Phishing attacks, where malicious emails are used to trick users into downloading and/or executing malicious code, have long been an effective way to gain access to organizational networks.Cybercriminals are always looking for new techniques to carry out their crimes and this is why QR code phishing attacks are on the rise. According to Hoxhunt, 22% of phishing attacks in October 2023 used QR codes.
How does a QR code phishing email work?
Let's go through the different steps in the image below from the SoSafe team.
How to stay safe from QR code phishing emails?
Never scan a QR code in an email from an unknown sender.
Learn to recognize the signs of a phishing email – such as a sense of urgency, typos in the email and the sender's address.
When scanning a QR code, look at the link before going to the website and check that it takes you to the right place.
If the QR code takes you to a page that asks for your login credentials, don't enter them. Visit the company's website directly in your browser or call the company by phone if it's a legitimate issue like a purchase, delivery, or online account.
Be careful of QR codes in public. If a QR code looks abnormal, it's probably malicious.
Be careful of QR codes sent by social network messaging.
Follow cybersecurity best practices: use strong, unique passwords for all your online accounts and keep your devices and software up to date.
Opmerkingen