A group of cyber security experts has seen a 587 percent growth in ‘phishing’ attacks by scanning QR codes, which lead to pages to obtain credentials to use them for various purposes, such as data theft.
QR code phishing scams, also known as cushing, use these codes to share a malicious link without the user’s knowledge. Hence, it is a technique of impersonating companies or public entities along with social engineering.
In this sense, a team of researchers from the Check Point Research Group, a company that provides cybersecurity systems, has warned of the risk of ‘quishing’ attacks, which increased by 587 percent between August and September.
On a daily basis, users use QR codes for a variety of activities, from viewing menu options at a restaurant to registering for activities or accessing a service.
In fact, according to the ‘Mobile & Intelligent Connectivity’ study produced by the communications association IAB Spain in 2021, more than 82.2 percent of users surveyed in Spain said they have sometimes used QR codes. When faced with this, only 2 percent indicated that they did not know what these codes were.
This means that the majority of Spanish citizens use QR codes and are therefore vulnerable to a ‘quishing’ attack.
In this sense, as Check Point researchers explained, even though QR codes may appear to be an “innocuous” structure at first glance, they are “a great way to hide malicious intentions” because they are used by cybercriminals to hide fraudulent links.
One example of these attacks, Check Point pointed out in a report, is sending QR codes through emails. Specifically, in the attack shared by the researchers, an ’email’ informing the user that Microsoft’s Multi-Factor Authentication (MFA) is about to expire is used as a decoy, encouraging the user to re-authenticate.
In this case, malicious actors insert a QR code into an email with a fraudulent link that leads to a credential collection page. Once the user scans the said QR code, a page that mimics the legitimate Microsoft credentials page opens, and although it looks similar, it actually facilitates credential theft.
According to cybersecurity experts, generating a QR code is “very easy” because there are usually many free pages that generate it automatically. This way, cybercriminals can add any malicious link. Also, note that in the example shown, although the subject indicates Microsoft, the sender address is different.
How to Protect Yourself from ‘Quishing’
With all this in mind, Check Point has shared some recommendations to combat ‘quishing’. One of them is implementing an email security system that uses optical character recognition (OCR) to identify all possible attacks.
Likewise, users can use a system that uses artificial intelligence, machine learning and natural language processing to understand the intent of messages and detect when an email may be “using phishing language.”
As explained by Check Point Software’s technical director for Spain and Portugal, Eusebio Nieva, the methods used by researchers to detect these types of attacks are based on the use of its OCR engine’s QR code analyzer.
This way, as the OCR engine converts the QR code image into text, the code can be recognized and retrieved without opening the URL. After this, the URL is analyzed to check if it is a malicious website using NLP capable of detecting suspicious language and flagging it as ‘phishing’.
“Cybercriminals are always trying new tactics, other times reviving old methods. Sometimes, they use legitimate elements like QR codes,” Nieva said, adding that the presence of a QR code in the body of a message email “is an indicator. of an attack.”
:quality(85)/cloudfront-us-east-1.images.arcpublishing.com/infobae/YMJL5TYTFCDXREBK5GQ3GF2NSE.jpg)
:quality(85)/cloudfront-us-east-1.images.arcpublishing.com/infobae/6HQACP6IWFDCZILI6XO6YCAIT4.jpg)
:quality(85)/cloudfront-us-east-1.images.arcpublishing.com/infobae/MNC54VXNEZFZRNQPRR5NB7S774.jpg)
