quishing Piergiorgio Venuti

Quishing: the dangerous hybrid between phishing and QR code

Estimated reading time: 5 minutes

Introduction

The advent of digital technology has brought with it numerous opportunities, but also new threats to cybersecurity. Among these threats, phishing has gained notoriety as one of the most popular methods to obtain sensitive information from users. However, an evolution of this threat has emerged recently, called “quishing”. In this article, we will explore the concept of quishing in detail, comparing it to other forms of cyber attacks such as phishing, smishing and vishing, and analyzing its potential danger. Examples of quishing cases will also be presented and the possible malicious uses of this practice will be described.

What is quishing and how does it work?

Quishing, short for “QR code phishing”, is a sophisticated variant of phishing that uses QR codes to trick users into obtaining personal or financial information. While traditional phishing relies primarily on sending phishing emails, quishing uses malicious QR codes that can be present on flyers, posters, compromised websites or other forms of communication.

The functioning of quishing is based on user trust in the QR code. Users are tricked into acquiring the QR code through a deceptive action, for example through a false promotion or an apparent advantageous offer. Once the user scans the QR code with a QR code application, they are redirected to a counterfeit website that imitates a legitimate page. At this point, the user may be asked to enter their credentials, personal data or financial information, which will later be exploited by cyber criminals for malicious purposes.

Comparison between quishing, phishing, smishing and vishing

To fully understand the danger posed by quishing, it is helpful to compare it to other forms of similar cyber attacks, such as phishing, smishing, and vishing.

Phishing is a form of attack in which attackers send deceptive emails or text messages with the aim of tricking users into revealing personal or financial information. Quishing differs from traditional phishing in the use of QR codes, which adds an element of physical interaction and greater credibility to the attack.

Smishing, on the other hand, focuses on sending malicious text messages that attempt to scam users out of sensitive information. Although quishing could be considered a variant of smishing, the use of QR codes makes it a more sophisticated and difficult to recognize attack.

Finally, vishing is an attack that occurs through telephone calls, in which attackers pose as operators of financial institutions or other reliable organizations in order to obtain confidential information. Although vishing has a different attack mode than quishing, both exploit user trust and psychological manipulation to achieve their goals.

Among these forms of cyber attacks, quishing could be considered the most dangerous as it combines the psychological deception element of traditional phishing with the physical interaction provided by QR codes. This can lead to greater effectiveness in deceiving users and collecting sensitive information.

Examples of quishing cases

To better understand the scope of quishing, here are some examples of known cases of quishing attacks:

Case 1: Fake promotion of a clothing store

A user receives a flyer promoting a great discount at a popular clothing store. The flyer contains a QR code that promises to reveal further details about the offer. Unaware of the danger, the user scans the QR code with their smartphone, which redirects them to a counterfeit website that imitates the store’s official page. The website requires the user to enter their personal information, including credit card information, in order to obtain the discount. However, once the user provides such information, cyber criminals use it for fraudulent purposes, causing serious financial damage.

Case 2: Banking scam via QR code

A user receives an email apparently from their bank, stating that they need to update their account information for security reasons. The email contains a QR code that invites the user to scan to complete the update. Once the user scans the QR code, they are redirected to a counterfeit website that appears authentic. The site requires the user to enter their banking credentials, allowing criminals to gain access to the account and carry out financial fraud.

Case 3: Malicious QR codes on compromised websites

A user browses a legitimate website, but unfortunately compromised by hackers. While browsing the site, the user encounters a QR code that appears to be related to the content of the site. Curious, he scans the QR code with his smartphone, without realizing that it was inserted by the attacker. The QR code redirects him to a malicious web page that attempts to steal his personal or financial information.

Conclusions and precautions

Quishing represents a growing threat in the cybersecurity sphere. Cybercriminals exploit user trust and the widespread use of QR codes to trick people into obtaining sensitive information. To protect yourself from quishing, it is important to take some precautions:

  1. Verify the source: Before scanning a QR code, make sure you know the source it came from. Check the reliability of the issuer and look for any signs of forgery.
  2. Watch out for too-good-to-be-true offers: Be cautious about promotions and extraordinary offers, especially if they require the use of a QR code. Verify the authenticity of the offer through official channels before providing personal or financial information.
  3. Keep your software up to date: Make sure you keep your smartphone, operating system and applications up to date. Updates often include security patches that can protect you from known vulnerabilities used by attackers.
  4. Use reliable security solutions: Install antivirus and anti-malware applications on your mobile device to detect and block any threats.
  5. Education and awareness: Educate yourself and spread awareness about quishing and other forms of cyber attacks among friends, family and colleagues. Share tips and best practices to reduce the risk of falling victim to such attacks.

In conclusion, quishing represents a significant threat to cybersecurity. With the increased use of QR codes in everyday communication, it is crucial to be aware of the associated risks and take appropriate precautions to protect your personal and financial information.

Useful links:

Share


RSS

More Articles…

Categories …

Tags

RSS darkreading

RSS Full Disclosure

  • Stored XSS with Filter Bypass - blogenginev3.3.8 December 19, 2024
    Posted by Andrey Stoykov on Dec 18# Exploit Title: Stored XSS with Filter Bypass - blogenginev3.3.8 # Date: 12/2024 # Exploit Author: Andrey Stoykov # Version: 3.3.8 # Tested on: Ubuntu 22.04 # Blog: https://msecureltd.blogspot.com/2024/12/friday-fun-pentest-series-16-stored-xss.html Stored XSS Filter Bypass #1: Steps to Reproduce: 1. Login as admin and go to "Content" > "Posts" 2. On […]
  • [SYSS-2024-085]: Broadcom CA Client Automation - Improper Privilege Management (CWE-269) December 19, 2024
    Posted by Matthias Deeg via Fulldisclosure on Dec 18Advisory ID: SYSS-2024-085 Product: CA Client Automation (CA DSM) Manufacturer: Broadcom Affected Version(s): 14.5.0.15 Tested Version(s): 14.5.0.15 Vulnerability Type: Improper Privilege Management (CWE-269) Risk Level: High Solution Status: Fixed Manufacturer Notification: 2024-10-18 Solution Date: 2024-12-17 Public Disclosure:...
  • [KIS-2024-07] GFI Kerio Control <= 9.4.5 Multiple HTTP Response Splitting Vulnerabilities December 17, 2024
    Posted by Egidio Romano on Dec 16--------------------------------------------------------------------------- GFI Kerio Control
  • RansomLordNG - anti-ransomware exploit tool December 17, 2024
    Posted by malvuln on Dec 16This next generation version dumps process memory of the targeted Malware prior to termination The process memory dump file MalDump.dmp varies in size and can be 50 MB plus RansomLord now intercepts and terminates ransomware from 54 different threat groups Adding GPCode, DarkRace, Snocry, Hydra and Sage to the ever […]
  • APPLE-SA-12-11-2024-9 Safari 18.2 December 12, 2024
    Posted by Apple Product Security via Fulldisclosure on Dec 12APPLE-SA-12-11-2024-9 Safari 18.2 Safari 18.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121846. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Safari Available for: macOS Ventura and macOS Sonoma Impact: On a […]
  • APPLE-SA-12-11-2024-8 visionOS 2.2 December 12, 2024
    Posted by Apple Product Security via Fulldisclosure on Dec 12APPLE-SA-12-11-2024-8 visionOS 2.2 visionOS 2.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121845. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Crash Reporter Available for: Apple Vision Pro Impact: An app may […]
  • APPLE-SA-12-11-2024-7 tvOS 18.2 December 12, 2024
    Posted by Apple Product Security via Fulldisclosure on Dec 12APPLE-SA-12-11-2024-7 tvOS 18.2 tvOS 18.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121844. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleMobileFileIntegrity Available for: Apple TV HD and Apple TV 4K (all […]
  • APPLE-SA-12-11-2024-6 watchOS 11.2 December 12, 2024
    Posted by Apple Product Security via Fulldisclosure on Dec 12APPLE-SA-12-11-2024-6 watchOS 11.2 watchOS 11.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121843. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleMobileFileIntegrity Available for: Apple Watch Series 6 and later Impact: A […]
  • APPLE-SA-12-11-2024-5 macOS Ventura 13.7.2 December 12, 2024
    Posted by Apple Product Security via Fulldisclosure on Dec 12APPLE-SA-12-11-2024-5 macOS Ventura 13.7.2 macOS Ventura 13.7.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121842. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Apple Software Restore Available for: macOS Ventura Impact: An […]
  • APPLE-SA-12-11-2024-4 macOS Sonoma 14.7.2 December 12, 2024
    Posted by Apple Product Security via Fulldisclosure on Dec 12APPLE-SA-12-11-2024-4 macOS Sonoma 14.7.2 macOS Sonoma 14.7.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121840. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Apple Software Restore Available for: macOS Sonoma Impact: An […]

Customers

Newsletter

{subscription_form_1}