Police Issue “Quishing” Email Warning

Police in Northern Ireland have warned organizations in the province to be on their guard after issuing a new Crime Prevention Notice on “quishing,” or phishing via QR code.

Originally published by the Police Service of Northern Ireland (PSNI) Cyber Crime Centre, the notice urges all local businesses to ensure staff cybersecurity awareness training is updated so employees can spot the threat.

QR phishing, or quishing, has a similar end goal to regular scam emails, which are designed to trick the victim into handing over their credentials/personal information or unwittingly installing malware.

The victim typically receives an unsolicited email, but this time containing a PDF or PNG image of a QR code. The example given in the notice is one branded with Microsoft Authenticator, although other brands may also be spoofed for similar effect.

This mode of operating helps the phishing email bypass traditional security filters and increases the chances of the recipient trusting the sender, according to the PSNI.

“The requirement to scan a QR code increases the likelihood of a recipient using a personal device outside of an organization’s web or anti-virus protection,” the notice continued. “As with other phishing campaigns, the recipient is taken to a URL which may be hosting malware or a credential harvesting ‘sign-in’ page.”

QR phishing is nothing new: researchers warned of a surge in threats during the pandemic as QR codes began to be used by healthcare providers and the hospitality sector.

One campaign in 2020 featured scam emails and text messages designed to trick users with the promise of a Covid vaccine.

In August this year a major quishing campaign was spotted targeting customers of companies in the energy, manufacturing, insurance, technology and financial services sectors.

Experts warned at the time that users are more likely to fall for QR code scams as they don’t contain the spelling and language errors which are a tell-tale sign of a phishing attack.

Police Issue “Quishing” Email Warning

Phil Muncaster

You may also like

Booking.com Customers Scammed in Novel Social Engineering Campaign

Social Media Phishing – The 2023 Cybersecurity Threat

Fifth of Brits Have Fallen Victim to Online Scammers

More Than Half of Black Friday Spam Emails Are Scams

NCSC: One Million Phishing Messages Reported in Two Months

What’s hot on Infosecurity Magazine?

Google Blocks 2.3 Million Apps From Play Store Listing

OpenAI's ChatGPT is Breaking GDPR, Says Noyb

New UK Smart Device Security Law Comes into Force

Security Leaders Braced for Daily AI-Driven Attacks by Year-End

Okta Warns Customers of Credential Stuffing Barrage

Judge0 Sandbox Vulnerabilities Expose Systems to Takeover Risk

Alarming Decline in Cybersecurity Job Postings in the US

North Korean Group Kimsuky Exploits DMARC and Web Beacons

Fifth of CISOs Admit Staff Leaked Data Via GenAI

Security Leaders Braced for Daily AI-Driven Attacks by Year-End

A Guide to Zero-Day Vulnerabilities and Exploits for the Uninitiated

Vulnerability Exploitation on the Rise as Attackers Ditch Phishing

How to Proactively Remediate Rising Web Application Threats

Learn from the NHS - Proactive Password Security for Improved Cybersecurity

How to Secure Remote Connectivity within Operational Technology Environments

How Interpol is Strengthening Regional and Global Defenses Against Cybercrime_

How to Optimize Third-Party Risk Management Programs Through NIST CSF 2.0

Is MFA Enough? Strategies for Next-Level Identity Security in 2024

Infosecurity Magazine Spring Online Summit 2024: Day One

Infosecurity Magazine Spring Online Summit 2024: Day Two

Russia’s Midnight Blizzard Accesses Microsoft Source Code

I-Soon GitHub Leak: What Cyber Experts Learned About Chinese Cyber Espionage

LockBit Takedown: What You Need to Know about Operation Cronos

Women in Cybersecurity at Infosecurity Europe 2024

Police Issue “Quishing” Email Warning

Written by

You may also like

What’s hot on Infosecurity Magazine?