Quishing is the QR code scam you need to watch out for
Date:
Sun, 10 Nov 2024 22:00:00 +0000
Description:
QR code phishing is getting increasingly sophisticated
FULL STORY ======================================================================Banks and regulators have warned of the growing risk of quishing A type of phishing that uses fraudulent QR codes to steal information These malicious links
arent easily recognized by users or email scanners
Its not just suspicious links you need to watch out for in your email inbox: QR code phishing or quishing" is becoming an increasingly common threat, with fraudulent codes designed to slip through security systems and fool you into surrendering your financial information.
A number of UK banks, together with the UK National Cyber Security Centre and US Federal Trade Commission, have recently warned of the dangers of these increasingly sophisticated quishing scams.
In a quishing attack, a QR code is usually sent as an attachment to an email. The email will appear to be from a legitimate source, such as a lender. When you scan the code, it will direct you to a malicious link. This will usually ask you to submit personal details, but it could also attempt to install malware or even capture an MFA token to bypass your login credentials.
Whats more, quishing attacks have now spread into the real world. Earlier
this year, the RAC warned motorists of fraudulent QR codes being stuck to parking machines. When scanned, these would link users to a website that aims to steal the details and payment information of someone who believes theyre paying for parking.
These attacks have increased since the pandemic, when the use of QR codes ballooned. As a hands-free way to access everything from menus to medical forms, QR codes became a familiar and apparently trustworthy way to access information and services. Gone quishing
Like a classic phishing scam, quishing aims to fool you into believing that youve been sent the link from a legitimate source. The email will usually appear to be from a bank or email provider, asking you to confirm your
details to secure your account. The scam will use a fake website that mimics the real thing to fool you into believing its legitimate.
Because the content of a QR code isnt immediately visible from looking at the code alone, its difficult to check if one is legitimate. Whats more, these codes often slip past cyber security tools, which arent easily able to verify whether an attached code is genuine.
Scammers also find increasingly advanced ways to hide their scams from security tools. In addition to hijacking legitimate email accounts, some QR code scams use genuine personal information harvested from sites such as LinkedIn to personalize emails to appear relevant to an individual. Domain redirection is often used to bounce users through several URLs, which
prevents email scanners from detecting the true malicious link behind the QR code.
A similar version of the scam, featured in a report from Perception Point , sends users to me-QR.com, a legitimate website for making QR codes. Once there, the service scans a second QR code, which leads to a malicious landing page hosted on SharePoint, Microsofts web-based collaboration platform.
Weve written in depth about the evolution of phishing attacks and how to stay safe from quishing attacks . In May, McAfee the security software company ran a survey that found more than 20% of online scams in the UK probably involved QR codes. With lenders and regulators now raising concerns, quishing is definitely the next big thing in online scams. You might also like QR Code phishing is advancing to a new level The evolution of phishing: vishing & quishing How to stay safe from cybercriminal "quishing" attacks
======================================================================
Link to news story:
https://www.techradar.com/computing/cybercrime/quishing-is-the-qr-code-scam-yo u-need-to-watch-out-for
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)