Check Point researchers last year saw a 587% increase between August and September of phishing attacks enticing unsuspecting targets to click on QR codes that then redirect them to malicious pages used for harvesting credentials.
The cybersecurity firm's report was one of several last year that talked about a rapid rise in such QR code-focused phishing - or quishing - campaigns.
The nonprofit National Cybersecurity Center in January 2023 warned that QR scams were growing as the popularity of QR codes expanded over the past few years.
The organization noted that attackers are using everything from parking meters to cyptocurrency wallets to romance scams to convince people to click on malicious QR codes.
Hoxhunt and SlashNext also wrote about the rise in the number of attacks and variations of the malicious uses of QR codes.
Fueling the growing use of QR codes - and thus scams using them - include the continued rise in the use to mobile devices, the widespread use by businesses of QR codes during the pandemic, and how easy it is to use the codes.
In response to the sharp rise in quishing attacks last year, cybersecurity vendors pushed out new tools for organizations and individuals to protect themselves.
Scammers in turn are adapting their attacks to get around such protections and increase the likelihood that more people will click on their QR codes.
Over a two-week period this month, Check Point 20,000 attacks that use an slightly different method, Fuchs wrote.
Like the attacks detected last year, the goal was to use lures in emails to get users to scan the attacker's QR code, which would then redirect the user to a page used to harvest the victim's credentials.
According to the research by Harmony Email and Collaboration, a unit within Check Point, scammers are running business email compromise campaigns and social engineering techniques in emails sent to targets.
It starts like most quishing attacks, sending an email to potential victims asking them to look at an annual 401K contribution statement by scanning the QR code, promising it will give the victim their account balance for the year.
The link in the emails are the same, but the QR code has a conditional destination point that is based on characteristics of the technology the victim is using, including browser, device, screen size, and software.
Based the information, the QR code will direct the user to particular pages.
The domain will automatically check to see if the user's device is using a browser or scanning engine and accordingly will redirect to a particular page.
One embeds the QR code in a PDF attached to the email and will lead the victim to a fake Microsoft login page.
Redirection in quishing campaigns - as well as other kinds of attacks - isn't new, but with the conditional redirection, the hackers can grow their chances of succeeding because default layers of security typically will look at a redirection and let it go if it's clean.
The key is having a cybersecurity solution that looks at multiple layers, he wrote.
An email security solution can block an attack by detecting suspicious behavior like the email coming from a first-time send and analyzing the text.
Browser security tools will inspect the website and block it if necessary, mobile security will block the attack if the QR code is scanned, and anti-malware software will emulate the file to determine what will happen.
This Cyber News was published on securityboulevard.com. Publication date: Fri, 26 Jan 2024 15:13:06 +0000