2023-10-27 08:57:33
Recently, there has been a lot of news about quishing, or QR code phishing. This occurs when the link behind a QR code is malicious, but the QR code itself is not. The researchers of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), have seen a 587% increase in QR code-based phishing scams between August and September.
A 2021 study “Mobile & Smart Connectivity” prepared by IAB Spain shows that in Spain 82.2% of respondents affirm that they have used QR codes on some occasion and only 2% do not know what they are. Why are they on the rise? At first glance they seem harmless and are used to scan menus. But they are a great way to hide malicious intentions. The image may hide a fraudulent link and if the original image is not scanned and analyzed, it will appear as a normal image.
Use of mobile QR code scanners expected to surpass 100 million users in the United States by 2025
And since end users are used to scanning QR codes, receiving one in an email isn’t necessarily a cause for concern. In fact, according to statesmanin 2022, approximately 89 million Internet users in the United States will scan a QR code on their mobile devices, 26% more than in 2020. Likewise, the use of mobile QR code scanners is expected to experience constant growth, surpassing 100 million users in the United States in 2025.
In this attack briefing, Harmony Email researchers will discuss how cybercriminals use QR codes to obtain credentials.
Attack
In this attack, attackers send QR codes that lead to credential harvesting pages.
Vector: Email.
Threat type: Credential Harvesting, Quishing.
Technique: Social engineering.
Aim: Any end user.
Email Example
It is very easy to create a QR code. There are many free pages that make it super simple. QR codes go to a link. Cybercriminals, or anyone else, can put anything in that link so that the QR code redirects to it. In this attack, they have created a QR code that goes to a credential harvesting page. The lure is that Microsoft MFA is about to expire and you have to re-authenticate.
Although the body says it comes from Microsoft security, the sender address is different.
Once the user scans the QR code, they are redirected to a page that looks like it is from Microsoft, but is actually nothing more than a credential theft page.
How can security experts protect themselves from these attacks?
Implement email security that leverages OCR for all attacks, including quishing. Apply security that uses AI, ML, and NLP to understand the intent of a message and know when phishing language may be used. Implement security that has more than one way to identify malicious attacks.
“To combat quising we use the QR code analyzer of our OCR engine which identifies the code, retrieves the URL and then verifies it. In fact, the existence of a QR code in the body of the email message is an indicator of an attack. “Once the OCR converts the image to text, our NLP is able to identify the suspicious language and flag it as phishing.”says Eusebio Nieva, technical director of Check Point Software for Spain and Portugal. “Cybercriminals are always trying new tactics and sometimes reviving old methods. Sometimes, legitimate elements such as QR codes are appropriated. Whatever it is, it is essential to have a complete toolkit to respond”he concludes.
More information
#Alert #Phishing #scams #codes #increase