Fake QR codes pose a growing threat to email security – BSI speaks of quishing.
Cybersecurity provider Hornetsecurity launches QR Code Analyzer, a tool that helps companies respond to the increasing number of fake QR codes. Research by Hornetsecurity Labs has shown that cyber criminals are increasingly using QR codes in emails to obtain confidential data. The QR Code Analyzer determines whether QR codes point to malicious websites and finds hidden QR codes that are embedded in images, for example.
BSI warns against quishing
Last year, the German Federal Office for Information Security (BSI) warned against quishing, i.e. phishing with QR codes. This could be used to circumvent some IT security solutions, as they scan attachments and URLs to filter out phishing mails. As a QR code is perceived as a harmless image file, it overcomes the protective measures. The mails claim that there is an urgent problem and that you have to scan the QR code to solve it. The QR code then leads to fake websites.