Most organizations have security controls in place to inspect URLs in emails to prevent the risk of credential phishing and business email compromise (BEC) attacks. However, threat adversaries have pivoted their tactics to bypass security stacks. And clicking these types of attacks often leads to account takeover. In fact, data from Fortra’s PhishLabs in Q2 2023 reported more than three-quarters of credential theft attacks stemming from a link pointing victims to malicious websites.
Recently, the QR code has become the carrier of choice for delivering these types of payloads via email. “It represents a risk that can bypass existing security controls. Therefore, the protection relies on the recipient fully understanding the threat and not taking the bait,” Fortra’s Lead Solutions Engineer, Dr. Steve Jeffery, said. As a result, quishing is currently high on the agenda for many organizations to tackle.
Excerpt: “Quishing is merely an extension of these phishing attacks. Instead of a hyperlink to a fraudulent or malicious website, the attacker uses a QR code to deliver the URL. Since most email security systems are not reading the contents of the QR codes, it is difficult to prevent the ingress of these messages, hence the rise in the prevalence of this type of attack,” says Dr. Jeffery.
Originally published in TechNewsWorld. Read the full article here.