Phishing is an approach cyber criminals use to gain access to your data and accounts. The most prominent type of phishing is email phishing followed by SMS phishing (smishing) and voice phishing (vishing).

While these types of phishing are still rampant, a new type of phishing has surfaced, QR code phishing. Even those who are well-educated in phishing can be fooled by QR code phishing. Commonly hiding in plain sight, this tactic allows a cybercriminals access to your data, account logins, and more within seconds.

What is QR Code Phishing?

QR code phishing (or quishing) refers to an attempt by a cybercriminal to breach your data using a QR code. A QR code is a series of dot-based images structured to link to a website when scanned. QR codes are everywhere, restaurant menus, business cards, print advertisement, etc.

QR codes are a useful way to offer quick access to websites, videos, or apps. Unfortunately, because there is no way to inspect the link before visiting, it can be hard to tell if the QR is legitimate. This is why it is important to make sure you can recognize the different types of QR phishing.

Types of QR Phishing

QR phishing can come in various formats and each one can cause a significant loss. Let’s take a look at the different types of QR phishing.

Quishing (QR Phishing)

Quishing is the act of using email to scam users and steal credentials. The cybercriminal can spoof an email address that looks like a reputable company and ask you to scan the code to check a voicemail, change your password, or send money. Once you enter your information, the cybercriminal can change your passwords, steal data, and lock you out of your accounts.

Drive by QR Phishing

Drive by QR code phishing is an email with directions to scan a QR code containing malware infection. When the QR code is scanned and the infected website is visited, a trojan will be deployed and the cybercriminal will be able to steal any information stored on or accessed by the device.

Fake QR Code Stickers

QR codes can be replaced anywhere. If you’re in a public space, be wary of scanning QR codes. Cybercriminals can replace the QR codes of companies that will link to infected websites. Always stay vigilant when you interact with QR codes, especially when in public gathering spaces.

How Can I Avoid Quishing?

The best way to avoid QR phishing is staying aware. Keeping vigilant of the different kinds of QR phishing as well as where they can be found will go a long way in protecting your devices. Additionally, using a DNS filter can help block malicious URLs. DNS filters use a database of known malicious links and add them to a block list. Furthermore, ensuring you have phishing protection on your email can keep 99.9% of phishing attempts out of your inbox, better protecting your data and accounts.

If you need more information about phishing and how to protect your business from targeted attacks, give us a call at 512-869-1155 or book an 15-minute discovery call here.