---
title: "QR Phishing Surges, Sentinel Targets Cybercrime, Ghanaian Bank Ransomware | DMARC Report"
description: "QR Phishing Surges, Sentinel Targets Cybercrime, Ghanaian Bank Ransomware from DMARC Report explains practical steps for email authentication, domain."
image: "https://dmarcreport.com/og/blog/qr-phishing-surges-sentinel-targets-cybercrime-ghanaian-bank-ransomware.png"
canonical: "https://dmarcreport.com/blog/qr-phishing-surges-sentinel-targets-cybercrime-ghanaian-bank-ransomware/"
---
Quick Answer
\_According to the FBI's 2022 Internet Crime Report (IC3), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report QR Phishing Surges, Sentinel Targets Cybercrime, Ghanaian Bank Ransomware
Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/)
Share
[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fqr-phishing-surges-sentinel-targets-cybercrime-ghanaian-bank-ransomware%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=QR%20Phishing%20Surges%2C%20Sentinel%20Targets%20Cybercrime%2C%20Ghanaian%20Bank%20Ransomware&url=undefined%2Fblog%2Fqr-phishing-surges-sentinel-targets-cybercrime-ghanaian-bank-ransomware%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fqr-phishing-surges-sentinel-targets-cybercrime-ghanaian-bank-ransomware%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fqr-phishing-surges-sentinel-targets-cybercrime-ghanaian-bank-ransomware%2F&title=QR%20Phishing%20Surges%2C%20Sentinel%20Targets%20Cybercrime%2C%20Ghanaian%20Bank%20Ransomware "Share on Reddit") [ ](mailto:?subject=QR%20Phishing%20Surges%2C%20Sentinel%20Targets%20Cybercrime%2C%20Ghanaian%20Bank%20Ransomware&body=Check out this article: undefined%2Fblog%2Fqr-phishing-surges-sentinel-targets-cybercrime-ghanaian-bank-ransomware%2F "Share via Email")
> Domain spoofing is trivially easy without DMARC enforcement, says Brad Slavin, General Manager of DuoCircle. Anyone can send email that looks like it comes from your domain. DMARC with p=reject is the only way to tell receiving servers to block unauthorized senders completely.
\_According to the [FBI’s 2022 Internet Crime Report (IC3)](https://www.ic3.gov/Media/PDF/AnnualReport/2022IC3Report.pdf), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report
QR Phishing Surges, Sentinel Targets Cybercrime, Ghanaian Bank Ransomware
```
```
/
```
```
RSS Feed
```
Share
Link
Embed
```
/\*! This file is auto-generated \*/ ’ title=“Embed Code” class=“input-embed input-embed-36317” readonly/>
```
```
Cyber incidents this week focused on QR code phishing scams, neutralizing African cybercrime groups, and a major ransomware attack on a Ghanaian bank. While Kaspersky discovered an upsurge in [QR code](https://en.wikipedia.org/wiki/QR%5Fcode) phishing, Operation Sentinel disrupted major [cybercrime groups](https://edition.cnn.com/2025/06/28/business/cyberattacks-airlines-fbi-criminal-group).
Meanwhile, the Ghanaian bank suffered a major ransomware attack as [cybercrooks](https://www.csoonline.com/article/4032743/cybercrooks-faked-microsoft-oauth-apps-for-mfa-phishing.html) managed to wipe away USD 120,000.
## Kaspersky found a 5x boost in QR code phishing scams!
A group of researchers at Kaspersky has found a massive [5x spike ](https://www.itvoice.in/kaspersky-detected-a-fivefold-surge-in-qr-code-phishing-attacks-in-the-second-half-of-2025)in QR code phishing in the second half of 2025\. While the number of QR phishing attempts in August 2025 was **46,969**, the number jumped to a whopping \*\*249,723 by November. These malicious QR codes are mostly used in emails as they make it extremely easy and feasible for threat actors to hide fake URLs and go undetected by security solutions.
As of 2025, DMARC is mandatory under multiple compliance frameworks. [CISA BOD 18-01](https://www.cisa.gov/news-events/directives/bod-18-01) requires p=reject for US federal domains. [PCI DSS v4.0](https://www.pcisecuritystandards.org/) mandates DMARC for organizations processing payment card data as of March 2025\. Google and Yahoo require DMARC for bulk senders (5,000+ messages/day) since February 2024, and [Microsoft began rejecting](https://learn.microsoft.com/en-us/defender-office-365/email-authentication-dmarc-configure) non-compliant email in May 2025\. The UK [NCSC](https://www.ncsc.gov.uk/collection/email-security-and-anti-spoofing), Australia’s [ASD](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-email), and Canada’s [CCCS](https://www.cyber.gc.ca/en/guidance/implementation-guidance-email-domain-protection) all mandate DMARC for government domains. Cyber insurers increasingly require DMARC enforcement as an underwriting condition.
Generally, such fake QR codes are used within email attachments or embedded directly in email content. Use of QR codes is eventually gaining popularity because they successfully mask [phishing links](https://www.computerweekly.com/news/366605874/Phishing-links-becoming-bigger-threat-than-email-attachments), do not give rise to suspicion, and also encourage users to scan the codes using their smartphones. Most of the time, \*\*smartphones tend to be less protected than PCs.
When a victim scans a malicious QR code, they can be redirected to:
- False HR notifications urging the victim to sign or evaluate any document
- Phishing forms that look like the login pages for internal corporate portals or Microsoft accounts
- Purchase confirmations or fake invoices in the form of malicious attachments (often combined with sophisticated [vishing techniques](https://www.infosecurity-magazine.com/news/phishing-attack-combines-vishing/))
QR code phishing aims to penetrate deep into everyday business communications to carry out financial fraud, account hijacking, [credential theft](https://thehackernews.com/2025/08/researchers-uncover-ecscape-flaw-in.html), [data breaches](https://www.nbcnews.com/tech/security/alleged-hacker-largest-breach-us-childrens-data-agrees-plead-guilty-rcna207963), and so on. To safeguard data from such [threat campaigns](https://www.techrepublic.com/article/news-openai-ai-threat-report/), one can use renowned, reliable [mail server](https://www.cloudflare.com/learning/email-security/what-is-a-mail-server/) solutions. Also, being extra careful with email communications and avoiding any email that seems suspicious can help \*\*safeguard business communications in the long run.
[DMARC](https://dmarcreport.com/), [SPF](https://autospf.com/blog/spf-guide-understanding-sender-policy-framework/), and [DKIM](https://dmarcreport.com/what-is-dkim/) continue to play a critical role in modern cybersecurity by helping organizations**prevent email spoofing**, reduce phishing attacks, and strengthen trust in digital communications worldwide.
## Operation Sentinel cracks down on African cybercriminal groups!
Operation Sentinel is a major cybercrime [law enforcement](https://www.rasmussen.edu/degrees/justice-studies/blog/what-is-law-enforcement/) operation involving **multiple nations**. The cyber operation was led by Interpol.
This one-of-a-kind cyber crackdown took place across 19 nations and resulted in to arrest of 574 suspects. The team also seized equipment and devices worth[$3 million.](https://www.darkreading.com/threat-intelligence/operation-sentinel-african-cybercrime-syndicates) Over [6000](https://www.esecurityplanet.com/threats/500-cybercrime-arrests-in-interpols-operation-sentinel/) [malicious links](https://www.scworld.com/news/new-usps-text-scam-uses-unique-method-to-hide-malicious-pdf-links) have been taken down. A thorough investigation was conducted to decrypt six ransomware variants.
Operation Sentinel is the answer to the “[sharp rise](https://www.interpol.int/News-and-Events/News/2025/New-INTERPOL-report-warns-of-sharp-rise-in-cybercrime-in-Africa)” in cyber mishaps across Africa. Jalel Chelba, the acting executive director of Afripol, believes that cybersecurity is integral for maintaining peace, stability, and sustainable development in Africa. Operation Sentinel spanned from October 27 to November 27, 2025\. It followed the African Joint Operation against Cybercrime (AFJOC) framework. _Nations such as Nigeria, Ghana, Kenya, South Africa, Senegal, and Benin joined forces to disrupt cybercriminal infrastructure._ This initiative was supported by the **United Kingdom’s Foreign**, Commonwealth and Development Office. Their core focus was on three major cybercrime categories: [ransomware attacks](https://www.cybersecuritydive.com/news/nevada-ransomware-attack-traced-back-to-malware-download-by-employee/805011/), [BEC schemes](https://www.cybersecuritydive.com/news/fbi-internet-crime-bec-scams-investment-fraud-losses/746181/), and digital extortion campaigns.
The cases investigated have incurred losses worth [$21 million](https://www.esecurityplanet.com/threats/500-cybercrime-arrests-in-interpols-operation-sentinel/). Experts believe that strategic risk reduction is possible through enforcing [DMARC and MFA](https://dmarcreport.com/blog/how-can-mfa-and-dmarc-secure-your-online-presence/). Running BEC and ransomware response exercises on a regular interval can also be a smart move.
## A Ghanaian bank suffered a major ransomware attack!
A Ghanaian financial institution has suffered a major ransomware attack, leading to a theft worth [USD 120,000.](https://www.ghanaweb.com/GhanaHomePage/business/Ransomware-attack-on-Ghanaian-bank-led-to-US-120-000-theft-INTERPOL-2015389) This cyber incident is a staggering reminder of the increasing vulnerability of financial institutions to threat actors across Africa. This Ghana bank incident came to the forefront while \*\*19 countries together were carrying out Operation Sentinel.
According to Interpol , data totaling \*\*100 terabytes has been encrypted. The cyber incident has disrupted major operations and limited access to crucial systems.
The Ghanaian authority was later able to recover \*\*30 terabytes worth of data by leveraging advanced malware analysis.
Neal Jatton, the Director of Cybercrime, has urged businesses and enterprises to stay vigilant and take **preventive measures**, as threat actors are more likely to target sectors that hold large amounts of financial assets and [sensitive data](https://www.aljazeera.com/news/2025/6/6/us-supreme-court-grants-doge-access-to-sensitive-social-security-data). [Cybersecurity](https://dmarcreport.com/blog/ai-powered-phishing-2025-how-intelligent-attacks-outsmart-cybersecurity-defenses/) experts believe that lately, [cybercriminals](https://incyber.org/en/article/united-states-amounts-stolen-by-cybercriminals-up-33/) have been working hard to make their attacks look more sophisticated. Embracing [digital banking](https://sdk.finance/blog/what-is-digital-banking/) haphazardly, without any structure or planning, minimal incident response capacity, and outdated security infrastructure , makes these institutions a lucrative target for [threat actors](https://www.teiss.co.uk/news/threat-actor-claims-sale-of-mercedes-benz-usa-legal-and-customer-data-after-alleged-183-gb-breach-16791).
\_The Ghana incident is a crucial reminder for banks that modern threat campaigns are designed to attack regulatory compliance and liquidity, and to shake the faith of the common man. \_**Monitoring money trails**, identifying anomalies, and ensuring the accuracy of financial record management are no longer luxuries. Rather, they are [non-negotiable](https://www.investopedia.com/terms/n/nonnegotiable.asp) components of a foolproof cybersafety mechanism.
## Sources
- [CISA Binding Operational Directive 18-01](https://www.cisa.gov/news-events/directives/bod-18-01)
- [Microsoft Outlook DMARC Enforcement May 2025](https://learn.microsoft.com/en-us/defender-office-365/email-authentication-dmarc-configure) (2025)
- [PCI DSS v4.0 - DMARC Requirement](https://www.pcisecuritystandards.org/) (2025)
## Topics
[ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ News ](/tags/news/)[ SPF ](/tags/spf/)
[ Vasile Diaconu ](/authors/vasile-diaconu/)
Operations Lead
Operations Lead at DuoCircle. Runs project management, developer coordination, and technical support execution for DMARC Report.
[LinkedIn Profile →](https://www.linkedin.com/in/vasile-diaconu/)
## Take control of your DMARC reports
Turn raw XML into actionable dashboards. Start free - no credit card required.
[Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/)
## Related Articles
[ Foundational 4m Adidas Data Breach, Whatsapp Image Threat, Silent Ransom Vishing May 29, 2025 ](/blog/adidas-data-breach-whatsapp-image-threat-silent-ransom-vishing/)[ Foundational 4m Africa Fights Cybercrime, Attention Farmers Customers, Apple Prevents Threats Aug 28, 2025 ](/blog/africa-fights-cybercrime-attention-farmers-customers-apple-prevents-threats/)[ Foundational 4m AI Scam Alert, Federal Cuts Vulnerability, American Tire Cyberattack Sep 9, 2025 ](/blog/ai-scam-alert-federal-cuts-vulnerability-american-tire-cyberattack/)[ Foundational 4m Akira flaunts victims, Idaho targets orthodontist, AI granny protects Nov 22, 2024 ](/blog/akira-flaunts-victims-idaho-targets-orthodontist-ai-granny-protects/)
```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```
```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```
```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"QR Phishing Surges, Sentinel Targets Cybercrime, Ghanaian Bank Ransomware","description":"QR Phishing Surges, Sentinel Targets Cybercrime, Ghanaian Bank Ransomware from DMARC Report explains practical steps for email authentication, domain.","url":"https://dmarcreport.com/blog/qr-phishing-surges-sentinel-targets-cybercrime-ghanaian-bank-ransomware/","datePublished":"2025-12-30T09:03:59.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2025-12-30T09:03:59.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/vasile-diaconu/#person","name":"Vasile Diaconu","url":"https://dmarcreport.com/authors/vasile-diaconu/","jobTitle":"Operations Lead","description":"Vasile Diaconu is the Operations Lead at DuoCircle, the company behind DMARC Report and AutoSPF. He coordinates between engineering, product, and technical support - running project management, interfacing with developers on customer-reported issues, and making sure work that comes in through the support channel actually gets closed out. Vasile sits at the intersection of customer feedback and engineering execution, giving him a direct view of which email authentication problems customers hit most often in production.","image":"https://media.mailhop.org/dmarcreport/images/team/vasile-diaconu.jpg","knowsAbout":["SaaS Operations","Technical Support Coordination","Customer Issue Resolution","Engineering Program Management","Deployment Operations"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/vasile-diaconu/"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/qr-phishing-surges-sentinel-targets-cybercrime-ghanaian-bank-ransomware/"},"articleSection":"foundational","keywords":"dkim, DMARC, News, SPF","wordCount":1161,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"QR Phishing Surges, Sentinel Targets Cybercrime, Ghanaian Bank Ransomware","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}]
```
```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"QR Phishing Surges, Sentinel Targets Cybercrime, Ghanaian Bank Ransomware","item":"https://dmarcreport.com/blog/qr-phishing-surges-sentinel-targets-cybercrime-ghanaian-bank-ransomware/"}]}
```