Quishing, or QR code phishing, is a form of cyberattack that exploits the popularity of QR codes to deceive users into performing dangerous actions.
How does quishing work?
Creation of a malicious QR code:
Cybercriminals generate a QR code which, when scanned, redirects the user to a fraudulent website or downloads a malicious application.
Distribution of the QR code:
This QR code is then distributed through various channels: posters, flyers, business cards, social networks, emails, etc.
Victimization:
When a victim scans the QR code, they are redirected to a website that often imitates a legitimate service (a bank, an e-commerce website, etc.). On this fake website, the victim may be asked to enter personal information (login credentials, credit card numbers, etc.) or download malicious software.
Why is quishing effective?
Ease of use:
QR codes are easy to generate and distribute.
Trust:
Users tend to trust QR codes because they are increasingly common in everyday life.
Discretion:
A quishing attack can go unnoticed because the QR code may be integrated into discreet visual materials.
How can you protect yourself against quishing?
Be cautious:
Do not scan a QR code if you do not know where it leads.
Check the URL:
Before entering any information, carefully verify the website URL.
Security applications:
e-securemail provides an additional security layer to scan QR codes and detect potential threats.
How to identify a quishing email?
The e-securemail console allows advanced searches and enables filtering emails based on specific criteria, such as the presence of a QR code.
See here for more details.