Welcome to IT-Branschen – The Channel for IT News, Cybersecurity and Digital Trends

For Companies, Suppliers and Decision Makers in the IT Industry

Digital strategy and insights for decision-makers in the IT industry

Subscribe

Stay up to date with the most important news

By pressing the Subscribe button, you confirm that you have read and agree to our privacy policy and terms of use
Subscribe
Facebook Twitter Instagram LinkedIn Pinterest
Contact us

Increased frequency of phishing attacks using QR codes

IT industrybyIT industry
October 21, 2023
Barracuda quishing Barracuda quishing
Barracuda quishing

QR codes used for phishing or "quishing" are now on the rise and are a significant threat to both individuals and organizations. Barracuda Networks Experts see a growing risk with this type of attack, which has become increasingly sophisticated, complex and difficult to detect.

The attacks trick recipients into visiting malicious websites or downloading malicious software.

What makes them particularly dangerous is that they are difficult to detect with traditional email filtering methods. A fake QR code is usually not the only sign of a malicious email. However, with AI and image recognition technology, for example, they can be detected. AI-based detection also takes into account other characteristics such as sender, content, image size and location.

– Users should exercise caution when scanning QR codes delivered via email or other channels. If you must scan QR codes, we recommend downloading a reputable QR code scanner from a trusted app store. If QR code attacks are not part of your organization’s training for cybersecurity "It's important to address it as soon as possible. While QR codes have made our daily lives easier, they have also opened up new avenues for cybercriminals," says Olesia Klevchuk, who works in email security at Barracuda Networks.

Barracuda malicious it industry
Barracuda malicious it industry

Some examples of "quishing"
One way to practice “quishing” is to embed QR codes in emails and prompt recipients to scan the code and visit a fake page that appears to be trustworthy. Victims are typically tricked into entering their login details, which are then captured by the attacker. Fake QR codes can also lead to surveys or forms that request personal information such as name, address or social security number. Victims can be lured with promises of rewards or prizes in exchange for information or even a small payment.

Advertisement

Similarly, QR codes can link recipients to websites that automatically download malware to the victim's device when scanned. The malware can range from spyware to ransomware, which allows attackers to steal data or take control of a compromised device.

QR codes can also be used to open payment sites, follow social media accounts, and even send pre-written emails from the recipient's accounts. This means that hacker can easily impersonate their victims and target others in their contact lists.

Share
Share
Pin it
Tweet
Share
Share
IT industrybyIT industry
Published

Stay up to date with the most important news

By pressing the Subscribe button, you confirm that you have read and agree to our privacy policy and terms of use
convendum banner
Advertisement

READ MORE