Quishing trends take off as smartphone users increasingly scammed by QR code scans

Quishing - QR code scam alert

A new report suggests that the number of attacks using quick response barcodes is up 587 percent.

Quishing, that is, the practice of launching a cybersecurity attack by way of a QR code scan, is a trend that is rising much more rapidly than many smartphone users realize, placing them at risk of falling victim to one of these scams. According to a recent report, the rise in instances from August to September 2023 alone was a staggering 587 percent.

Researchers from Check Point’s Harmony Email team observed thousands of new attacks each month.

Jeremy Fuchs, a cybersecurity researcher and analyst at Check point, recently posted a blog on the company’s official site, describing the explosive quishing trend. He stated that QR codes are used by hackers to draw users who scan them and are redirected to a website that might look legitimate, but that is actually designed exclusively for harvesting credentials.

Quishing - Person using mobile - digital code

Recent data indicates that in Europe and the United Kingdom, over 86 percent of smartphone users have scanned at least one QR code at some point in their lives. Another 36 percent scan one of these barcodes at least weekly.

This helps to explain why cybercriminals would find quishing to be such an appealing scam vehicle.

QR codes have become a simple way to exploit smartphone users, as the barcodes may be easy for phones to read, but they are impossible for humans to read without scanning. Therefore, many users scan the barcodes and are redirected to a malicious website without knowing it’s happening.

Quishing, a form of phishing attack (hence the name), is only one of two primary ways that cybercriminals QR codes as a part of an attack. The other is called QRLJacking. That type of scam includes replacing a legitimate barcode with a fraudulent one, such as by placing a QR coded sticker leading to a scam site overtop of a real barcode.

In the QR code phishing attacks, unsuspecting device users scan a barcode and are tricked into downloading malware or accessing malicious websites. This has become highly profitable for criminals who use them, as these barcodes have become commonplace and people are used to scanning them to complete tasks such as accessing information, reading menus, or even paying bills.

Leave a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.