QR Codes and Phishing: Quishing Attacks

B2B Cyber ​​Security ShortNews

Share post

How cybercriminals abuse QR codes for phishing. The use of technology is constantly evolving to make personal and professional lives more convenient, as evidenced by the quick response code.

For example, this two-dimensional barcode allows users to quickly and easily share website URLs and contact information or make payments. However, this technology has also opened up new opportunities for cybercriminals. QR code phishing attacks, also known as quishing, are on the rise and pose a significant threat to users and businesses alike.

QR codes for email attacks

Hackers use QR codes in email attacks to trick recipients into visiting malicious websites or downloading malware to their devices. These attacks typically involve social engineering tactics designed to exploit the trust people often place in emails from supposedly familiar senders.

For example, attackers embed QR codes in phishing emails, asking users to scan the code and visit a fake page that appears to lead to a trusted service or well-known application. Victims are typically tricked into entering their login credentials, which are then intercepted by the attacker. Fake QR codes can also lead to surveys or forms that request personal information such as name, address, or other sensitive information. Victims may be lured with alleged rewards, prizes, or even a small payment. Likewise, QR codes can connect victims to malicious websites that, when scanned, automatically download malware to the victim's device. This malware can range from spyware to ransomware and allows attackers to steal data or take control of a device.

Protection against quishing attacks

QR code attacks are difficult to detect using traditional email filtering methods. There is neither an embedded link nor a malicious attachment that can be scanned. Email filters are not designed to track a QR code to its destination and check for malicious content. Additionally, the real threat is shifted to another device that may not be protected by the company's security software.

Using AI and image recognition technology is one of the ways to detect these QR code attacks. A fake QR code is usually not the only sign of a malicious email. AI-based detection also takes into account other signals such as sender, content, image size and placement to determine malicious intent. Impersonation protection security technologies use these and other techniques to detect and block QR code attacks.

If QR code attacks are not already part of security training, companies should include the topic in their training to educate users about attackers' tactics. Users should always exercise caution when scanning QR codes transmitted via email or other means.

More at Barracuda.com


Via Barracuda Networks

Striving to make the world a safer place, Barracuda believes that every business should have access to cloud-enabled, enterprise-wide security solutions that are easy to purchase, implement and use. Barracuda protects email, networks, data and applications with innovative solutions that grow and adapt as the customer journey progresses. More than 150.000 companies worldwide trust Barracuda to help them focus on growing their business. For more information, visit www.barracuda.com.


Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more