9621 Agnes Crossing, Lake Suzanneview, New Mexico Island 84604-9295.
Be careful with PDF documents that you receive via email, especially if they contain QR codes. Barracuda is seeing a noticeable increase in QR code phishing attacks. Barracuda
Be careful with PDF documents that you receive via email, especially if they contain QR codes. Barracuda is seeing a noticeable increase in QR code phishing attacks.
Barracuda researchers have discovered a striking trend in phishing attacks using QR codes. Between June and September 2024, more than half a million emails were discovered containing PDF attachments with integrated QR codes. This technique, also known as “quishing,” differs from previous attacks in which QR codes were embedded directly into the email body.
Attackers send simple-looking PDF documents, often only one or two pages long, as attachments in phishing emails. These documents only contain a QR code, with no other suspicious links or embedded files. The aim is to trick users into scanning the QR code with their mobile phone, which will redirect them to a phishing website aimed at stealing their login credentials.
According to the researchers, more than half of cases (51%) imitate Microsoft, followed by companies like DocuSign (31%) and Adobe (15%). Sometimes criminals impersonate the human resources department of the victim’s company. The attacks target various sectors such as finance, healthcare and education, where sensitive data is processed.
This method poses a major challenge to traditional email security systems because it eliminates the need to scan direct links or suspicious files. Additionally, employees often scan the QR codes using a personal device that is less secure than the company network. This bypasses existing security measures and makes it more difficult to track or block attacks.
Adam Khan, VP of Global Security Operations at Barracuda, advises companies to implement layered email security powered by advanced AI technology. These systems should not only analyze links and attachments, but also look for possible identity theft attempts within these attachments. Additionally, he emphasizes the importance of raising user awareness of the risks of scanning unknown QR codes and properly configuring email filters and multi-factor authentication.
These results highlight the importance of continually evaluating and strengthening security strategies to stay ahead of new phishing tactics.
Source: IT Daily
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
