Quishing on the rise: How to prevent QR code phishing

Quishing, also known as QR code phishing, involves tricking someone into scanning a QR code using a mobile phone.

Mon, 10 Jul 2023
admin

Quishing, also known as QR code phishing, involves tricking someone into scanning a QR code using a mobile phone. The QR code then takes the user to a fraudulent website that might download malware or ask for sensitive information.

Anecdotal evidence suggests quishing attacks have increased since the beginning of the COVID-19 pandemic when a growing number of legitimate organisations started using QR codes to enable low-contact transactions.

Some restaurants, for example, link QR codes to online menus, rather than providing diners with hard copies. Digital wallets use QR codes to facilitate contactless payments. As users have become increasingly accustomed to interacting with QR codes in daily life, quishing opportunities have increased.

How to prevent quishing attacks

As with any type of phishing, the best defense against quishing attacks is an educated user base. Enterprises should provide security awareness training that includes the following best practices:

  • Never scan a QR code from an unfamiliar source.
  • If you receive a QR code from a trusted source via email, confirm via a separate medium -- e.g., text message, voice call, etc. -- that the message is legitimate.
  • Stay alert for hallmarks of phishing campaigns, such as a sense of urgency and appeals to your emotions -- e.g., sympathy, fear, etc.
  • Review the preview of the QR code's URL before opening it to see if it appears legitimate. Make sure the website uses HTTPS rather than HTTP, doesn't have obvious misspellings and has a trusted domain. Don't click on unfamiliar or shortened links.
  • Be extremely wary if a QR code takes you to a site that asks for personal information, login credentials or payment.
  • Observe good password hygiene by changing your email password frequently and never using the same password for more than one account.

Source: TechTarget Security

Anecdotal evidence suggests quishing attacks have increased since the beginning of the COVID-19 pandemic when a growing number of legitimate organisations started using QR codes to enable low-contact transactions.