QR Code phishing scams - What they are and how to avoid them.
Originally invented to keep track of car parts in the early 90s, QR codes have been around for decades.
Quishing, or QR Code phishing, exploits smartphone users scanning the 2D barcode, which leads to a phishing site, malicious link, or another cyber attack.
QR codes work precisely as malicious links; a victim who scans the QR code - typically using their smartphone - will be directed towards a malicious site.
The opposite is true with QR codes: there is typically no user-accessible way to check the destination before scanning.
Hiding URLs from users - QR codes provide criminals with a very effective mechanism for hiding suspicious URLs, making this an ideal way to bypass growing user skepticism concerning clicking questionable and shortened URLs.
Circumventing corporate controls - If users receive a QR-based phishing email on their work computer, they will likely scan the code using their phone.
Hiding URLs from security tools - Unlike Netcraft's advanced detection services, many security tools and systems cannot scan images, relying on text-based analysis to detect malicious links within emails, which means they can't see the links hidden in QR codes so that QR-based phishing emails can slip through.
In the following example, a QR code is included in an email purporting to be from Microsoft.
Figure 1 A phishing email targeting Microsoft includes a QR code that directs the victim to a malicious website.
It's worth noting that the criminal's deception includes a reference to 2FA. Setting up 2FA' is associated with improving online security and is often legitimately completed using QR codes.
The QR code directs the user to a phishing site that tricks the victim into entering their Microsoft login and password.
Figure 2 Phishing site designed to capture victims' Microsoft Account credentials.
The image within the email includes the QR code and text instructions.
On scanning the code, the victim is directed to another phishing site that attempts to steal Microsoft credentials.
Figure 3 A phishing email targeting DocuSign, which includes a QR code that directs the victim to a malicious website.
We'll analyze the email, extract the URL, and if it contains a link to a phishing site, we'll take that website down so it can't be used to trick other users.
Customers of Netcraft are automatically protected against QR code-based phishing attacks through our best-in-class threat detection.
Connect with the Netcraft team today to start protecting your team from quishing attacks and various other forms of phishing.
Book your demo here, or find out more by visiting our Guide to preventing phishing and other cyber attacks.
This Cyber News was published on www.netcraft.com. Publication date: Tue, 19 Dec 2023 12:13:04 +0000