Growing Threat of QR Code Phishing: 'Quishing' Targets Users

QR codes are increasingly used in daily life, making them attractive to scammers. Google's Trust and Safety team has identified QR code phishing, or 'quishing', as a rapidly growing threat. This attack method exploits the inability of email security tools to inspect QR codes, which are treated as images. Scammers utilize dynamic QR codes that initially link to harmless sites, only to redirect to malicious pages after the email is delivered. Victims are often tricked into entering sensitive information, such as usernames and passwords, on fake login pages. This method is particularly effective in restaurant settings, where scammers intercept payment processes. Users are advised to avoid using QR codes for logging in or making payments. The threat is significant as it shifts attacks from computers to mobile devices, where security is weaker.

Key Points: • QR code phishing, termed 'quishing', is a rapidly growing cybersecurity threat. • Scammers use dynamic QR codes to redirect users to malicious sites after email delivery. • Users should avoid entering sensitive information via QR codes, especially for payments.