TRENDS

Andy Swift , Cyber Security Assurance Technical Director at Six Degrees , explains why cybercriminals have started using QR Codes to target victims and outlines how you can protect your business .

What are quishing attacks and how do they work ?

QR codes are everywhere these days : Adverts , posters , packaging , menus , tickets , banking apps . There ’ s no escaping them , even at art galleries and museums . You might be forgiven for thinking they ’ re a new phenomenon , but QR codes have been used in supply chain and manufacturing settings since the early ‘ 90s . It ’ s only with the advent of smartphone QR code reader apps and , most recently , direct QR code reader integration with phone cameras that they ’ ve caught the public ’ s imagination .

Inevitably , cybercriminals spied an opportunity , too – and quishing ( or QR phishing ) is now on the rise . Quishing works like a standard phishing attack , but the malicious link is hidden in a QR code rather than an email link . It ’ s a far more versatile attack method and can be delivered via texts , WhatsApp messages , social media posts , websites , printed copy or even public signage .

These links – often offering a fantastic prize , premium content , or cash sum – might take victims to a fake app , a legitimate app with fake links , or a legitimate app with real links and a fake AI ‘ person ’ on the other side . As with phishing , once cybercriminals have tricked their victims into handing over sensitive information , they can commit identity theft , install ransomware , or carry out financial fraud . QR code links used in quishing attacks can also initiate actions on a smartphone , including email composition and contact updates – further compromising the victim and the organisation they work for .

18 WWW . INTELLIGENTCISO . COM