CYBER SECURITY TERMINOLOGY EXPLAINED

What is Quishing?

Quishing, also known as QR phishing, is a method used by criminals in which they use QR codes to get victims to download harmful files or to be redirected to malicious websites. Often, this kind of phishing frequently evades traditional safeguarding methods due to it being in the form of an image, e.g., secure email gateways.

What does a quishing attack look like?

Quishing is designed to trick people into falling for a scam, usually sent in the form of an email. The email will pretend to be from a reliable source, such as your bank or a respectable online retailer. It will make an effort to instil a sense of urgency by stating that you must act immediately and scan the QR code attached.

What might happen when you scan the malicious QR code?

When the recipient scans a malicious QR code, they will likely be directed to a phishing site that attempts to obtain sensitive data, such as login credentials, or get the victim to unintentionally download malware.

Quishing may involve multiple devices

Users are likely to scan QR codes they get on one device with another, which could mean personal devices are introduced into the mix. These devices might not have the same degree of company cyber security controls, which makes it harder for the company’s security solutions to identify and prevent a quishing attack.

Consequences of quishing

  • Financial loss. Money stolen by cybercriminals, revenue lost due to disruption of operations, or regulatory fines.
  • Data loss. Unintentionally downloading malware after scanning a QR code can result in data breaches like customer data loss or intellectual property theft.
  • Reputational damage. Financial or data loss due to quishing can erode a customer’s trust, especially if sensitive customer data is compromised.

How to prevent falling victim to quishing?

  • Be sure that you verify that the sender is from a legitimate source.
  • Become familiar with typical indicators of quishing, such as feeling rushed and offers that seem too good to be true.
  • Refrain from scanning QR codes; go straight to the company’s website using your browser, or give them a call.
  • Enable multi-factor authentication – enable MFA to reduce the potential consequences if user credentials are unintentionally entered into a malicious site.
  • Cyber security awareness training – educating employees on cyber threats and what actions they should take to avoid being another victim. Simulated attacks on staff can identify and address security gaps, which can also help you understand how resilient you are to different types of attacks.

By implementing these strategies, you can decrease your chances of becoming a target of quishing attacks.

CYBER SECURITY UPDATES

Sign up for the latest advice and information about keeping your business cyber secure.