What is Quishing?
The latest trend in cybercrime is QUISHING. Haven’t heard of it? Read our blog to find out what it is how they work and what security risks they pose.
The latest trend in cybercrime is QUISHING. Haven’t heard of it? Read our blog to find out what it is how they work and what security risks they pose.
Quishing is a sneaky type of phishing that uses QR codes to trick people into sharing sensitive data. It is a cybersecurity threat where hackers use QR codes to direct victims to malicious website or prompt them to download harmful content. The aim is to steal sensitive information, such as passwords, financial data, or personally information, which can then be used for identity theft, financial fraud, or ransomware attacks.
This type of phishing often evades traditional defences like secure email gateways. QR codes in emails are often seen as harmless images by these gateways, making users susceptible to specific phishing attacks.
QR codes or Quick Response codes, are two-dimensional barcodes that store information such as URLs, text, or contact details. Originally developed in Japan in the 1990s for the automotive industry, QR codes have since become ubiquitous, appearing on everything from product packaging to payment systems. Their versatility lies in the ease with which they can be scanned using a smartphone camera.
Here is how they work:
QR codes are made up of a grid of black and white squares arranged on a square grid, with specific patterns for alignment, positioning, and error correction.
Let’s breakdown the structure that makes information readable:
Quiet Zone: The empty white border around the outside of a QR code.
Hinder pattern: The three black squares in the bottom-left, top-left, and top-right corners.
Alignment pattern: A small square near the bottom-right corner, which ensures the QR code can be read, even if it’s skewed or at an angle.
Timing pattern: An L-shaped line that helps to identify individual squares within the whole code, making it possible for a damaged QR code to be read.
Version information: Identifies which version of the QR code is being read.
Data cells: The rest of the QR code communicates the actual information — the URL, phone number, or other data.
When you scan a QR code with a smartphone or a scanner, the software reads the pattern, decodes the information, and presents it by opening a URL for example.
They are commonly used as weblinks or digital resources. They are very handy for restaurant menus, marketing materials and event info. Some businesses use QR codes on business cards so people can save their contact details on their phone easier. They can also be used to make payments, and they are often used for authentication of luxury items and tech products.
While QR codes have their advantages, cybercriminals have quickly learnt to exploit these and use them to their own gain. So, here comes quishing.
The reason why quishing emails are a highly successful form of cyberattacks is that most email security solutions are designed to inspect texts, URLs and attachments but QR codes are essentially just images. Individually, the pixels in a QR code are meaningless. However, once decoded, the QR code translates into a URL. If an email security solution cannot interpret QR codes to reveal the malicious URLs they conceal, users are left unaware about the destination of the QR code until they scan and decode it.
In a quishing attack, criminals create a QR code and link it a malicious website. Attackers often embed QR codes in phishing emails, social media posts, printed flyers, or physical objects, using social engineering techniques to lure victims. For instance, victims might receive an email claiming they can access an encrypted voice message or win a cash prize by scanning a QR code.
When victims scan the QR code, they are redirected to a malicious website. This site may prompt them to enter sensitive information, such as login credentials, financial details, date of birth or email address.
Once attackers capture this sensitive information, they can exploit it for malicious purposes, including identity theft, financial fraud, or ransomware attacks.
Quishing is becoming increasingly popular in phishing campaigns because people have gotten used to scanning QR codes without thinking too much about it. So, if you see a QR code in an email, a random flyer, or even a public poster, approach it with caution!
Ensure that the URL the QR code directs you to is safe. Look for the padlock icon in the search bar next to the web address. Do not submit personal information, make payments or download anything from a site assessed through a QR code unless you are a hundred percent sure that it is legitimate. If you have any doubts, it’s best not to do it!
How can Syn-Star help businesses protect against quishing attacks?
Syn-Star offers employee training, which is the most important step towards your business’ cybersecurity.
So, to ensure that you and your team are up-to-date with the latest cyber threats, get in touch with Syn-Star to book your training session.
Agnes Molnar
Agnes is Syn-Star’s expert content writer, she has Master’s degree in English Literature that provides a strong foundation in writing and critical thinking of everything she does.
Qualifications: Masters in English Literature
In-house training: HubSpot SEO, WordPress Training.
Learn more about Cyber Security
Let’s Talk!
If you have any additional comments or questions about this article, you can share them in this section.
Agnes Molnar
Agnes is Syn-Star’s expert content writer, she has Master’s degree in English Literature that provides a strong foundation in writing and critical thinking of everything she does.
Qualifications: Masters in English Literature
In-house training: HubSpot SEO, WordPress Training.
You’re device is on an Unsupported Windows Operating System for your security, please contact us.
Team Productivity:
You and your team are able to see where they are using their time and how productive they are actually being. Also they are able to clock in and out, so really good for flexi-working.
Team Monitoring:
If you would like to know what your team is doing and how productive they are being, we are able to monitor them and create screenshots of what they are working on. This can be run in normal or stealth mode.
Book a FREE fact finding session to discuss the different options.
We proactively seek opportunities to support good causes for our community.
From sponsoring local community football teams, to engaging with charity fundraiser days, we believe it’s important to continually strive to do good for the better of others.
We have members who volunteer with youth organisations, are engaged with the Round Table, run marathons and volunteer at events where we may be needed. Every charity receives a discounted IT and Telecoms service too.
Protecting your digital data is crucial for every business and this can start with the industry-leading security we offer. The Syn-Star specialists can help with identifying any vulnerabilities within your IT systems and act accordingly to ensure cyber-attacks and data breaches are mitigated.
Your business will never fall behind with its technology when you work with Syn-Star.
We understand IT and Telecoms for your business is an investment, but it’s important to use the best resources available to enable the growth of your business. Our IT Consultancy and Virtual IT Director Services are available to support you with how you use your business technology for years to come.
Syn-Star can conduct quick and easy phishing exercises to identify people within your team who need to improve on their knowledge around fraudulent emails and how they can be alerted to these threats.
At Syn-Star, our experts can proactively work to understand exactly what software you need to support with the business operations. Whether you need a listening ear on what software to choose, or would like to seek some specialist knowledge, we’re here to help where we can.
At Syn-Star, we keep Telecoms simple. There’s so much available to help UK companies with their communications. VoIP systems, fixed landline, cloud phone systems, SIP trunking and more. Contact us for further details.
Desk phones, cordless phones or conference phones, Syn-Star can provide you with whatever you need.
From conference calling facilities to the headsets which work best for your team, we’re able to provide all the equipment you need and complete any telecoms job from start to finish.
There is no need to be in the office to make and receive phone calls from your company’s number. Our market-leading Telecoms platform gives you the flexibility of desk phones, soft phones and mobile apps as standard.
Whether your team works remotely, or perhaps staff are on a business trip anywhere in the world, calls can still be made, and people are reachable via phone wherever they go.
With a range of products, our team can support you by installing exactly what you need for internet connectivity. We work with the very best products to provide speedy bandwidths which play a part in the increased productivity of your team.
