After Phishing, Smishing, and Vishing, Quishing is the emerging threat where attackers use QR codes embedded in PDF email attachments to steal corporate credentials from mobile devices.
This method combines QR codes and phishing, making it harder for traditional security measures to detect.
Here’s how it typically works:
-
Email Attachment: Attackers send a PDF with a QR code as an email attachment, often disguised as a legitimate document.
-
QR Code Scan: The recipient scans the QR code with their mobile device, which directs them to a phishing site.
-
Credential Theft: The phishing site mimics a legitimate login page, tricking the user into entering their credentials, which are then stolen by the attackers.
To protect against quishing:
-
Be cautious with QR codes in emails, especially from unknown senders.
-
Verify the source of the email before scanning any QR code.
- Use security software that can detect and block malicious QR codes.
Stay vigilant and always double-check before scanning QR codes from emails!