By now, everyone has heard of phishing. If not, contact the Office of Cybersecurity immediately! We have introduced other forms of phishing that you should be aware of, like vishing (voice phishing – phone calls) and smishing (text messaging – SMS texting). The latest is quishing, the use of QR codes as phishbait. Learn more about these scams and what has been reported to Abuse this past week.
QR code phishing or quishing is a type of phishing attack that uses QR codes to lure victims into revealing sensitive information. Threat actors create a QR code that looks legitimate, such as one that appears to offer a discount or special offer, but in fact, it directs the victim to a fake website controlled by the attacker.
Once on the fake website, the victim is prompted to enter sensitive information such as login credentials or credit card information, which is then stolen by the attacker. Quishing attacks can be hard to spot, as the attackers create legitimate-looking websites and logos impersonating known brands. Delivery of these QR codes happens via email, social media, or even physical flyers.
Red flags to look for include:
- Check the destination site of the QR code: Check for mistakes and misspelled words, shoddy design, low-quality photos, and insecure URLs as indicators that you’ve landed on a bogus website. Sites that are “secure” will use HTTPS rather than HTTP and will have a padlock icon next to their URL
- Preview the URL before accessing the link: Before directing you to the intended page, your phone will tell you the destination of the QR code. Check the URL to see if it seems safe. If the URL is shortened or unreadable, be extra cautious
- Be cautious with QR codes in public places or in the mail: A public QR code or one you receive in the mail could have been added there by a threat actor or be easily altered. Avoid scanning these as much as possible to minimize the risk of infection
What should you do if you realize you scanned a fake QR code?
- Change your passwords and secure your online accounts: Make sure you use strong passwords for your accounts, and to add an extra layer of security, enable two-factor authentication (2FA)
- Disconnect from your Wi-Fi or cellular network: If you downloaded malware onto your device turn off any internet connection as soon as you realize the file might be corrupt. There is less of a risk that the malware may send your sensitive information to a hacker if there is no connection
- Backup your important files: If your device is compromised, threat actors may steal private information like images or papers, or they may even encrypt your drive and demand a ransom. To be extra cautious, make a backup of your files on an external disk
- Set up a fraud alert for your cards: If you entered your financial information, notify the credit bureaus as soon as possible. Fraud alerts and credit freezes make it more difficult for con artists to open credit cards or commit loan fraud
What has been reported to firstname.lastname@example.org this past week?
- [Ext] *** Beautiful Free Piano Gift *** – a couple of employees reported this supposedly from a coworker offering a free piano. However, the email address it came from was a @gmail.com account, with the return email address being another, non-UTHSC account. There were attachments with the email that were also suspicious.
- [Ext] Quote of the Day – this email was suspicious because it was delivered to someone at the University of Notre Dame without any UTHSC email address in the delivery field. While there were no links to click on or attachments, these types of emails are attempting to social engineer recipients to start a conversation that will later lead to possible identity theft.
- [Ext] Direct deposit change – this phish was an attempt to change someone’s banking information so they could control the deposit of their paycheck.
- [Ext] Bill INV-6724 from Hybrid News Ltd is due soon – this phish wanted the recipient to click on a link to review an invoice.
- [Ext] You received a new invoice (#45433) – just like above, this one wanted the recipient to click on a link.
- APPLY PART-TIME JOB OFFER(EARN WEEKLY) – this phish came from a compromised account from another UT campus, offering a too-good-to-be-true scam.
- [Ext] JOB OFFER – this phish had the red-flag of having it delivered to everyone on the UT system with the same last name.