QUISHING!!! QR code Phishing... new Email Threat.

QR Code phishing while not new is on the rise.  QR codes (Quick Response codes) became widely popular during and after the pandemic.  Many legitimate uses such as scanning a QR code to retrieve an online restaurant menu became the norm as well the use of digital wallets for contactless transactions.  The ubiquity of QR codes have made users susceptible to scammers.

Recently I received from clients spam emails containing QR codes.  I scanned the enclosed QR codes and found the following; one took me to a website advertising Website Creation Software.  While it could be legit, I'd be afraid to download.  Two others directed me to the same fraudulent website that had already been taken down, probably due to malicious downloads.

In each case above, I did the scan using my mobile device and recorded the underlying URL  I then used a Sandbox Virtual machine to browse to the URL to minimize any damage.  I would advise against using your mobile device to scan and connect to a URL via a QR code.  Some of the initial scams were Word documents containing instructions with a QR code to scan and complete with personal and financial data online.  Other attacks would request payment via a QR code for a service.

With online wallets such as Apple Wallet and ID be very careful and be sure of the sender, call and verify first.

How to prevent quishing attacks

As with any type of phishing, the best defense against quishing attacks is an educated user base. Enterprises should provide security awareness training that includes the following best practices:

• Never scan a QR code from an unfamiliar source.
• If you receive a QR code from a trusted source via email, confirm via a separate medium -- e.g., text message, voice call, etc. -- that the message is legitimate.
• Stay alert for hallmarks of phishing campaigns, such as a sense of urgency and appeals to your emotions -- e.g., sympathy, fear, etc.
• Review the preview of the QR code's URL before opening it to see if it appears legitimate. Make sure the website uses HTTPS rather than HTTP, doesn't have obvious misspellings and has a trusted domain. Don't click on unfamiliar or shortened links.
• Be extremely wary if a QR code takes you to a site that asks for personal information, login credentials or payment.
• Observe good password hygiene by changing your email password frequently and never using the same password for more than one account.

https://www.techtarget.com/searchsecurity/feature/Quishing-on-the-rise-How-to-prevent-QR-code-phishing

AI and your information; What does it know about you and your business. it's more intrusive that you think

I encourage my clients to forward questionable emails to me for analysis to check if they are valid or not.  Recently a forwarded email came from a client that she received from someone claiming to be the owner of the firm she works for asking for her cell phone number.  Problem was the alleged owner wasn't anyone we knew.

-----Original Message-----

From: xxxxx xxxxxxxxxx <xxxxxxxxx0029@gmail.com> 

Sent: Friday, August 11, 2023 8:58 AM

To: xxxxx xxxxxxx <xxxxx@clientemail.com>

Subject: 

Hi Xxxxx

I need you to work on a request for me. Send me your cell phone number. I love working with great people.

First LastName

Owner at CompanyName, LLC

Normally, I would have dispelled this as another phishing attempt.  However, I knew that this firm had some private investors and decided to Google the name in the email along with the client's company.  What I found was a page published on a website of ZoomInfo that listed not only the sender as the owner but also an almost complete list of present and past employees.

The site has the firm's correct address listed but to obtain phone numbers and emails you have accept and download ZoomInfo software which I suspect then looks at your contact list.

I provide an example of the listing they have for Driving Force.  I got this listing by googling "driving force software zoominfo".  However the example of the client above I found by googling the name of the alleged owner and firm name.  ZoomInfo was a the top of the search results.

As you can see below, they've published my phone number and website.  They have my NACIS and SIC codes correct.  However they list our operations as;

Driving Force Software is a company that operates in the Museums and Institutions industry. It employs 11-20 people and has $1M-$5M of revenue. The company is headquartered in Atlanta, Georgia.

I have checked other clients and the results are astounding.  A lot of info about them, some correct and much incorrect.

Where does ZoomInfo source its data?

ZoomInfo employ AI, Artificial Intelligence to scour the web and the following sources;

Unstructured Public Information: ZoomInfo's technologies extract and parse unstructured information found on webpages, newsfeeds, blogs, and other public sources and then match that information with entities it has previously identified.Jan 19, 2023

If you research and find your business on their site, do not download and install their software.  I'm not sure but I suspect they will browse your contacts and harvest more info.  Instead do the following;

How do I remove my info from ZoomInfo?

Go to https://www.zoominfo.com/privacy-center/update/remove and “Verify” your email address. Check your mailbox and take a note of your 4-digits code. Enter the 4-digits code and click “Confirm” Tick the checkbox next to “I would like to delete my information”, solve the CAPTCHA, and click “REMOVE”Jan 31, 2023

https://www.zoominfo.com/privacy-center/update/remove