I have one more thing. This one more thing isn’t new, but it has been given a name. The one more thing is called quishing (qishing). Yup, quishing. Now, what exactly is quishing? Quishing is QR Code phishing. This is malicious QR codes that usually is used to download malware to devices or bring the end user to a fake website to steal credentials. Sophos provides an example of qishing used in a PDF document.
Phishing, SMSishing, Vishing
Most of us are familiar with these types of cyber attacks. We have written about them multiple times. Phishing, SMSishing, and vishing regularly trick people into exposing confidential information. With the advancement of AI, these attacks will become more complex than ever. Check out a previous entry on this very topic!
The quishing thing
Quishing attacks are just as dangerous and possibly easier to fall victim to than the typical phishing attack. Phishing emails allow the user to read and analyze whether an email is suspicious. These QR codes may have some explanation encouraging someone to scan the image, but not always. And this is what can make them easier to fall for.
In the case of most quishing attacks against small businesses, these will most likely come via email. An employee may receive an email, possibly spoofed as a trusted vendor or business partner, and the email itself or maybe an attachment contains a QR code.
Actions to take
As with similar social engineering attacks, one of the best defenses against quishing is awareness. Ensuring employees of the small business are aware of these attacks, trained on how to identify them, and what to do if they receive a quishing attack will help protect the small business.
Subscribe to our monthly email newsletter to keep your small business up-to-date on all the latest cybersecurity news! For more information on home network security and other cybersecurity topics check out Small Business, Big Threat!