Fake QR Codes, Venmo Memos Part Of Today’s Hacker Toolset

“This is horrible because this is a real mail from Venmo,” Inky CEO Dave Baggett said. “This is not a brand impersonation.”

A recent case of a hacker exploiting Venmo’s memo field in an effort to trick an email user into calling a fake help line showed Inky CEO and founder Dave Baggett how generative artificial intelligence can help beat threat actors.

Baggett (pictured), whose College Park, Md.-based company develops email security tools, told a room of solution providers that hackers create free accounts with Venmo and other payment services and then send money requests to their targets with the freeform text memo section filled out with a fake charge and a fake help number to call. Hackers then collect customer financial information from the phone call.

“This is horrible because this is a real mail from Venmo,” he said. “This is not a brand impersonation. … The only conceivable way you can identify this as malicious is to understand the text in that memo. So you have to have, first, a model that there are these scams. What are the payment services? And then you have to have some way to understand the language in that text.”

[RELATED: Huntress Director To MSPs: Growing Your Community Will Help Grow Your Business]

Inky Email Security

Using GenAI, Inky can understand the meaning of that memo text regardless of its wording, Baggett said.

“The only conceivable way you can identify this as malicious is to understand the text in that note,” he said. “You have to have, first, a model that there are these scams. What are the payment services? And then you have to have some way to understand the language in that text. And this is exactly where something like GenAI is hugely helpful.”

Baggett was speaking to solution providers and MSP executives at the XChange NexGen 2024 event, operated by CRN parent The Channel Company, which runs through Tuesday in Houston.

Inky has about 240 partners worldwide, according to CRN’s 2024 Channel Chiefs.

Zac Paulson, director of product and strategy at Fargo, N.D.-based ABM Technology Group – a member of CRN’s 2024 MSP 500 – told CRN in an interview that he no longer feels surprised when he sees a new phishing technique or new way for a threat actor to try to infiltrate a target’s IT system.

“They’re always getting trickier and dirtier,” Paulson said.

Baggett told solution providers that his team has seen hackers camp out in an account they’ve taken over, register a new domain and then hijack a conversion.

“A lot of the stuff we see is very high frequency, like fake voicemail scams,” he said. “This is very low frequency with a huge blast radius. These are very infrequent. But if someone falls for them, you end up wiring hundreds of thousands of dollars.”

Another recent tactic Baggett’s team has seen from a threat actor is a block of text made to look like an innocuous quick-response code image. The fake QR code was actually a bunch of text in Unicode filled with “weird code points.”

“Usually, these things will either go to some credential harvesting … or some other similar scam,” Baggett said. “A lot of work to do this, right? But imagine the difficulty now of dealing with this if you're not … rendering every mail.”