In the ever-evolving landscape of cybercrime, threat actors are constantly discovering new methods, and using them to target organisations. One such emerging threat is known as ‘quishing’ or QR code phishing. Quishing attacks usually occur via the scanning of a QR code. This technique involves tricking organisations' users into scanning a QR code using a mobile phone. The QR code then redirects the user to a phishing or fake website that aims to steal their credentials.
In the past, attackers used various types of URLs and attachments to deliver phishing emails. But, due to advanced email gateway security controls, bypassing the email gateway is not an easy task.
One of the main reasons why threat actors choose the QR code is because it is the simplest way to force a user to move from a desktop or laptop to a mobile device, which usually do not have any anti-phishing protections. Additionally, they have multiple advantages over a phishing link embedded directly in an email.
Another reason is these phishing emails are easily getting through the email security gateways because, currently, the email gateway sandbox is not capable of scanning the QR code and providing the verdict on whether it is phishing or not. Due to a lack of inspection from email security gateways, attackers are taking advantage and, more commonly, targeting users with QR code phishing techniques.
The attack begins with an email that claims the recipient must take action to update/view their organisational account settings. These emails carry PNG, JPEG, GIF, or attachments containing a QR code. The recipient is prompted to scan to verify their account. These emails also show an urgency to act within 2-3 days in the email subject, such as ‘Urgent’, ‘Important’, ‘2FA’ and more, and tricking the user by sending emails related to ‘salaries’, ‘increment’ and ‘appraisals’ etc.
© Technews Publishing (Pty) Ltd. | All Rights Reserved.