QR code phishing is a new threat that now seems to be on the rise. It is now being called “quishing,” a portmanteau made from a combination of the words QR and phishing. A recent study has shown that there has been a 51% increase in quishing incidents in September 2023.
Keep reading to find out more about the study and how you can prevent yourself from becoming a victim of this new type of threat.
Key Findings Show 51% Increase in Attacks
The study was released by a cybersecurity firm called ReliaQuest in November 2023. It reveals a significant increase in phishing attacks using QR codes. The analysis found a 51% rise in quishing incidents in September 2023 compared to the cumulative total from January to August 2023.
The study analyzed recent customer security incidents to uncover quishing attack trends. The most common tactic involved using Microsoft two-factor authentication resets to trick targets into entering their email addresses and passwords, occurring in 56% of the sampled quishing emails.
Online banking credential harvesting ranked second, with 18% of the attacks linking to fake banking login pages.
In 12% of the incidents, attackers concealed the malicious QR codes in PDF or JPEG file attachments rather than the email body. This evasion technique aims to bypass email filters that analyze clickable links and webpage content. A blank message body further reduces the email’s malicious appearance.
How to Stay Protected
There are several ways to protect yourself from quishing attempts. Refrain from scanning random QR codes, especially those received unexpectedly via email or messaging apps. Instead, manually type in known and trusted website addresses.
Verify the URL before entering any login credentials or sensitive information. View email attachments with caution, as QR codes could be lurking inside. As quishing techniques grow more sophisticated, maintaining vigilance and skepticism remains key to thwarting these scams.
If you want to be extra safe, we recommend downloading an antivirus tool such as TotalAV, but the best thing you can do is educate yourself about phishing threats.