Nowadays, QR codes have become a popular tool that helps users quickly access online information. However, not everyone is aware that QR codes are being exploited by cybercriminals to carry out sophisticated phishing attacks. According to a report from security experts at Sophos, this form of attack, known as "quishing," is on the rise and poses a direct threat to users' personal information security.
Sophisticated and dangerous QR code attacks
Quishing is a phishing attack method that uses QR codes. Attackers send emails containing malicious QR codes to victims. When scanned, users are redirected to a fake website, where their login information, and even multi-factor authentication (MFA) codes, can be stolen.
A Sophos employee shared that he had become a victim of a quishing scam. He received an email from an unfamiliar account containing a QR code. The email appeared trustworthy, so out of curiosity, he scanned the QR code and was led to a fake Microsoft 365 login page. Immediately, all his login credentials, account details, and even MFA codes were stolen.
Some advice from technology experts
Experts recommend that users:
- Be cautious when scanning QR codes,especially those in emails or messages from unknown senders. Always carefully check the URL before logging into any website.
- Businesses should raise employee awarenessabout quishing attacks.
- Implement appropriate security measuresto protect organizational information.
- Two-factor authentication with the physical security key Yubikey: This robust hardware authentication device from Sweden, developed by Yubicoand officially distributed by HPT Vietnam, effectively protects users from phishing and quishing attacks. YubiKey ensures that only those who possess the device can log into your account, safeguarding it from cyberattacks.
