Thought I’d share this as it’s a relatively new attack vector.
The Cyber Security team would like to bring to your attention a new and emerging cyber threat that has recently surfaced, known as “Quishing” - phishing with QR codes -, a type of phishing attack that uses QR codes to deceive and trick individuals into divulging sensitive information.
QR codes are a type of barcode that can be read by mobile devices such as phones and tablets and are commonly used in marketing and advertising campaigns. However, cybercriminals are now exploiting this technology to spread malware and conduct phishing attacks, putting individuals and companies at risk of downloading harmful software or being redirected to fraudulent websites.
What do I need to do?
-
Be cautious when scanning QR codes. Below, you will find some best practices to follow when scanning QR codes:
-
Before scanning a QR code, make sure it comes from a trusted source. If you scan QR codes on posters, flyers or in public places, when possible, touch and feel the code to make sure that it has not been tampered with a sticker placed over the original code.
-
Some mobile apps offer QR code scanning with built-in security features that can detect malicious URLs. It is recommended to use these apps for an additional layer of protection.
-
If the QR code redirects you to a website, always check the website’s URL.
-
When scanning QR codes, always remain cautious of any requests for personal information or credentials.
-
Ensure that your mobile devices are updated with the latest security patches and antivirus software.