Thursday , June 5 2025
Quishing

Quishing: New Phishing Attacks Tactics Rising

Researchers found a big phishing campaign that uses QR codes to trick people. QR code fraud or “quishing” is a type of phishing where hackers pretend to be a trustworthy source to trick people into giving sensitive information or downloading malware.

This trend is concerning and should not be ignored. It puts both individuals and organizations at high risk.

CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed

IBM has issued a security advisory for vulnerabilities in its QRadar Suite Software and Cloud Pak for Security platforms. These...
Read More
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed

ALERT
Thousands of IP addresses compromised nationwide: CIRT warn

As Bangladesh prepares for the extended Eid-ul-Adha holidays, the BGD e-GOV Computer Incident Response Team (CIRT) has issued an urgent...
Read More
ALERT  Thousands of IP addresses compromised nationwide: CIRT warn

New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries

In March 2025, the Threatfabric mobile Threat Intelligence team identified Crocodilus, a new Android banking Trojan designed for device takeover....
Read More
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries

Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks

Qualcomm has issued security patches for three zero-day vulnerabilities in the Adreno GPU driver, affecting many chipsets that are being...
Read More
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks

Critical RCE Flaw Patched in Roundcube Webmail

Roundcube Webmail has fixed a critical security flaw that could enable remote code execution after authentication. Disclosed by security researcher...
Read More
Critical RCE Flaw Patched in Roundcube Webmail

Hacker claim Leak of Deloitte Source Code & GitHub Credentials

A hacker known as "303" claim to breach the company's systems and leaked sensitive internal data on a dark web...
Read More
Hacker claim Leak of Deloitte Source Code & GitHub Credentials

CISA Issued Guidance for SIEM and SOAR Implementation

CISA and ACSC issued new guidance this week on how to procure, implement, and maintain SIEM and SOAR platforms. SIEM...
Read More
CISA Issued Guidance for SIEM and SOAR Implementation

Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora

The Qualys Threat Research Unit (TRU) found two local information-disclosure vulnerabilities in Apport and systemd-coredump. Both issues are race-condition vulnerabilities....
Read More
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora

Australia enacts mandatory ransomware payment reporting

New ransomware payment reporting rules take effect in Australia yesterday (May 30) for all organisations with an annual turnover of...
Read More
Australia enacts mandatory ransomware payment reporting

Why Govt Demands Foreign CCTV Firms to Submit Source Code?

Global makers of surveillance gear have clashed with Indian regulators in recent weeks over contentious new security rules that require...
Read More
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
Figure 1: Quishing Kill Chain

Interpol seized 16 shops that were a well-known phishing platform, a big win. But “phishing-as-a-service” platforms make it even easier to launch attacks.

The popularity of QR codes creates a perfect storm for phishing attacks. Trellix’s research provides important insights about the seriousness of the threat. More than 60,000 quishing samples were found in just one quarter. They used different tactics like postal phishing, spear phishing, and malware delivery to target users.

To understand how quishing works, let’s delve into the “Quishing Kill Chain”:

Attackers distribute malicious QR codes: These codes can be found anywhere.

Unsuspecting victims scan the codes: This action leads to harmful websites.

Attackers achieve their malicious goals: This could involve unauthorized access or causing additional harm.

The resurgence of QR codes has paved the way for quishing to flourish. Attackers abuse our trust in codes and our tendency to act quickly when in a hurry. This makes people and organizations vulnerable to advanced phishing tactics.

Figure 2: Quishing Heat Map

Trellix’s research reveals insightful details about recent quishing campaigns:

Postal quishing: Emails posing as FedEx and DHL exploit delivery concerns, redirecting recipients to counterfeit login pages.

Spear quishing: tricking employees with fake emails

File-share quishing: shady links disguised as legitimate documents.

Crypto wallet quishing: Stealing crypto wallet phrases and private keys from impersonated Coinbase and Binance.

To prevent falling victim to quishing, here are some essential tips:

Only scan QR codes from trusted sources: Verify the legitimacy of any code before scanning.

Check if the QR code is from a trustworthy source like an email, website, or location.

Do not provide personal information after scanning a QR code.

Invest in email security and anti-malware software to protect your devices.

Stay informed and keep up-to-date about the latest phishing tactics. Make sure to educate others about the tactic known as “quishing”.

Check Also

Spain

All major mobile networks go down across Spain

A nationwide phone network has gone down in Spain, shortly after blackouts caused chaos and …

Leave a Reply

Your email address will not be published. Required fields are marked *