The FBI has called on organizations to train employees to prevent phishing attacks via QR codes. A FLASH alert from the US intelligence service states that a North Korea-backed group is currently carrying out phishing attacks using QR codes.
These emails contain links to so-called questionnaires, secure drives, and Google login pages. In this type of QR phishing, or quishing, victims switch from their secure workstation to a smartphone; they receive the phishing email on their work computer but then scan the QR code with a smartphone.
When redirected to a specifically designed phishing page, targets first pass through redirectors that gather all kinds of information about the device. This includes, for example, user agents, operating systems, IP addresses, language settings, and screen sizes. This information is then used to display a phishing page that has been specially optimized for smartphones. This page bears many similarities to the login pages of Microsoft 365, Okta, or a VPN portal.
The FBI considers quishing to be a high-confidence, MFA-resilient identity intrusion vector. Among other things, organizations are advised to implement a multi-layered security strategy to counter the threat of phishing via QR codes. The intelligence service also calls on organizations to train staff to prevent such attacks.
Clickherefor the FBI's announcement.
