Iran's Ministry of Interior and Civil Defense, using fake missile alert warnings to trick users into scanning malicious QR codes. The scam redirects victims to a fake Microsoft login page designed to harvest credentials, leveraging geopolitical tensions and panic-driven social engineering to bypass security awareness. The campaign uses spoofed government email addresses and mimics legitimate emergency alert language to maximize credibility.

Full text

Security Scams and FraudMissile Alert Phishing Exploits Iran-US-Israel Conflict for Microsoft Logins New Phishing scam uses fake missile alerts and the ongoing conflict involving Iran to target users with QR codes and fake government emails to steal Microsoft passwords. byDeeba AhmedApril 6, 20262 minute read The way wars are fought today has changed, and our smartphones have become part of the battle. Hackers always want to cash in on political or regional conflicts, and they are now connecting their scams with the latest news about the US, Israel, and Iran. As we know it, when people are worried about what they see on the news, they are more likely to make mistakes in real life. Researchers at email security firm Cofense have found that these scammers send out fake emergency alerts to scare people into handing over their passwords. The QR code trap The Cofense Phishing Defense Center (PDC) recently found that hackers are pretending to be the Ministry of Interior and Civil Defense, and send out emails with the subject Public Safety Advisory – Action Recommended. These emails often come from a fake address: [email protected]. While the phishing emails do not explicitly mention the phrase “Iran missile alert,” the language used, such as urgent missile warnings and instructions to seek shelter, closely mirrors real civil defence alerts seen during regional tensions involving Israel and Iran. This context makes the “Iranian missile alert” framing reasonable from an editorial standpoint, even if it is not directly stated in the scam message itself. Lure email (Source: Cofense) The messages are written to make you panic. They show a SEVERE / ACTIVE warning and tell you to take cover immediately because of a missile attack. Instead of a normal web link, they ask you to scan a QR code to see official emergency procedures. However, as per Cofense’s report, shared with Hackread.com, this is a trick to get past security filters. “This is a classic example of social engineering, leveraging panic and authority to trick users into acting quickly without verification. The repeated phrasing, lack of personalization, and reliance on a QR code instead of a verified source all indicate a mass phishing attempt designed to exploit situations of panic and prompt impulsive actions,” researchers noted. Stealing Microsoft passwords When the victim scans the code, they are redirected to a fake human check page at ministry.sharedfilescorps.com/interior/$, where they have to click a box to prove they are not a robot. When done, they are sent to a fake Microsoft login page, which looks just like the real one, but it is actually a trap used to steal their login credentials. Fake Microsoft login page (Source: Cofense) By using the famous Microsoft name and pretending to be a government office, these hackers make their lies look very real. According to researchers, they are “exploiting fear-driven narratives” to catch people while they are distracted by the news. Experts suggest that to stay safe, you should never type your password into a site you found through an unexpected QR code. Deeba Ahmed Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform’s trusted coverage. View Posts CofenseCyber AttackCybersecurityIranIsraelPhishingQR CodeScamUSA Leave a Reply Cancel reply View Comments (0) Related Posts Hacking News Gaming Security Epic Games Forums Suffer Data Breach; 800k Accounts Stolen Epic Games’ forums have suffered a data breach — It’s just another day and just another breach. Gaming… byUzair Amir Security Top 3 data security risks facing businesses There are many ways that data security risks can occur, and it is important to be aware of them in order to protect our information. byOwais Sultan Malware Security Researchers Found Another Malware Targeting Linux Users Linux is considered as one of the most secure operating systems — However, there’s a trojan attacking specifically… byUzair Amir Read More Security Dark Web Researchers Uncover Dark Web Operation Entirely Focused on KYC Bypass iProov uncovers a major Dark Web operation selling stolen identities with matching biometrics, posing a serious threat to KYC verification systems byDeeba Ahmed

Indicators of Compromise

• domain — ministry.sharedfilescorps.com

Entities