First, what are QR codes? QR (Quick Response) codes are two-dimensional barcodes that can be quickly read by smartphones and store data such as URLs. They were invented in Japan in 1994 and have become especially popular during the pandemic.
What is squishing?
Quishing, or QR phishing, is a cybercrime that involves creating malicious QR codes to redirect users to fraudulent websites or download malware. With the growing use of QR codes, for example in restaurants or for payments, there is a risk that people will unknowingly fall for such attacks and put their data at risk.
Example: Super Bowl 2022 A well-known case was Coinbase's QR code advertisement during the 2022 Super Bowl. This not only increased app downloads but also raised concerns in the cybersecurity community about QR code scams.
Static vs. dynamic QR codes There are two types of QR codes: static, whose content is unchangeable, and dynamic, whose content can be subsequently adjusted. The latter offer flexibility, but also pose higher security risks as they can be more easily manipulated.
What is phishing? Phishing is a method in which criminals try to obtain sensitive information such as passwords through social engineering. Quishing is a variation of this that uses QR codes instead of email links.
How does quishing work? Quishing involves criminals creating QR codes that lead to fake login pages or download malware. These codes can be placed in emails or in public places. Since the content of a QR code is only visible after scanning, fraudsters exploit this to bypass security measures.
QRLJacking A special form of quishing is QRLJacking, which involves manipulating login QR codes. One example of this was an attack on ING Bank, where legitimate QR codes in the app were abused to plunder customer accounts.
Detecting Quishing Attacks Quishing attacks are difficult to detect because the QR code content remains hidden until scanned. Be careful of unexpected QR codes, missing context, suspicious senders, or urgent requests.
How to protect yourself against quishing To protect yourself, you should check the QR code source, use secure QR scanners, pre-check destination URLs, be careful with personal data and enable two-factor authentication. Regular security training helps you stay up to date.
コメント