Representational image 
Xplore

All you need to know about Quishing attacks

According to a new report by cybersecurity firm Check Point, hackers are using a new technique called Conditional QR code Routing Attacks.

Express News Service

BENGALURU: It seems scamsters are working overtime to find newer ways to con people of their hard-earned money. The latest in town is QR Code phishing or Quishing. According to reports, the number of UPI frauds doubled from 15,000 cases in 2022 to 30,000 in 2023.

Experts attribute the proliferation of phishing scams to the widespread use of mobile phones and the adoption of digital payment systems without a good grasp of cybersecurity best practices. Sundar Balasubramanian, Check Point Software Technologies’ managing director for India and SAARC, says hackers are constantly finding new ways to deploy QR codes in phishing campaigns.

According to a new report by cybersecurity firm Check Point, hackers are using a new technique called Conditional QR Code Routing Attacks, where the targeted person is tricked into scanning a QR code embedded with a URL. It redirects to the credential harvesting page, which results in the installation of a malware that steals sensitive information such as bank account details.

Add TNIE As A Trusted Source

According to researchers, hackers use custom templates specific to each organisation, making every attack unique to the company and individual. The attack tries to pose as an authentication update. It notes that account authentication will quickly expire and that to avoid it, one needs to re-authenticate the account. Check Point says the formula is the same — add company logo, add victim name, and implore them to update their authentication before incurring issues with their email.

Techniques

Balasubramanian says this is a particularly tricky and clever attack. It’s incredibly personalised and targeted, by providing the legitimate company logo and using the correct name and user name. By changing dynamically depending on the target, this attack is scalable, as well. It plays on urgency. By suggesting that email access will be altered, users might be inclined to act quickly. Since one has to scan the QR code on the phone, it also opens the door for a compromise on that device. This is a crafty attack that has the potential to cause serious damage, he says.

Guidance and recommendations

* To guard against these attacks, security professionals can do the following

* Implement security that automatically decodes QR codes embedded in emails and analyse the URLs for malicious content

* Utilise security that rewrites the embedded QR code in the email body and replace it with a safe, re-written link

* Implement security that utilises advanced AI to look at multiple indicators of phishing

* As always, if it is urgent or feels out of ordinary, don’t scan the code QR Code

Follow The New Indian Express channel on WhatsApp 

Download the TNIE app to stay with us and follow the latest

Also Read

Ajit Pawar's tragic air crash and the lessons it teaches us

NCP minister pitches for Ajit Pawar’s wife Sunetra as Deputy CM amid talks to merge both factions of party

'We have to evolve': Economic Survey promises a brand-new beginning for India

Trump says Putin agreed not to target Kyiv for one week during brutal cold spell

SIR: SC directs ECI to display names of voters who faces deletion over 'logical discrepancies'

SCROLL FOR NEXT