The Rise of Quishing: Staying protected against fraudulent QR codes

In the evolving landscape of cyber security, a new threat has emerged – Quishing.

Well, what is quishing? Short for QR code phishing, quishing is a type of cyber attack whereby cyber criminals exploit QR code scans to carry out malicious activities. This blog looks at the rise of quishing and highlights how Mimecast, a pioneer in email and collaboration security, is taking proactive measures to safeguard users from this growing threat.

In 2023, quishing attacks rocketed, and the trend shows no signs of slowing down in 2024. Cyber criminals cleverly leverage emails containing QR codes, leading unsuspecting users to fake websites designed to steal credentials and execute other malicious actions. QR codes now appear in our daily lives, from restaurant menus to sign-up forms, making it challenging to distinguish the genuine from the fraudulent.

The dangers of scanning fraudulent QR codes

1. Redirection to phishing websites – Cyber criminals mimic legitimate websites to trick users into divulging personal information, leading to potential financial fraud or identity theft.
2. Malware infection – Fraudulent QR codes may initiate automatic downloads of malware, ransomware, or spyware, compromising the security of your device.
3. Fake login requests – Users may be prompted to enter login credentials for online accounts, providing scammers with sensitive information. For instance, a quishing email may pose as an urgent Amazon delivery notification, urging users to scan the QR code to address issue.

Protect against the rise of quishing

1. Exercise caution – Never scan a QR code from an unfamiliar sender and be wary of phishing email that have a sense of urgency or sender address discrepancies.
2. Verify URLs – Always preview the URL before clicking on a scanned QR code. Avoid unfamiliar or shortened links and watch for subtle misspellings in well-known names.
3. Guard your credentials – Refrain from entering login details on pages accessed through QR codes. If in doubt, verify concerns directly on the company’s website or contact them by phone.
4. Stay informed – Familiarise yourself with security best practices, including using strong, unique passwords and keeping devices and software up-to-date.

Collaborating with Mimecast provides a proactive defence against quishing attacks

Mimecast Email Security has recently unveiled enhanced QR code protections, incorporating deep scanning of URLs linked to QR codes. By identifying and scrutinising QR codes in emails, Mimecast ensures that malicious content is promptly blocked. These advancements reinforce the commitment to securing employee inboxes, empowering organisations to operate in a protected digital environment.

To find out how we can protect your emails from quishing attacks, get in touch with your Account Manager today.