An alarming surge of 587% in QR code phishing, or Quishing attacks, was recently identified by Check Point’s Harmony Email team between August and September 2023. Researchers noted thousands of these QR code-related attacks each month.
In a blog post authored by Check Point’s cybersecurity researcher Jeremy Fuchs, it was revealed that hackers exploit QR codes to lure users, redirecting them to credential-harvesting websites. Notably, in the UK and Europe, 86.66% of smartphone users have scanned at least one QR code in their lifetime, with 36.40% scanning codes weekly.
This uptick is in line with the findings reported by SlashNext, a SaaS-based cloud messaging security firm, which highlighted a sudden increase in QR code-based phishing attacks in October.
Exploiting QR codes is convenient for attackers due to their ability to encode complex data and quickly direct users to malicious websites. Check Point discovered a substantial rise in Quishing attacks, a form of phishing where unsuspecting users are deceived into accessing harmful sites or downloading malware after scanning a QR code.
Quishing attacks are burgeoning due to their widespread usage, with millions employing QR codes for payments, menu scanning, and information access, making them an attractive target for threat actors.
Moreover, these codes can conceal malicious links, leading users to harmful websites without raising suspicion.
Check Point’s Harmony Email team observed that attackers are currently redirecting users to credential-harvesting sites through QR code lures, employing social engineering via emails designed to resemble legitimate communications. The emails can look like this:
In the case of Quishing attacks, email lures typically claim that Microsoft’s multi-factor authentication requires renewal, prompting users to re-authenticate. It’s crucial to note that while the email content is alleged to be from Microsoft, the sender’s address differs.
To defend against Quishing attacks, the inclusion of Optical Character Recognition (OCR) within security solutions is imperative. OCR can decipher QR codes, revealing the underlying URL, which can then be subjected to URL analysis. Suspicion should be aroused upon encountering a QR code within an email.
Given the escalating threat of Quishing attacks, exercising caution is paramount. Scanning QR codes in emails should be accompanied by source verification, ensuring the sender’s legitimacy. Security professionals are advised to adopt email security solutions that harness OCR capabilities for all-around protection. Additionally, the incorporation of Artificial Intelligence (AI), Machine Learning (ML), and Natural Language Processing (NLP) is vital to discerning the true intentions behind messages.
