News on Medial

How to stay safe from cybercriminal "quishing" attacks

Techradar · 8m

Phishing attacks using QR codes, also known as "quishing," are gaining momentum as scammers aim to bypass multi-factor authentication (MFA). QR phishing takes advantage of users' trust and familiarity with QR codes, embedding malicious codes in seemingly legitimate emails. Scammers can then redirect users to phishing sites designed to steal business credentials and MFA tokens. The success of quishing lies in the less secure nature of mobile devices, difficulty in detecting malicious links behind QR codes, and effective social engineering techniques. Businesses need to implement stronger security measures, such as training employees to recognize these attacks, enforcing strict password policies, reducing MFA token expiration time, and implementing anomaly detection and extended detection and response (XDR) solutions for monitoring and rapid response.