Email attacks using QR codes increased significantly in the last quarter of 2023. Researchers are concerned because quishing attacks are increasingly able to bypass email security solutions or spam filters.
Researchers at Abnormal Security found in a study that quishing attacks involving malicious QR codes sent in emails increased substantially in the last quarter of 2023. This type of attack is said to have increased by a factor of 42.
These types of attacks mainly targeted C-level executives. More often than on regular employees. Other executives say they faced five times as many quishing attacks in Q3 2023. More specifically, nearly 90 percent of the number of detected quishing attacks focused on stealing login credentials. Extracting MFA data was particularly popular.
Concerns about circumvention
The researchers are concerned that quishing attacks are increasingly able to bypass email security solutions or spam filters. In particular, attacks targeting Microsoft 365 and DocuSign are said to increasingly end up in inboxes rather than spam boxes. Abnormal Security, therefore, calls for employees to be alert to the existence of this particular phishing method and train them on it.
Decrease in quishing attacks
However, researchers at Hoxhunt see the problem of quishing as less urgent. According to these researchers , the number of QR code phishing emails has been declining since the month of October 2023. Previously, this form of phishing would have accounted for 22 percent of email attacks.
The reason for the decline in the number of quishing attacks is that spam filters are just now intercepting these types of malicious emails with increasing frequency, according to the study.
Also read: New form of phishing: What is quishing and why is it dangerous?
1 day ago
