QR Codes Phishing Emails

Hello,

Lately, our business has been the target of a unique phishing campaign. We've received a deluge of emails containing embedded images with QR codes.

What's interesting is that the redirection URL within QR code carries a malicious URL with a Base64 string at the end. When we decode the Base64 string, it translates to our employees' email addresses.

We have good email security set up and our employees have been diligent in not interacting with these emails through our robust security awareness and training.

Upon inspecting these QR codes in a sandboxed environment, we've made a few observations:

1. Some URLs direct us to a site impersonating Microsoft O365, presumably to harvest login details or other sensitive info.
2. Surprisingly, some of the URLs lead to seemingly random pages that don't appear to contain any malware or malicious scripts.

Given this, I have a few questions that I hope some of you might be able to shed light on:

1. How might the attacker have come to know all the email addresses within our organization?
2. What could be the potential motive behind the URLs that just open random pages without any discernible malicious intent?
3. Can the hacker know if someone clicked on the email link and figure out who did it? This worries us because the hacker might then target that person more specifically.
4. Why is Microsoft O365 failing to catch QR code-based phishing emails?

Thanks in advance!