A group of cybersecurity experts noted a 587 percent growth in “phishing” attacks through scanning quick response (QR) codes, which can lead to pages obtaining credentials to later use for various purposes, such as data theft.
QR code phishing, also known as quishing, uses these codes to share a malicious link without the user realizing it. Therefore, it is a technique accompanied by social engineering to impersonate companies or public institutions.
In this sense, a group of researchers from Check Point Research Group, a subsidiary of Check Point that provides cybersecurity systems, warned of the risk of “suppression” attacks that grew by 587 percent between August and September.
On a daily basis, users use QR codes for various actions, from viewing menu options at a restaurant to signing up for activities or accessing a service.
In fact, according to the “Mobile and Smart Connectivity” study, prepared by the communications association IAB Spain in 2021, more than 82.2 percent of users surveyed in Spain stated that they had used QR codes on some occasions. In response to this, only 2% indicated that they did not know what these symbols were.
This means that the majority of Spanish citizens use QR codes and are therefore vulnerable to suffering a “smash” attack.
In this sense, as Check Point researchers explained, although QR codes seem at first glance to be a “harmless” system, they are “an excellent way to hide malicious intent,” as they are used by cybercriminals to hide a fraudulent link.
An example of such attacks, as Check Point explained in a statement, is sending QR codes via emails. Specifically, in the attack shared by researchers, “email” is used as bait to communicate that Microsoft Multi-Factor Authentication (MFA) is about to expire and encourage the user to re-authenticate.
In this case, malicious actors insert a QR code into the email using a fraudulent link that leads to a credential collection page. Once the user scans said QR code, a page is opened that mimics a legitimate Microsoft credentials page, and although it looks similar, it actually serves to steal credentials.
According to cybersecurity experts, it is very easy to generate a QR code, as there are many free pages that usually generate it automatically. This way, cybercriminals can embed any malicious link. Likewise, in the example shown, it’s also worth noting that even though the subject says it’s Microsoft, the sender address is different.
How to protect yourself from “expulsion”
With all this said, Check Point shared some recommendations to combat “oppression.” One of them is to implement an email security system that uses Optical Character Recognition (OCR) to identify all possible attacks.
Likewise, users can implement a system that uses artificial intelligence, machine learning, and natural language processing, to understand the intent of messages and detect when an email might use phishing language.
As Check Point Software’s technical director for Spain and Portugal, Eusebio Neiva, explained, the methods the researchers used to detect this type of attack relied on the QR code analyzer’s use of its optical character recognition (OCR) engine.
This way, it is possible to recognize the code and retrieve the URL without opening it, as the OCR engine converts the QR code image into text. The URL is then analyzed to check if it is an illegitimate website using Neuro-Linguistic Programming (NLP), which is able to identify suspicious language and flag it as “phishing.”
“Cybercriminals are always trying new methods and sometimes bringing back old ones. Sometimes, they take over legitimate items like QR codes,” Neva said, explaining that the presence of a QR code in the body of an email “is an indicator that something is wrong.” attacks.”
“Proud web fanatic. Subtly charming twitter geek. Reader. Internet trailblazer. Music buff.”