QR Code-based Phishing Increases By 587%:- Check Point’s Harmony Email team found a 587% increase in QR code phishing attacks (also known as quishing) between August and September 2023. This spike represents a disturbing trend in which threat actors are increasingly using the assault approach to compromise user credentials.
The assaults, primarily quishing and QRLJacking, use QR codes to link victims to sites meant to steal login information.
Attackers are sending emails with QR codes that erroneously alert users that their Microsoft multi-factor authentication has expired, demanding re-authentication.
However, the contradiction between the email’s body, which resembles Microsoft’s security notice, and the alternative sender’s address is a purposeful mismatch created by attackers to deceive victims.
Increase in QR code usage and abuse
In the United Kingdom and Europe, approximately 87% of smartphone users have interacted with a QR code, with more than a third doing so frequently, making QR codes a prime target for exploitation.
According to Check Point’s investigation, attackers are not only developing new QR code-related attacks, but also improving their approaches to improve their deception.
The bottom line
The frequency of quishing demonstrates the constantly shifting nature of cyber threats. When you come across a QR code in an email, you must be extra cautious. Before scanning an email, users should check its source. Using Optical Character Recognition (OCR) technology is critical in identifying these harmful scripts. Furthermore, a layered security approach is critical for a more sophisticated understanding of an email’s intent, thereby safeguarding against