Published:
03 October 2023
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2023.0180 Quishing attacks 3 October 2023 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Quishing attacks Resolution: Mitigation OVERVIEW AusCERT has recently observed a surge in incidents of "quishing" and aims to proactively inform its members regarding this emerging threat. Quishing, also known as QR Code phishing is a type of cyber attack which involves tricking someone into scanning a QR code using a mobile device. These QR codes are designed to mislead users by appearing legitimate, often resembling QR codes found on product packaging, promotional materials, or even in public spaces. Upon scanning, the malicious QR code has the potential to redirect users to fraudulent websites, thereby exposing them to risks such as identity theft, financial fraud, or the installation of malware on their devices. The distribution of malicious QR codes can take place through various channels including email, social media, or even physical flyers. During the previous week, AusCERT conducted analysis of email samples submitted by its member organisations. The findings revealed that email recipients were being prompted to scan a QR code, and the majority of these emails falsely claimed to originate from a manager within the respective organisation. AusCERT observed that the QR code embedded within the email contained a URL leading to a deceptive website, impersonating reputable brands or organisations such as Microsoft. This fraudulent site then prompted the recipient to provide their credentials. MITIGATION To avoid falling victim to QR code phishing, here are some recommended precautions: 1. Be cautious of the source: Only scan QR codes from trusted and reputable sources. Avoid scanning codes from unknown or suspicious sources, especially if received through unsolicited messages or emails. 2. Preview the URL behind the QR Code: To reduce risk, utilize a QR scanning tool that provides a preview of the URL contained within the QR Code. Options available include: - Inbuilt camera of an iPhone previews the domain that is encoded in the QR Code. - You can also use a Free QR Code Scanner to read the content of a QR code (Note: Please make sure to check privacy policies first). DNS Checker (https://dnschecker.org/qr-code-scanner.php) is one of the free tools that is available online. 3. Use a QR code scanner with built-in security features: Opt for a reliable QR code scanner app that includes security features, such as URL scanning or warning notifications for potentially harmful websites (Ex: QR Scanner-Safe QR Code Reader (https://play.google.com/store/apps/details?id=com.trendmicro.qrscan)) 4. Keep your devices updated: Regularly update your smartphone or other scanning devices with the latest security patches and firmware updates. This helps protect against known vulnerabilities that attackers may exploit. 5. Be cautious of personal information requests: If a scanned QR code prompts you to provide personal information, such as login credentials or financial details, exercise caution. Legitimate sources typically do not request sensitive information through QR codes. Additionally, organisations are encouraged to promote awareness and educate their staff about the risks associated with QR code phishing and implement security measures to mitigate these threats. By staying informed and taking proactive steps, we can help minimise the impact of QR code phishing attacks. More information: https://techwireasia.com/2023/08/quishing-attacks-on-the-rise/ https://www.malwarebytes.com/blog/news/2023/08/qr-codes-deployed-in-targeted-phishing-campaigns https://www.microsoft.com/en-us/microsoft-365-life-hacks/privacy-and-safety/five-common-qr-code-scams REFERENCES [1] Quishing attacks https://auscert.org.au/blogs/quishing-attacks/ AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBZRvHbckNZI30y1K9AQjoKQ//Vg4z5ENR8opgx9tsgwVmRPrs8Jc4xoo6 V2WBljbtovO7e1/eKzDQMTbrWumSu55DCnXTFRG5Etcurd+PACAG+hXybnlz45UQ QNWjz6lVV1pJcqwMAY+c4nl99ltGGONlwPtmXzGbFv4aiIxd2MlDn9F+vX/TKIrX GCJHyEt07Pk4a0bLkSIc7snMKtt5+gWsdylwJsleIcyNx3EC9jJGj3ZmqWt00MKD 151ugBSi7K8uJb+RGdWXw+7nMD9v9IvIjQ1/V7iOXObRcLZhd/43ToIobCYS3BQO Wpmgg/wDFE52o4HDHO+djnugl3wXKXkZR1CfI5uG+0Lpo7TqNtcRRlSGtsg++skb Ivp+WXJAivH2lGhRNwidbaWa0ME8Jwkl4hFm0e/d8W5blgxuYY3f3kF8qwTtJ318 0WWHH6YiPcLFWWZhDEYJQ/cK8Sq/b8r5Rcw+5sjfgbj6mOk/GJ6zAsYri0mOpZb+ tDZVrhFzTyiQzsqgbm6F3Whq5+iJhUic3l1UcZBtlqv32rq/OqvsyHHBKviAX40z qa1jEpwz+BqKxFsGS+mxhojhTsLx243RRTDqtDDewpFOoGdpJO+IoPcEIWm7xWwW RTyVCSadXasQU9b71xe58sKpNDRo28r9BW6CPzHOPPrhGjuPfgYnVSdkaW0cH7tp +cByNNuJYsY= =LKid -----END PGP SIGNATURE-----