Security Spotlight: QR Code Phishing

What is a QR Code?

QR stands for “Quick response” and QR codes were designed by a Japanese company in the nineties to label car parts during the manufacturing process.

These are incredibly useful in situations where typing out a traditional web address would be time-consuming, such as if you wanted to include a web address on a physical poster. Because of this, many businesses, including the University, use QR codes frequently on physical media to direct you to a corresponding webpage.

QR code phishing attacks

QR code phishing is where an attacker includes a QR code in the body of an email instead of a link. This QR code will typically take you to a website where it tries to get you to enter in your account username and password, in an attempt to gain access to your account. This method takes advantage of weaker protection and detection methods on mobile devices and is harder for technology controls to counteract than a malicious link in an email.

This is a growing tactic that has been observed by other defenders within the industry and also within our sector. As always, please report any suspicious emails to the cyber security team, where we will perform an investigation and take any necessary actions against the malicious email.

You can also see our SurreyNet post regarding this here.


More reading:

https://darktrace.com/blog/phishing-with-qr-codes-how-darktrace-detected-and-blocked-the-bait

https://www.techtarget.com/searchsecurity/feature/Quishing-on-the-rise-How-to-prevent-QR-code-phishing

https://www.bleepingcomputer.com/news/security/major-us-energy-org-targeted-in-qr-code-phishing-attack/

https://securelist.com/qr-codes-in-phishing/110676/