Tuesday , June 24 2025
Quishing

Quishing: New Phishing Attacks Tactics Rising

Researchers found a big phishing campaign that uses QR codes to trick people. QR code fraud or “quishing” is a type of phishing where hackers pretend to be a trustworthy source to trick people into giving sensitive information or downloading malware.

This trend is concerning and should not be ignored. It puts both individuals and organizations at high risk.

WhatsApp banned on all US House of Representatives devices

The U.S. House of Representatives has banned congressional staff from using WhatsApp on government devices due to security concerns, as...
Read More
WhatsApp banned on all US House of Representatives devices

Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store

Kaspersky found a new mobile malware dubbed SparkKitty in Google Play and Apple App Store apps, targeting Android and iOS....
Read More
Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store

OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems

OWASP has released its AI Testing Guide, a framework to help organizations find and fix vulnerabilities specific to AI systems....
Read More
OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems

Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform

In a major milestone for the country’s digital infrastructure, Axentec PLC has officially launched Axentec Cloud, Bangladesh’s first Tier-4 cloud...
Read More
Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform

Hackers Bypass Gmail MFA With App-Specific Password Reuse

A hacking group reportedly linked to Russian government has been discovered using a new phishing method that bypasses two-factor authentication...
Read More
Hackers Bypass Gmail MFA With App-Specific Password Reuse

Russia detects first SuperCard malware attacks via NFC

Russian cybersecurity experts discovered the first local data theft attacks using a modified version of legitimate near field communication (NFC)...
Read More
Russia detects first SuperCard malware attacks via NFC

Income Property Investments exposes 170,000+ Individuals record

Cybersecurity researcher Jeremiah Fowler discovered an unsecured database with 170,360 records belonging to a real estate company. It contained personal...
Read More
Income Property Investments exposes 170,000+ Individuals record

ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs

GreyNoise found attempts to exploit CVE-2023-28771, a vulnerability in Zyxel's IKE affecting UDP port 500. The attack centers around CVE-2023-28771,...
Read More
ALERT (CVE: 2023-28771)  Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs

CISA Flags Active Exploits in Apple iOS and TP-Link Routers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included two high-risk vulnerabilities in its Known Exploited Vulnerabilities (KEV)...
Read More
CISA Flags Active Exploits in Apple iOS and TP-Link Routers

10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online

SafetyDetectives’ Cybersecurity Team discovered a public post on a clear web forum in which a threat actor claimed to have...
Read More
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
Figure 1: Quishing Kill Chain

Interpol seized 16 shops that were a well-known phishing platform, a big win. But “phishing-as-a-service” platforms make it even easier to launch attacks.

The popularity of QR codes creates a perfect storm for phishing attacks. Trellix’s research provides important insights about the seriousness of the threat. More than 60,000 quishing samples were found in just one quarter. They used different tactics like postal phishing, spear phishing, and malware delivery to target users.

To understand how quishing works, let’s delve into the “Quishing Kill Chain”:

Attackers distribute malicious QR codes: These codes can be found anywhere.

Unsuspecting victims scan the codes: This action leads to harmful websites.

Attackers achieve their malicious goals: This could involve unauthorized access or causing additional harm.

The resurgence of QR codes has paved the way for quishing to flourish. Attackers abuse our trust in codes and our tendency to act quickly when in a hurry. This makes people and organizations vulnerable to advanced phishing tactics.

Figure 2: Quishing Heat Map

Trellix’s research reveals insightful details about recent quishing campaigns:

Postal quishing: Emails posing as FedEx and DHL exploit delivery concerns, redirecting recipients to counterfeit login pages.

Spear quishing: tricking employees with fake emails

File-share quishing: shady links disguised as legitimate documents.

Crypto wallet quishing: Stealing crypto wallet phrases and private keys from impersonated Coinbase and Binance.

To prevent falling victim to quishing, here are some essential tips:

Only scan QR codes from trusted sources: Verify the legitimacy of any code before scanning.

Check if the QR code is from a trustworthy source like an email, website, or location.

Do not provide personal information after scanning a QR code.

Invest in email security and anti-malware software to protect your devices.

Stay informed and keep up-to-date about the latest phishing tactics. Make sure to educate others about the tactic known as “quishing”.

Check Also

New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries

In March 2025, the Threatfabric mobile Threat Intelligence team identified Crocodilus, a new Android banking …

Leave a Reply

Your email address will not be published. Required fields are marked *