Quishing: The Cybersecurity Dangers of the QR Code
Have you heard of the new term, quishing? During the pandemic, we all saw a huge rise in the usage of QR codes. Suddenly, there was a QR code for everything and everywhere along with tags about social distancing. Granted, it made perfect sense and made things possible which otherwise wouldn’t have been due to social distancing. Restaurants used QR codes to make it possible to order food and drinks remotely. Transportation hubs like bus and train stations used it to publish schedules and businesses used the codes to make it virtually seamless to pay for anything electronically. It made life bearable during tough times when everyone was required to maintain social distancing.
The Quishing Threat
However, all this convenience came at a cost. The codes also opened new attack vectors for cybercriminals to exploit. We call this threat from QR codes quishing. QR codes, like other forms of technology, can be used for good and for bad. In the case of quishing, unsuspecting individuals can be tricked into scanning malicious QR codes linked to cyber-threats.
Risk Mitigation
How do we protect ourselves from this new threat? First, being aware that malicious QR codes are out there is the first step in mitigating the risk of a quishing exploit. When in doubt, don’t immediately scan the code. Stop, think, observe your surroundings, and take steps to investigate, validate and verify that the code is legitimate. This can be tough to do in many circumstances, but being aware of where codes may be safe may be the key. For example, would you randomly scan a code printed on a flyer and attached to a streetlight advertising a lost dog? Probably not! On the other hand, if you are a bus stop and the code has been printed on a official city transportation sign which is metallic and bolted onto a permanent structure? Probably safer. For more information, check out this great article about quishing published by ISACA last December.
Above all, the best defense against quishing is awareness. Always think, consider and be aware of what you are attempting to scan and what information is presented to you after scanning a QR code.
Contact 2Bware today for tips and advice about additional protection around quishing and the use of QR codes. We can help you evaluate how to best protect your business.