Rise in QR code phishing scams, reveals Check Point research
Check Point's Harmony Email team has observed a sharp rise in QR code phishing, often referred to as 'Quishing', with a staggering 587% increase between August and September. This rapid growth equates to thousands of attacks each month. Hackers are exploiting QR codes as a tool for cybercrimes, enticing unsuspecting users to scan them and directing them to fraudulent credential harvesting sites.
In the UK and Europe, 86.66% of smartphone users have scanned a QR code once in their lifetime, with 36.40% scanning at least one every week. Adding to these significant figures, Harmony Email researchers reveal that almost all their customers have become targets of these malicious attacks.
Cybersecurity Researcher and Analyst Jeremy Fuchs has composed a blog discussing the rising trend of Quishing, how hackers are exploiting QR codes to steal end-user credentials and measures to protect oneself. The blog provides an in-depth understanding of Quishing– a cyber attack where the link associated with a QR code is malicious, but the QR code itself appears harmless.
Fuchs discusses a recent case where a major US energy firm was the target of a QR phishing code, indicative of the increasing frequency of such attacks. As these attacks become more prevalent, QR codes, once widely considered benign, are being flagged as potential cybersecurity risks.
Exploring the reasons behind this increase, Fuchs indicates that QR codes, often used for everyday tasks such as scanning menus, offer an easy way for attackers to conceal malicious links. The routine habit of scanning QR codes doesn't raise an alarm for most end-users, making the attack technique even more effective. Recent statistics suggest that in 2022, around 89 million smartphone users in the US scanned a QR code on their mobile devices, a 26% increase from 2020. This use of QR codes by digital device holders is set to grow steadily, projected to surpass 100 million users in the US by 2025.
Fuchs further outlines the attack technique used by hackers, explaining how they send QR codes leading to credential harvesting sites - fake websites designed to trick users into revealing their login details. The attackers deceive victims by presenting QR codes that redirect to a page disguised as a legitimate Microsoft page requiring them to re-authenticate, thus obtaining their credentials.
In order to thwart these attacks, OCR (Optical Character Recognition) along with AI, ML and Natural Language Processing (NLP) are recommended. These technological solutions are geared to understand the intent of a message and detect phishing attempts. End-user education and defensive strategies are also crucial in these attacks, ensuring that cybersecurity is multi-pronged and robust in its approach.