As technology evolves, so do the tactics employed by cybercriminals. Recently, Salus has observed a surge in popularity of a new form of phishing called ‘Quishing’. Unlike traditional phishing attempts that rely on malicious links or attachments, Quishing targets victims by enticing them to scan QR codes embedded in emails. This article sheds light on this emerging threat and provides essential tips to safeguard yourself from falling victim to QR code phishing.
Quishing, a term derived from "QR" and "phishing," refers to a deceptive technique where cybercriminals manipulate users into scanning QR codes to gain unauthorised access to sensitive information. Unlike conventional phishing methods, which often rely on links or attachments, Quishing exploits the trust and accessibility associated with QR codes, making it harder for security measures to detect the threat.
QR code phishing has gained traction due to its ability to bypass security checks and spam filters. By avoiding link rewriting, which allows security providers to verify the destination before redirecting users, cybercriminals can trick victims into scanning malicious QR codes without raising suspicion. Additionally, the urgency factor commonly used in other phishing methods is also employed to create a sense of haste and pressure victims into taking immediate action.
Treat unsolicited emails with caution, especially those from unknown senders. Avoid scanning any QR codes contained within such emails, as they may lead to malicious websites or trigger unauthorised actions.
Only scan QR codes in emails if they are from a trusted sender and you are expecting the email. If you receive a spontaneous email or an email from an unfamiliar source, refrain from scanning any QR codes it contains.
Before scanning a QR code, examine the email content for any suspicious URLs or misspellings. Hover over links (without clicking) to view the actual destination. If anything seems suspicious, refrain from scanning the QR code.
Enable MFA wherever possible, as it adds an extra layer of security to your accounts. Even if a cybercriminal manages to obtain your credentials through QR code phishing, MFA can help prevent unauthorised access, and buy valuable time for administrators to recover from the event.
Keep yourself informed about the latest phishing techniques, including QR code phishing. Regularly update your knowledge on cybersecurity best practices and share this information with colleagues, friends, and family to help them stay protected as well.
Install reputable antivirus and anti-malware software on your devices. These tools can help detect and block phishing attempts, including those involving QR codes.
As cybercriminals continue to innovate their tactics, it is crucial to remain vigilant and adapt our security practices accordingly. QR code phishing, or Quishing, represents a new threat that targets unsuspecting individuals through deceptive emails. By following the tips outlined in this article and performing the occasional controlled phishing engagement in your own company, you can protect yourself from falling victim to QR code phishing and safeguard your personal and sensitive information from unauthorised access.
At our core, we believe in the power of personalised guidance. Whether you have questions or feedback, we're here to listen and support you every step of the way. Reach out via the form and we will be in touch as soon as possible.