Quishing is phishing using QR (Quick Response) codes. QR codes are basically two-dimensional barcodes that hold encoded data, and they can be used to work as a link. Point your phone's camera at a QR code and it will ask you if you want to visit the link.
The use of QR codes in malicious campaigns is not new, and because they can provide contactless access to a product or service they grew in popularity during the Covid-19 pandemic.
In August, 2023 we wrote about an email campaign that used QR codes to phish for Microsoft credentials. The links in the QR codes redirected from legitimate domains associated with Bing, Salesforce, and Cloudflare to send the targets to phishing sites that were after Microsoft credentials. Since the subject of the emails were often fake Microsoft security notifications, the Bing URLs would not have looked out of place to any victims who gave them a cursory examination.
Lately, there has been an increase in quishing emails, which either send victims to malware-infested sites or ones looking for credentials.
The usual methods are used to make the emails look convincing: The email will pretend to come from a bank or another organization you trust, or might look like internal mails from the organization you work for, perhaps pretending to come from HR or the IT department. The QR codes in these mails are either embedded or sent as an attachment.
Most of the email contains little to no text, which reduces the chances of the scammer maki ..
Support the originator by clicking the read the rest link below.
