MADRID, Oct. 28 (Portaltic/EP) –
A group of cybersecurity experts has observed a 587 percent growth in ‘phishing’ attacks through QR code scanningwhich can lead to pages for obtaining credentials to later use them for different purposes, such as data theft.
Phishing scams through QR codes, also known as ‘quishing’, They use these codes to share a malicious link without the user realizing it. Thus, it is a technique that goes accompanied by social engineering for impersonate the identity of companies or public organizations.
In this sense, a group of researchers from the Check Point Research group, belonging to the cybersecurity systems provider company Check Point, has warned of the danger of quishing attacks, that have grown by 587 percent between August and September.
On a daily basis, users use QR codes for various actions, from viewing menu options at a restaurant to signing up for activities or accessing a service.
In fact, according to the study ‘Mobile & Smart Connectivity’, prepared by the communication association IAB Spain in 2021, more than 82.2 percent of users surveyed in Spain They stated that they had used on occasion QR codes. Faced with this, only 2 percent indicated that they did not know what these codes were.
That is, the majority of Spanish citizens use QR codes and, therefore, they are susceptible to a ‘quishing’ attack.
In this sense, as the Check Point researchers have explained, although At first glance, QR codes seem like a “harmless” system, It is a “excellent way to hide malicious intentions”, since they are used by cybercriminals to hide a fraudulent link.
An example of these attacks, as Check Point has shown in a statement, is the sending QR codes via emails. Specifically, in the attack shared by the researchers, an ’email’ is used as a decoy informing that Microsoft’s multi-factor authentication (MFA) is about to expire and encouraging the user to re-authenticate.
In this case, malicious actors introduce a QR code in the email with a fraudulent link that leads to a credential collection page. Once the user has scanned said QR code, a window opens imitation page to legitimate Microsoft credentials page and, although its appearance is similar, it actually serves credential theft.
According to cybersecurity experts, it is “very easy” to create a QR code, since they exist multitude of free pages which are usually generated automatically. This way, cybercriminals can include any malicious link. Likewise, in the example shown, it should also be noted that, although the subject indicates that it is Microsoft, the sender address is different.
HOW TO PROTECT YOURSELF FROM ‘QUISHING’
With all this, Check Point has shared some recommendations to combat ‘quishing’. One of them is implement a security system in the email that use optical character recognition (OCR) to identify all possible attacks.
Additionally, users can apply a system that uses artificial intelligencemachine learning and natural language processing, to understand the intent of messages and detect when ’email’ may “use phishing language.”
As explained by technical director of Check Point Software for Spain and Portugal, Eusebio Nievathe methods that researchers have used to discover this type of attacks are based on using the QR code analyzer for your OCR engine.
In this way, it is achieved identify the code and retrieve the URL without opening itsince the OCR engine convert QR code image to text. After that, the URL is analyzed to verify if it is an illegitimate website using NLP, which is capable of Identify suspicious language and flag it as ‘phishing’.
“Cybercriminals are always trying new tactics and sometimes reviving old methods. Sometimes they appropriate legitimate elements such as QR codes”, Nieva has stated, while detailing that the existence of a QR code in the body of the email message “is an indicator of an attack.”
