Subj : Watch out - that QR code could just be a phishing scam To : All From : TechnologyDaily Date : Sat Oct 21 2023 12:15:06 Watch out - that QR code could just be a phishing scam Date: Sat, 21 Oct 2023 10:57:21 +0000 Description: Phishing emails now come with QR codes instead of links, meaning they could more easily bypass email protection tools. FULL STORY ====================================================================== The latest evolution of phishing emails includes QR codes as hackers look to maximize the potential of their campaigns. A new report from cybersecurity researchers SecurityHQ claims to have observed a significant increase of such quishing emails in these past couple of months. The premise is simple - the majority of todays email service providers are doing a relatively good job at filtering out emails with malicious URLs inside. However, theyre not doing as good of a job on the mobile platform, and they cant scan QR codes, making this a unique vulnerability for hackers to exploit. Quishing So, in practice, a victim would get a phishing email containing no links. Instead, right beside the call to action (or in the signature) will be a QR code in a .JPG or a .PNG file which can pass any email security tools. Even the victim wouldnt see the link, which is usually the best way to spot a phishing site. They would scan the QR code with their mobile phone, and would be redirected to a malicious landing page, where theyd either be enticed to download something (like malware), log in to a service (giving away their sensitive data to the attackers), or sign up for a service (yet again, giving away sensitive information). Given the prevalence of email in both private and business environments, and the low cost of sending out emails, phishing remains the number one attack vector for most threat actors. With phishing emails, which usually impersonate a popular brand, or a person of trust, the attackers try to create a sense of urgency and have the victim do something without taking a moment to think it through. That can be either a limited discount offer, a threat of account termination, or a parcel being returned soon. The usual goal of phishing is to have the victim grant the attackers access to their accounts or endpoints, either by downloading and running malware, or by sharing login credentials through phishing landing pages. More from TechRadar Pro Tackling malicious domains and typosquatting Here's a list of the best firewalls today These are the best malware removal tools around ====================================================================== Link to news story: https://www.techradar.com/pro/security/watch-out-that-qr-code-could-just-be-a- phishing-scam --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .