ChannelLife UK - Industry insider news for technology resellers
United Kingdom
Guides
#
cloud services
#
cybersecurity
#
distributors
#
microsoft
#
partner programmes
Search
Story image
#
AI
#
Cybersecurity
#
Email Security
Rise in QR code phishing scams, reveals Check Point research
Tue, 31st Oct 2023
Author image
By Tom Raynel, Managing Editor
Follow us

Check Point's Harmony Email team has observed a sharp rise in QR code phishing, often referred to as 'Quishing', with a staggering 587% increase between August and September. This rapid growth equates to thousands of attacks each month. Hackers are exploiting QR codes as a tool for cybercrimes, enticing unsuspecting users to scan them and directing them to fraudulent credential harvesting sites.

In the UK and Europe, 86.66% of smartphone users have scanned a QR code once in their lifetime, with 36.40% scanning at least one every week. Adding to these significant figures, Harmony Email researchers reveal that almost all their customers have become targets of these malicious attacks.

Cybersecurity Researcher and Analyst Jeremy Fuchs has composed a blog discussing the rising trend of Quishing, how hackers are exploiting QR codes to steal end-user credentials and measures to protect oneself. The blog provides an in-depth understanding of Quishing– a cyber attack where the link associated with a QR code is malicious, but the QR code itself appears harmless.

Fuchs discusses a recent case where a major US energy firm was the target of a QR phishing code, indicative of the increasing frequency of such attacks. As these attacks become more prevalent, QR codes, once widely considered benign, are being flagged as potential cybersecurity risks.

Exploring the reasons behind this increase, Fuchs indicates that QR codes, often used for everyday tasks such as scanning menus, offer an easy way for attackers to conceal malicious links. The routine habit of scanning QR codes doesn't raise an alarm for most end-users, making the attack technique even more effective. Recent statistics suggest that in 2022, around 89 million smartphone users in the US scanned a QR code on their mobile devices, a 26% increase from 2020. This use of QR codes by digital device holders is set to grow steadily, projected to surpass 100 million users in the US by 2025.

Fuchs further outlines the attack technique used by hackers, explaining how they send QR codes leading to credential harvesting sites - fake websites designed to trick users into revealing their login details. The attackers deceive victims by presenting QR codes that redirect to a page disguised as a legitimate Microsoft page requiring them to re-authenticate, thus obtaining their credentials.

In order to thwart these attacks, OCR (Optical Character Recognition) along with AI, ML and Natural Language Processing (NLP) are recommended. These technological solutions are geared to understand the intent of a message and detect phishing attempts. End-user education and defensive strategies are also crucial in these attacks, ensuring that cybersecurity is multi-pronged and robust in its approach.

Related stories
Gartner unveils top four data & analytics trends for 2024
Smarttech247 & SentinelOne launch AI-powered cybersecurity for SMEs
UK managers pivotal in shaping positive workplace culture, study finds
Westcon-Comstor achieves 100% renewable electricity target in UK
High Performance Podcast duo to keynote Infosecurity Europe conference
Top stories
The messaging evolution and the fight against fraud
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity
Game review: TopSpin 2K25 (PS5)
UK consumers prioritising price over brand loyalty