Tuesday, September 19, 2023

QUISHING!!! QR code Phishing... new Email Threat.

QR Code phishing while not new is on the rise.  QR codes (Quick Response codes) became widely popular during and after the pandemic.  Many legitimate uses such as scanning a QR code to retrieve an online restaurant menu became the norm as well the use of digital wallets for contactless transactions.  The ubiquity of QR codes have made users susceptible to scammers.

Recently I received from clients spam emails containing QR codes.  I scanned the enclosed QR codes and found the following; one took me to a website advertising Website Creation Software.  While it could be legit, I'd be afraid to download.  Two others directed me to the same fraudulent website that had already been taken down, probably due to malicious downloads.

In each case above, I did the scan using my mobile device and recorded the underlying URL  I then used a Sandbox Virtual machine to browse to the URL to minimize any damage.  I would advise against using your mobile device to scan and connect to a URL via a QR code.  Some of the initial scams were Word documents containing instructions with a QR code to scan and complete with personal and financial data online.  Other attacks would request payment via a QR code for a service.

With online wallets such as Apple Wallet and ID be very careful and be sure of the sender, call and verify first.

How to prevent quishing attacks

As with any type of phishing, the best defense against quishing attacks is an educated user base. Enterprises should provide security awareness training that includes the following best practices:

  • Never scan a QR code from an unfamiliar source.
  • If you receive a QR code from a trusted source via email, confirm via a separate medium -- e.g., text message, voice call, etc. -- that the message is legitimate.
  • Stay alert for hallmarks of phishing campaigns, such as a sense of urgency and appeals to your emotions -- e.g., sympathy, fear, etc.
  • Review the preview of the QR code's URL before opening it to see if it appears legitimate. Make sure the website uses HTTPS rather than HTTP, doesn't have obvious misspellings and has a trusted domain. Don't click on unfamiliar or shortened links.
  • Be extremely wary if a QR code takes you to a site that asks for personal information, login credentials or payment.
  • Observe good password hygiene by changing your email password frequently and never using the same password for more than one account.








-
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Kaspersky Ban, Latest Security News

The latest Security News and Anti-Virus options in wake of US Kaspersky ban. With the impending 09/29/24 drop dead date for receiving update...