icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

“Quishing” - The Emerging Threat of Fake QR Codes

Summary:
Although QR codes have transformed digital interactions by providing quick access to websites, services, and adding a layer of security to applications, their ubiquity has made them a prime target for threat actors. In "quishing" attacks, fraudsters use fake QR codes to redirect users to counterfeit websites, enabling them to steal personal data, login credentials, or financial details. Cybersecurity experts have identified several quishing methods:
  1. QR codes in email attachments: Scammers embed fake QR codes in emails, invoices, and documents, tricking recipients into scanning them, which leads to data theft.
  2. Fraudulent printed QR codes: Scammers replace legitimate QR codes in places like movie theaters or restaurants, redirecting users to malicious sites.
  3. Social pressure tactics: During high-demand shopping seasons, QR codes may appear as part of "exclusive" deals, manipulating consumers into trusting fraudulent links.
More recently, a new version of quishing has been observed, dubbed “quishing 2.0.”Quishing 2.0 uses multiple layers to bypass security by combining fake sites with legitimate services. In this case, scammers are impersonating trusted sources, like banks, in emails with spoofed domains and fake QR codes, to trick recipients into scanning them. The link may first lead to trusted platforms like Me-QR, adding credibility before redirecting users to a fake login page or phishing site to steal credentials. Overall, these tactics make Quishing 2.0 harder to detect, highlighting the need for users to be vigilant when working with QR codes.

Security Officer Comments:
Threat actors have increasingly resorted to quishing as a means to bypass traditional security measures, as most antivirus software cannot scan QR codes, allowing malware to go undetected. In general, victims risk financial loss, as scanning a fake QR code can redirect them to a fraudulent payment page, transferring money to the scammer's account. Scammers can also steal personal and financial information to make unauthorized purchases or access accounts. Additionally, fake QR codes can trigger malware or ransomware downloads, enabling actors to compromise phones and corporate systems, exposing sensitive data, and leading to severe financial and legal consequences.

Suggested Corrections:
  • Verify authenticity by visually inspecting the URL associated with a QR code before scanning it.
  • Avoid QR transactions and use manual logins instead.
  • Report suspicious activity or phishing attempts immediately.
Link(s):
https://www.tripwire.com/state-of-security/quishing-emerging-threat-fake-qr-codes

Contact Us for Threat Assistance
Back to Current Threats