HQ/EMEAFind out how we can help your business
In a recent revelation, a research team detected a significant increase in QR code phishing attacks, commonly called “quishing.” Between August and September 2023, such attacks increased by 587%. This alarming uptick indicates a growing trend among threat actors employing this tactic to compromise user credentials.
These attacks primarily involve “quishing” and “QRLJacking,” leveraging QR codes to redirect victims to websites that could execute malicious capabilities, such as stealing login information. One strategy that employs this campaign is that the attackers commonly develop deceptive emails that include QR codes, falsely claiming that users must re-authenticate due to an expiring Microsoft multi-factor authentication.
However, the attackers deliberately create a mismatch between the email’s content, which mirrors a Microsoft security alert, and the sender’s address, aiming to deceive unsuspecting victims. This social engineering tactic bets on people’s trust in QR codes and the mandatory routine of security updates.
The QR code phishing attacks have become a widespread threat in Europe, especially in the United Kingdom.
In the UK and Europe, QR code usage is rising; hence, QR code phishing campaigns have also exploded and infected numerous users. Currently, nearly 87% of smartphone users interact with QR codes and over a third do so weekly.
This widespread use makes QR codes an attractive entity for exploitation by cybercriminals. In addition, an analysis reveals that attackers are increasing their use of QR code-related attacks and refining their techniques to make them more deceptive.
The propagation of quishing indicates that cyber threats continue to evolve alongside the improvement of technology. Therefore, users should be vigilant when encountering a QR code in an email.
Users should always be critical of the email source before scanning the QR code. Deploying Optical Character Recognition (OCR) technology can aid a user in identifying malicious codes. Adopting a layered security approach is also essential to gain more understanding of an email’s intent and protect against quishing.
The significant surge in QR code phishing attacks implies that cyber threats are continually evolving, and users must remain knowledgeable and take proactive steps to protect themselves in an increasingly threatening digital landscape.
