Quishing: Tricks to look out for

2023-10-26 07:59

QR phishing usually comes via email and contains a QR code pointing to a phishing or scammy web page.

Quishing emails generally impersonate a credible company and ask users to scan the QR code in their email.

A recent test of employee security awareness performed by Hoxhunt revealed that only 36% of almost 600,000 employees of varying levels of seniority successfully identified and reported the phishing email carrying a QR code.

An anecdotal report by a security professional that ran a QR code phishing simulation against their organization's employees tells of a similar scan/click rate: 6%. While security pros are discussing online which third-party solutions, mail flow rules and filters, queries and tricks can prevent QR code phishing emails reaching their colleagues' inboxes, one thing is obvious: phishing awareness trainings should be updated to include the threat of quishing.

Users should be made aware that phishing emails can also include malicious QR codes.

Users should be told to be extra careful when evaluating the legitimacy of emails carrying QR codes.

News URL

https://www.helpnetsecurity.com/2023/10/26/qr-phishing-quishing/