Check Point's Harmony Email team has reported a dramatic escalation in QR code phishing attacks (aka quishing), with a 587% spike recorded from August to September 2023. This surge reflects a troubling trend as threat actors increasingly employ the attack tactic to compromise user credentials.
What’s happening?
- The attacks, predominantly quishing and QRLJacking, involve QR codes that redirect victims to sites designed for stealing login information.
- Attackers are crafting emails with QR codes that falsely inform users of expiring Microsoft multi-factor authentication, necessitating re-authentication.
- However, the inconsistency between the email's body, which mimics Microsoft's security alert, and the different sender's address is a deliberate mismatch planted by attackers to mislead victims.
This social engineering tactic takes advantage of the trust in QR codes and the routine nature of security updates.
Rise in QR code usage and its abuse
- In the U.K and Europe, nearly 87% of smartphone users have interacted with a QR code, and over a third do so weekly, making QR codes a ripe vector for exploitation.
- Check Point’s analysis indicates that attackers are not only crafting more QR code-related attacks but are also refining their methods to enhance their deceit.
The bottom line
The prevalence of quishing is a testament to the ever-evolving nature of cyber threats. Vigilance becomes paramount when encountering a QR code within an email. Users should scrutinize the source of the email before scanning. Deploying Optical Character Recognition (OCR) technology is essential in unmasking these malicious codes. Moreover, a layered security approach is crucial for a more nuanced understanding of an email’s intent, thus, safeguarding against quishing.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/5bbe_shutterstock_490192042.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/a9a9_shutterstock_1691146054.jpg)
