Alert: QR Code Phishing Attacks, Fri, 18 October

Alert: QR Code Phishing Attacks, Fri, 18 October

Friday, 18 October 23

What is happening:

IT Services are aware of a rise in QR Code Phishing Attacks “Quishing”. Quishing is a type of phishing attack that uses QR codes to deceive victims into visiting malicious websites or downloading harmful content. The term is a combination of "QR code" and "phishing."

How it works:

1. Creation of a malicious QR code: Attackers create a QR code that, when scanned, redirects the user to a malicious website or downloads malware onto their device.  

2. Distribution of the QR code: These malicious QR codes can be distributed through various channels, such as emails, text messages, or even physical materials such as fake codes placed on Parking Payment machines, Posters, etc.

3. Victim scanning the QR code: When a victim scans the malicious QR code, their device is immediately redirected to the harmful website or downloads the malware.  

How to protect yourself from quishing:

-Be cautious of unsolicited QR codes: Only scan QR codes from trusted sources.

-Verify the URL after scanning: Verify the webpage encoded in the QR code is legitimate. If concerned, enter a trusted URL rather than using the QR code.

-Keep your device software up-to-date: Regularly update your operating system and security software to protect against the latest threats

-Install Sophos supported devices: Sophos Intercept X (for staff) includes web protect features that blocks known fraudulent phishing websites.

By understanding quishing and taking precautions, you can significantly reduce your risk of falling victim to this type of attack 

Who will this affect:

All staff and students.