PSNI warns of 'quishing' emails circulating within NI
The latest cyber threat alert warns of dangers of 'quishing'
Over recent weeks, several local organisations have brought 'quishing' to the attention of the Police Service of Northern Ireland's Cyber Crime Centre.
'Quishing', also known as QR code phishing, involves tricking someone into scanning a QR code using a mobile device. The QR code then takes the user to a fraudulent website that might download malware or ask for sensitive information.
The graphic above shows a recent example seen in circulation here.
How 'quishing' works
According to the PSNI, these are the typical steps involved in 'quishing':
- Criminals send phishing emails containing a PDF or PNG image of a QR code. This can reduce the possibility of the email being classed as phishing.
- URL redirects from legitimate online providers increase the likelihood of a recipient trusting the link displayed.
- The requirement to scan a QR code increases the likelihood of a recipient using a personal device outside of an organisation's web or anti-virus protection.
- As with other phishing campaigns, the recipient is taken to a URL which may be hosting malware or a credential harvesting 'sign-in' page.
The PSNI is encouraging businesses and organisations to ensure staff are aware of what is a variation to the phishing email many may be familiar with.
As well as raising awareness among staff, you can also read our guidance to help protect your business against phishing. Further advice on safeguarding against phishing attacks is available from the National Cyber Security Centre.
Businesses can also report cyber crime to Action Fraud online or by phone 0300 123 2040.
First published 3 October 2023