New report shows 51% rise in QR code phishing for September

Image via Unsplash

As organizations increasingly use QR codes, it seems QR code phishing AKA "quishing" is also on the rise. According to a new study released by ReliaQuest, in September 2023 the company saw a 51% increase in quishing attacks, as compared to the cumulative figure for January through August 2023.

Other key report highlights

Analysis of customer incidents showed a 51% increase in quishing incidents in September 2023, compared to the cumulative figure for January through August 2023.
A sample of customer incidents revealed that the most popular quishing scenario in the past 12 months involved Microsoft two-factor authentication (2FA) resets or enablement, occurring in 56% of quishing emails in this data set. Targets were encouraged to enter their Microsoft email addresses and passwords.
Online banking pages represented the second-most popular mechanism (in 18% of all quishing attacks). Page visitors were encouraged to enter their personal banking credentials.
In 12% of the quishing incidents in the sample we investigated, the attacker hid the QR code in a PDF or JPEG file attached to the email. With a benign — or even blank — message body, threat actors reduce the chance that email filters will flag the message. Such filters typically rely on analyzing clickable elements.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.