Cyber villains are upping their game with a new trick up their sleeve – malicious QR codes. These “quishing” campaigns have seen a staggering 2,400% increase since May, with even large U.S. energy firms falling prey. The trick? Hidden redirect links in QR codes that lead users to fake web pages designed to steal their credentials.
Our research shows that almost all of our clients have been targeted by these QR code attacks. And it’s not just limited to emails – mobile devices are also under threat. These attacks are global and omnipresent.
In these attacks, the cybercriminals send QR codes that direct users to pages designed to harvest their credentials. The simplicity of QR codes, especially in the post-pandemic world, makes them an effective tool for these criminals. The hidden link within the QR code is only visible to the device scanning it, not the user.
The trust users place in QR codes makes them an attractive medium for hackers. All they need to do is create a convincing email that mimics a trusted source like Microsoft, and voila, they have a potent phishing email.
Detecting malicious QR codes can be challenging. We use a QR code analyzer in our OCR engine to identify the code, retrieve the URL, and test it against our other engines. If a QR code is present in the email body, it’s a sign of an attack. Once the image is converted to text by OCR, our NLP can identify suspicious language and flag it as phishing.
Until more security solutions can reliably detect malicious QR codes, companies of all sizes will continue to be targeted.
To protect against these attacks, security professionals can:
- Implement email security that uses OCR for all attacks, including Quishing
- Use AI, ML, and NLP to understand the intent of a message and identify phishing language
- Implement security measures that can identify malicious attacks in multiple ways
At Vinca Cyber, we understand the evolving nature of these threats and are equipped to help organizations tackle them effectively. Our advanced security solutions leverage cutting-edge technologies like AI, ML, and NLP to provide robust protection against such sophisticated attacks. With Vinca Cyber, you can rest assured that your organization’s security is in capable hands.
Source: Avanan a Checkpoint company
