When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
Phishinghas been with us since the dawn of the digital age.
As tech trends come and go, it remains one of the most popular threat vectors out there.
Lead SOC Engineer at DigitalXRAID.
How quishing works
Phishing works so well because it relies on hacking the human psyche.
We want to trust the stories were told especially if theyre told by ostensibly trustworthy organizations or individuals.
This is an admirable, but highly exploitable, trait.
As technologies evolve, threat actors are continually refining the methods they use to take advantage of trusting end-users.
QR phishing is a great example.
Scammers are capitalizing on that familiarity by creating QR codes in seconds that can hand over access toemailaccounts.
The scam is simple.
A QR code appears embedded in a legitimate-looking email from a trustworthy source, with instructions to scan.
The user takes out their phone to do so, clicks through and is taken to a phishing site.
It could theoretically be a site primed to install covertmalware, or steal sensitive personal and financial information.
But very often it is designed to harvest business credentials.
Why is quishing so successful?
Quishing makes sense to a threat actor for several reasons.
And in any case, those defenses may not work as intended.
By mimicking familiar processes, bad actors can lull their targets into a false sense ofsecurity.
In particularly sophisticated scenarios, these QR phishing attempts use domain redirection, sometimes multiple times.
To combat this, businesses need to combine stronger security controls with ongoing education.
Back this up with stronger policies around identity and access management.
Mandate strong, unique passwords and discourage reuse and sharing to mitigate the risk of compromise.
And enforce strict policies outlining QR code usage guidelines and what to do when encountering unknown or unsolicited codes.
XDR can help here by supercharging detection and response across email, web connection, and other layers.
Quishing is just the latest evolution in a continuous arms race between connection defenders and threat actors.
Its time we updated our response accordingly.
We’ve featured the best encryption software.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc.
If you are interested in contributing find out more here:https://www.techradar.com/news/submit-your-story-to-techradar-pro
