SecurityHQ analysts have recently observed a significant increase in Business Email Compromise (BEC), regarding phishing attacks containing QR code (Quishing) and captchas for credentials harvesting.
This blog aims to highlight the sophisticated nature of this attack, to understand the technical aspects of session abuse, and its prevention.
What is Quishing?
In the ever-evolving landscape of cybercrime, threat actors are constantly discovering new methods and using them to target organizations. One such emerging threat is known as ‘quishing’ or QR code phishing. Quishing attacks usually occur via the scanning of a QR code. This technique involves tricking organisations' users into scanning a QR code using a mobile phone. The QR code then redirects the user to a phishing or fake website that aims to steal their credentials.
In the ever-evolving landscape of cybercrime, threat actors are constantly discovering new methods and using them to target organizations. One such emerging threat is known as ‘quishing’ or QR code phishing. Quishing attacks usually occur via the scanning of a QR code. This technique involves tricking organisations' users into scanning a QR code using a mobile phone. The QR code then redirects the user to a phishing or fake website that aims to steal their credentials.
Why Are QR Codes Being Used?
In the past, attackers used various types of URLs and attachments to deliver phishing emails. But, due to advanced email gateway security controls, bypassing the email gateway is not an easy task.
One of the main reasons why threat actors choose the QR Code is because it’s the simplest way to force a user to move from a desktop or laptop to a mobile device, which usually doesn’t have any anti-phishing protection. Additionally, they have multiple advantages over a phishing link embedded directly in an email.
Another reason is these phishing emails are easily getting through the email security gateways because currently email gateway sandbox is not capable of scanning the QR code and providing the verdict on whether it is phishing or not. Due to a lack of inspection from email security gateways, attackers are taking advantage and more commonly targeting users with QR code phishing techniques.
In the past, attackers used various types of URLs and attachments to deliver phishing emails. But, due to advanced email gateway security controls, bypassing the email gateway is not an easy task.
One of the main reasons why threat actors choose the QR Code is because it’s the simplest way to force a user to move from a desktop or laptop to a mobile device, which usually doesn’t have any anti-phishing protection. Additionally, they have multiple advantages over a phishing link embedded directly in an email.
Another reason is these phishing emails are easily getting through the email security gateways because currently email gateway sandbox is not capable of scanning the QR code and providing the verdict on whether it is phishing or not. Due to a lack of inspection from email security gateways, attackers are taking advantage and more commonly targeting users with QR code phishing techniques.
How Quishing Attacks Work?
The attack begins with an email that claims the recipient must take action to update/view their organizational account settings. These emails carry PNG, JPEG, GIF, or attachments containing a QR code. The recipient is prompted to scan to verify their account. These emails also show an urgency to act within 2-3 days in the email subject such as “Urgent”, “Important”, and “2FA” to trick the user into sending emails related to ‘salaries’, ‘increments’, ‘appraisals’ etc.
The QR codes in this campaign also use redirects in well-known domains such as Baidu, GoDaddy, IPFS, etc. URLs to send the targets to a Microsoft 365 phishing page to evade security.
To view all the steps of this type of attack, provided by SecurityHQ analysts, with screenshots showcasing notes from the field, and recommendations to mitigate against such threats, view the full blog here.
www.securityhq.com
Low Cost and Free Publicity - Your company can easily benefit from some publicity like the posts above for a contribution towards our layout costs (£75 to £95 plus VAT), payable in advance or you can receive the service absolutely free of charge if you advertise (see below).
We post articles up to twice a day and never delete them - we only archive them each year so that they continue to remain visible to search engines.
To have your story published - just send us your news item, logo and image(s) and we will review the material, make any necessary changes to the wording / wordcount and then advise you when it will be published.
If you are a regular advertiser in our printed and online publications, placing series bookings for adverts or subscribing to our VIP Packages, you will qualify for a specific number of free postings on this blog while you continue to advertise with us. See our media pack for more details.
Also, if you purchase one of our Online and Print Combo packages, Featured Articles or Advertorial packages shown in our media pack, posting on this blog is included in the price.
For details and rates for all of our advertising options in print and online, download our media pack contact us or visit our website.
Door Industry Journal is a trading style of Avalon Innovations LLP - Company No. OC364751
The attack begins with an email that claims the recipient must take action to update/view their organizational account settings. These emails carry PNG, JPEG, GIF, or attachments containing a QR code. The recipient is prompted to scan to verify their account. These emails also show an urgency to act within 2-3 days in the email subject such as “Urgent”, “Important”, and “2FA” to trick the user into sending emails related to ‘salaries’, ‘increments’, ‘appraisals’ etc.
The QR codes in this campaign also use redirects in well-known domains such as Baidu, GoDaddy, IPFS, etc. URLs to send the targets to a Microsoft 365 phishing page to evade security.
To view all the steps of this type of attack, provided by SecurityHQ analysts, with screenshots showcasing notes from the field, and recommendations to mitigate against such threats, view the full blog here.
www.securityhq.com
>> Scroll down to read more articles like this which have been published recently on this blog <<
You can also read additional current and archived articles on our dedicated magazine website
Low Cost and Free Publicity - Your company can easily benefit from some publicity like the posts above for a contribution towards our layout costs (£75 to £95 plus VAT), payable in advance or you can receive the service absolutely free of charge if you advertise (see below).
We post articles up to twice a day and never delete them - we only archive them each year so that they continue to remain visible to search engines.
To have your story published - just send us your news item, logo and image(s) and we will review the material, make any necessary changes to the wording / wordcount and then advise you when it will be published.
If you are a regular advertiser in our printed and online publications, placing series bookings for adverts or subscribing to our VIP Packages, you will qualify for a specific number of free postings on this blog while you continue to advertise with us. See our media pack for more details.
Also, if you purchase one of our Online and Print Combo packages, Featured Articles or Advertorial packages shown in our media pack, posting on this blog is included in the price.
For details and rates for all of our advertising options in print and online, download our media pack contact us or visit our website.
Door Industry Journal is a trading style of Avalon Innovations LLP - Company No. OC364751
No comments:
Post a Comment