Warning of QR code phishing attacks surging globally

Researchers have recorded thousands of QR code-related attacks each month. This report aims to provide users with insights into the rise of Quishing attacks (the word “Quishing” in English is a combination of the words “QR code” and “phishing”), the risks associated with exploiting QR codes, and important precautions to protect against this growing cybersecurity threat.

QR (Quick Response) codes are essentially two-dimensional barcodes, with approximately 100 times the data storage capacity of conventional barcodes. Combined with the widespread use of smartphones, QR codes provide an affordable method of data transmission that can be attached to any surface.

A quishing attack usually starts with sending an email with a QR code, which, after scanning, redirects the user to a fraudulent website. For example, a victim may receive a notification after paying for an online purchase. The hacker convinces the victim that the transaction was unsuccessful and that they need to re-enter their bank card information. If the customer is not suspicious, they will fill out the form and provide confidential information to the hacker.

QR codes are now a common and popular tool in the daily lives of people in many countries around the world. In the UK and Europe, about 86.66% of smartphone users have scanned at least one QR code in their lifetime, and 36.40% have scanned a code at least once a week.

QR codes are easily exploited, and hijacked codes can quickly redirect users to malicious websites. Researchers from US security firm SlashNext note that attackers often use two prominent attack methods to exploit QR codes: Quishing and QRLJacking, with Quishing attacks on the rise.

Quishing is a type of phishing attack. Unsuspecting users are tricked into visiting malicious websites or downloading malware after scanning a QR code. There are a number of reasons why quishing attacks are on the rise, such as their popularity, with millions of people using them to make payments and access information, making them an attractive target for threat actors.

Furthermore, QR codes can be exploited to hide malicious links, which can lead users to any website the attacker wants without alerting them to suspicious activity.

Security firm Check Point has noticed that attackers are recently redirecting users to websites that collect authentication information via QR codes, using social engineering to target users with emails that include QR codes.

Security experts explain that signs that an email may be fake include the sender being pushy, claiming that the situation is urgent and the QR code needs to be scanned immediately; the victim is asked to set up two-factor authentication or enable any other computer/browser function.

The lure used in the email is that Microsoft's multi-factor authentication is about to expire and the user needs to re-authenticate. It is worth noting that the email content is said to be sent by Microsoft but the sender address is different.

To combat Quishing, users must add Optical Character Recognition (OCR) to their security solutions to detect malicious QR codes. OCR can help users translate the code into a website address (Uniform Resource Locator: URL), and users can then run the URL through a URL analyzer. However, users should be wary as soon as they find a QR code in an email.

Quishing attacks are becoming a major threat so it is essential that users remain vigilant. To protect themselves, users should never scan QR codes without checking the origin of the sender and avoid scanning codes provided with emails unless the sender has been verified.

Another important measure is to raise awareness of the risks, both for customers and employees. QR codes require a quick response, especially in cases where individuals are not aware that they are being threatened and are not prepared to defend themselves, damage is inevitable.