Understanding Quishing:

Ok today I would like to talk around a new Emerging threat Called Quishing.? Yep, put that one in the memory bank.? In today’s digital age, cyber threats are evolving rapidly, and one of the latest tactics employed by cybercriminals is quishing. Quishing, a portmanteau of “QR code” and “phishing,” involves using QR codes to deceive individuals into visiting malicious websites or downloading harmful content. I come from the stark awareness that we are utilising QR codes everywhere now.?

I recently attended a London telecoms convention and found myself being asked to scan multiple codes to gain access to parts of the events and information to take home.? Ok this would never be malicious in a controlled environment but it only takes on bad actor and you still might be scammed.

So it got me thinking where else do we access information and to an end make a payment.? Often to what we think is a legitimate pay platform.? This blog post aims to shed light on this emerging threat, provide real-life examples, and offer tips on how to protect yourself and your organisation.

So, what is Quishing?

Quishing is a type of phishing attack where attackers create QR codes that redirect victims to malicious websites or prompt them to download malware. These QR codes can be embedded in emails, social media posts, printed flyers, or even physical objects. The goal is to trick users into divulging sensitive information such as passwords, financial data, or personal details.

How Does Quishing Work?

In a typical quishing attack, the attacker generates a QR code linked to a malicious website. The QR code is then distributed through various channels, often accompanied by social engineering tactics to entice the victim. For example, an email might claim that the recipient has won a prize and needs to scan the QR code to claim it. Once scanned, the QR code directs the user to a fake website designed to steal their information.

Real-Life Examples of Quishing

1. Parking Meter Scam: Attackers physically cover legitimate QR codes on parking meters with their own malicious QR codes. When users scan the code to pay for parking, they are redirected to a fake payment site that captures their credit card information.
2. Package Delivery Scam: Victims receive a message claiming that a package could not be delivered. The message includes a QR code to reschedule the delivery. Scanning the code leads to a phishing site that asks for personal information.
3. Account Security Alert: Users receive an email warning of suspicious activity on their account. The email includes a QR code to verify their identity and secure their account. Scanning the code directs them to a fake login page where their credentials are stolen.

These are just three of them and the parking one is prevalent right now.? So how can we prevent you from being the next victim.?

How to Protect Yourself from Quishing

1. Verify the Source: Always verify the source of the QR code before scanning it. If you receive a QR code via email or message, ensure it is from a trusted sender.
2. Check the URL: Before entering any information, check the URL that the QR code directs you to. Look for signs of a secure website, such as “https:// ” and a padlock icon.
3. Use QR Code Scanners with Security Features: Some QR code scanner apps can check the safety of the URL before opening it. Use these apps to add an extra layer of security.
4. Educate and Train: Regularly educate and train employees and individuals about the risks of quishing and other phishing attacks. Awareness is a crucial defence against these threats.

Conclusion

Quishing is a growing threat in the cybersecurity landscape, leveraging the convenience and ubiquity of QR codes to execute phishing attacks. By staying informed and vigilant, you can protect yourself and your organisation from falling victim to these malicious schemes. As I mentioned the Parking Scam is here and now.? Physically check the QR before downloading anything.?? Hope this helps awareness.