You’ve probably heard of phishing. And maybe even vishing, or voice phishing, which is the practice of using phone calls to try to entice potential victims to give up personal information. Then there’s smishing, which employs text messages for the same thing. And spear phishing involves doing research to design phishing lures that target a specific individual or group. All of these attacks are used by cyber criminals and other adversaries to target members of the UW community.
Well, here’s yet another term we wish none of us needed to know:
Quishing.
Quishing is QR code phishing. Adversaries use QR codes to try to direct potential victims to a fake website, where they are prompted to enter personal and other sensitive data, including login credentials or credit card information. The information is then harvested by the scammer. Quishing attacks may be difficult to spot because the scammers develop websites that look legitimate, often using logos impersonating known brands.
Learn more about quishing from Heimdal Security, see a fresh-caught quish on our Phishing Examples page (the QR code will bring you back here) and beware of any QR codes in email.
Resources
Heimdal Security – What is Quishing: QR Code Phishing
Bleeping Computer – Major U.S. energy org targeted in QR code phishing attack