Netcraft has releasee a new report, Quishing You a Happy Holiday Season, revealing QR Code phishing scams, looking at the threat from QR code-based phishing, why cybercriminals are adopting this technique, and how to detect and disrupt these attacks at scale.
From a cybercriminal’s perspective, there are several reasons to use QR codes for phishing, often dubbed quishing, including hiding URLs from users, bypassing security tools, and circumventing corporate controls.
Netctraft demonstrates the anatomy of a QR code scam with examples of phishing emails, including an email targeting Microsoft in which there’s a QR code, a phishing site designed to capture victims’ account credentials, and targeting DocuSign with a QR code that directs the victim to a malicious website.
You can read the report here.