QR Phishing Surges, Sentinel Targets Cybercrime, Ghanaian Bank Ransomware
Domain spoofing is trivially easy without DMARC enforcement, says Brad Slavin, CEO of DuoCircle. Anyone can send email that looks like it comes from your domain. DMARC with p=reject is the only way to tell receiving servers to block unauthorized senders completely.
_According to the FBI’s 2022 Internet Crime Report (IC3), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report
QR Phishing Surges, Sentinel Targets Cybercrime, Ghanaian Bank Ransomware
<button title="Play" aria-label="Play Episode" aria-pressed="false" class="play-btn">
Play Episode
</button>
<button title="Pause" aria-label="Pause Episode" aria-pressed="false" class="pause-btn hide">
Pause Episode
</button>
<audio preload="none" class="clip clip-36317">
<source src="/images/wp/2025/12/QR-Phishing-Surges-Sentinel-Targets-Cybercrime-Ghanaian-Bank-Ransomware.mp3">
</audio>
<button class="player-btn player-btn__volume" title="Mute/Unmute">
Mute/Unmute Episode
</button>
<button data-skip="-10" class="player-btn player-btn__rwd" title="Rewind 10 seconds">
Rewind 10 Seconds
</button>
<button data-speed="1" class="player-btn player-btn__speed" title="Playback Speed" aria-label="Playback Speed">1x</button>
<button data-skip="30" class="player-btn player-btn__fwd" title="Fast Forward 30 seconds">
Fast Forward 30 seconds
</button>
<time class="ssp-timer">00:00</time>
/
<!-- We need actual duration here from the server -->
<time class="ssp-duration" datetime="PT0H2M13S">2:13</time>
<nav class="player-panels-nav">
<button class="subscribe-btn" id="subscribe-btn-36317" title="Subscribe">Subscribe</button>
<button class="share-btn" id="share-btn-36317" title="Share">Share</button>
</nav>
RSS Feed
<input value="https://dmarcreport.com/feed/podcast/dmarc-report" class="input-rss input-rss-36317" title="RSS Feed URL" readonly />
<button class="copy-rss copy-rss-36317" title="Copy RSS Feed URL" aria-label="Copy RSS Feed URL"></button>
Share
<a href="https://www.facebook.com/sharer/sharer.php?u=https://dmarcreport.com/blog/podcast/qr-phishing-surges-sentinel-targets-cybercrime-ghanaian-bank-ransomware/&t=QR Phishing Surges, Sentinel Targets Cybercrime, Ghanaian Bank Ransomware" target="blank" rel="noopener noreferrer" class="share-icon facebook" title="Share on Facebook">
</a>
<a href="https://twitter.com/intent/tweet?text=https://dmarcreport.com/blog/podcast/qr-phishing-surges-sentinel-targets-cybercrime-ghanaian-bank-ransomware/&url=QR Phishing Surges, Sentinel Targets Cybercrime, Ghanaian Bank Ransomware" target="blank" rel="noopener noreferrer" class="share-icon twitter" title="Share on Twitter">
</a>
<a href="/images/wp/2025/12/QR-Phishing-Surges-Sentinel-Targets-Cybercrime-Ghanaian-Bank-Ransomware.mp3" target="blank" rel="noopener noreferrer" class="share-icon download" title="Download" download>
</a>
Link
<input value="https://dmarcreport.com/blog/podcast/qr-phishing-surges-sentinel-targets-cybercrime-ghanaian-bank-ransomware/" class="input-link input-link-36317" title="Episode URL" readonly />
<button class="copy-link copy-link-36317" title="Copy Episode URL" aria-label="Copy Episode URL" readonly=""></button>
Embed
<input type="text" value='<blockquote class="wp-embedded-content" data-secret="dP6s5kdjeb"><a href="https://dmarcreport.com/blog/podcast/qr-phishing-surges-sentinel-targets-cybercrime-ghanaian-bank-ransomware/">QR Phishing Surges, Sentinel Targets Cybercrime, Ghanaian Bank Ransomware</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://dmarcreport.com/blog/podcast/qr-phishing-surges-sentinel-targets-cybercrime-ghanaian-bank-ransomware/embed/#?secret=dP6s5kdjeb" width="500" height="350" title=""QR Phishing Surges, Sentinel Targets Cybercrime, Ghanaian Bank Ransomware" — DMARC Report" data-secret="dP6s5kdjeb" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script>/*! This file is auto-generated / !function(d,l){“use strict”;l.querySelector&&d.addEventListener&&“undefined”!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll(‘iframe[data-secret=”‘+t.secret+’”]’),o=l.querySelectorAll(‘blockquote[data-secret=”‘+t.secret+’”]’),c=new RegExp(“^https?:$”,“i”),i=0;i<o.length;i++)o[i].style.display=“none”;for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(“style”),“height”===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):“link”===t.message&&(r=new URL(s.getAttribute(“src”)),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(“message”,d.wp.receiveEmbedMessage,!1),l.addEventListener(“DOMContentLoaded”,function(){for(var e,t,s=l.querySelectorAll(“iframe.wp-embedded-content”),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(“data-secret”))||(t=Math.random().toString(36).substring(2,12),e.src+=”#?secret=“+t,e.setAttribute(“data-secret”,t)),e.contentWindow.postMessage({message:“ready”,secret:t},"")},!1)))}(window,document); //# sourceURL=https://dmarcreport.com/wp-includes/js/wp-embed.min.js ’ title=“Embed Code” class=“input-embed input-embed-36317” readonly/>
<button class="copy-embed copy-embed-36317" title="Copy Embed Code" aria-label="Copy Embed Code"></button>
Cyber incidents this week focused on QR code phishing scams, neutralizing African cybercrime groups, and a major ransomware attack on a Ghanaian bank. While Kaspersky discovered an upsurge in QR code phishing, Operation Sentinel disrupted major cybercrime groups.
Meanwhile, the Ghanaian bank suffered a major ransomware attack as cybercrooks managed to wipe away USD 120,000.
Kaspersky found a 5x boost in QR code phishing scams!
A group of researchers at Kaspersky has found a massive 5x spike in QR code phishing in the second half of 2025. While the number of QR phishing attempts in August 2025 was 46,969, the number jumped to a whopping **249,723 by November. These malicious QR codes are mostly used in emails as they make it extremely easy and feasible for threat actors to hide fake URLs and go undetected by security solutions.
As of 2025, DMARC is mandatory under multiple compliance frameworks. CISA BOD 18-01 requires p=reject for US federal domains. PCI DSS v4.0 mandates DMARC for organizations processing payment card data as of March 2025. Google and Yahoo require DMARC for bulk senders (5,000+ messages/day) since February 2024, and Microsoft began rejecting non-compliant email in May 2025. The UK NCSC, Australia’s ASD, and Canada’s CCCS all mandate DMARC for government domains. Cyber insurers increasingly require DMARC enforcement as an underwriting condition.
Generally, such fake QR codes are used within email attachments or embedded directly in email content. Use of QR codes is eventually gaining popularity because they successfully mask phishing links, do not give rise to suspicion, and also encourage users to scan the codes using their smartphones. Most of the time, **smartphones tend to be less protected than PCs.
When a victim scans a malicious QR code, they can be redirected to:
-
False HR notifications urging the victim to sign or evaluate any document
-
Phishing forms that look like the login pages for internal corporate portals or Microsoft accounts
-
Purchase confirmations or fake invoices in the form of malicious attachments (often combined with sophisticated vishing techniques)
QR code phishing aims to penetrate deep into everyday business communications to carry out financial fraud, account hijacking, credential theft, data breaches, and so on. To safeguard data from such threat campaigns, one can use renowned, reliable mail server solutions. Also, being extra careful with email communications and avoiding any email that seems suspicious can help **safeguard business communications in the long run.
DMARC, SPF, and DKIM continue to play a critical role in modern cybersecurity by helping organizationsprevent email spoofing, reduce phishing attacks, and strengthen trust in digital communications worldwide.
Operation Sentinel cracks down on African cybercriminal groups!
Operation Sentinel is a major cybercrime law enforcement operation involving multiple nations. The cyber operation was led by Interpol.
This one-of-a-kind cyber crackdown took place across 19 nations and resulted in to arrest of 574 suspects. The team also seized equipment and devices worth$3 million. Over 6000 malicious links have been taken down. A thorough investigation was conducted to decrypt six ransomware variants.
Operation Sentinel is the answer to the “sharp rise” in cyber mishaps across Africa. Jalel Chelba, the acting executive director of Afripol, believes that cybersecurity is integral for maintaining peace, stability, and sustainable development in Africa. Operation Sentinel spanned from October 27 to November 27, 2025. It followed the African Joint Operation against Cybercrime (AFJOC) framework. Nations such as Nigeria, Ghana, Kenya, South Africa, Senegal, and Benin joined forces to disrupt cybercriminal infrastructure. This initiative was supported by the United Kingdom’s Foreign, Commonwealth and Development Office. Their core focus was on three major cybercrime categories: ransomware attacks, BEC schemes, and digital extortion campaigns.
The cases investigated have incurred losses worth $21 million. Experts believe that strategic risk reduction is possible through enforcing DMARC and MFA. Running BEC and ransomware response exercises on a regular interval can also be a smart move.
A Ghanaian bank suffered a major ransomware attack!
A Ghanaian financial institution has suffered a major ransomware attack, leading to a theft worth USD 120,000. This cyber incident is a staggering reminder of the increasing vulnerability of financial institutions to threat actors across Africa. This Ghana bank incident came to the forefront while **19 countries together were carrying out Operation Sentinel.
According to Interpol , data totaling **100 terabytes has been encrypted. The cyber incident has disrupted major operations and limited access to crucial systems.
The Ghanaian authority was later able to recover **30 terabytes worth of data by leveraging advanced malware analysis.
Neal Jatton, the Director of Cybercrime, has urged businesses and enterprises to stay vigilant and take preventive measures, as threat actors are more likely to target sectors that hold large amounts of financial assets and sensitive data. Cybersecurity experts believe that lately, cybercriminals have been working hard to make their attacks look more sophisticated. Embracing digital banking haphazardly, without any structure or planning, minimal incident response capacity, and outdated security infrastructure , makes these institutions a lucrative target for threat actors.
_The Ghana incident is a crucial reminder for banks that modern threat campaigns are designed to attack regulatory compliance and liquidity, and to shake the faith of the common man. _Monitoring money trails, identifying anomalies, and ensuring the accuracy of financial record management are no longer luxuries. Rather, they are non-negotiable components of a foolproof cybersafety mechanism.
Sources
Operations Lead
Operations Lead at DuoCircle. Runs project management, developer coordination, and technical support execution for DMARC Report.
LinkedIn Profile →Take control of your DMARC reports
Turn raw XML into actionable dashboards. Start free — no credit card required.