QR codes are everywhere these days. Businesses use them on billboards, posters, and a variety of other places so we can quickly scan them with our phones to pay bills, check-in at airports, access a promotion, view a menu, and do a myriad of other things.
The secret to their rise is simple—they make doing all those things convenient. However, the convenience and widespread use of QR codes has opened the door to cybercriminals, who are frequently using QR codes in scams known as “Quishing”, or QR phishing.
If you aren’t familiar with QR codes, they look like a cross between a crossword puzzle and a barcode. Behind the blocky, black-and-white pattern is a URL, which takes those who scan it to a webpage. A recent study showed that just under half the respondents knew they could do this, and even fewer people, some 37%, understood that scanning a QR code could download an app. QR codes are powerful little chunks of data, and there is no way to distinguish between a malicious QR code and a legitimate one, especially since it isn’t the code itself that is the problem, it is the URL it leads to. Scammers, of course, are aware of this, a likely reason we have witnessed a rise in QR code phishing scams via email. Most email services and third-party applications have at least some ability to flag up malicious URLs, but scam QR codes are much more likely to evade detection.
Quishing is a form of phishing, which is an attack method used to steal sensitive information or put malware onto people’s devices. Phishing attacks typically involve an email or text message with a malicious but innocent-looking link. People click on it and are sent to a site that tricks them into sharing personal details, such as login credentials and credit card information. Indeed,91% of all cyber-attacks begin with phishing emails. Quishing is effectively a new tactic for scammers who know that people will be more easily fooled by a QR code than a standard URL and that QR codes can better pass standard email security filters.
The trend is certainly catching on with cybercriminals. Some studies have shown a rise of up to 587% in quishing attacks in recent years. There were cases of quishing going back several years, but there is clear evidence of a post-COVID 19 pandemic bounce in this type of cyberattack. Why? Because the codes themselves are being used more by legitimate businesses. QR codes have been around for many years, but they took on a higher profile during the pandemic’s need for a touchless society. Their usefulness has meant that they have stuck around, with scammers having spotted this new attack vector, upping the ante with large-scale quishing campaigns.
Back in the summer of 2023, we witnessed what has been deemed the first large-scale quishing campaign, an attack mainly targeting a large US energy company. Other reports found QR code scammers targeting business executives. But, sadly, it could be any of us at any time. We could receive a seemingly legitimate email from a fashion brand inviting us to scan the QR code to receive a discount, only to realize after the fact that the website was a malicious one. To prevent phishing attacks – of all kinds – security solutions are needed to meet ever-evolving challenges, and that’s why we have brought QR code scanning to the ZoneAlarm Mobile Security app.
ZoneAlarm Mobile Security app now comes with a Link and QR Code Scanner, offering secure QR code scanning and another robust layer of protection for your data – business, financial, and personal. As the name suggests, this new tool within the app allows you to quickly scan links and QR codes to let you know whether they are legitimate or unsafe. If the QR code is legitimate, you will receive a message telling you it is safe to proceed. If suspicious, the scanner will lay out the risk level and advise you not to proceed, at least without further investigation.
The scanner utilizes Check Point’s ThreatCloud AI, which is the brain behind ZoneAlarm’s security solutions, including ZoneAlarm Mobile Security. ThreatCloud AI uses over 90 AI and traditional engines to constantly analyze security threats against global data, making over two billion security checks and decisions per day.
In essence, ZoneAlarm’s Link and QR Code Scanner adds an extra safeguard for your devices and data, ensuring safety whenever you encounter a QR code. Given the prevalence of QR codes, it’s imperative you know you’re connecting to a safe site — yet the ability to distinguish between a legitimate site and a fake one can be nearly impossible. ZoneAlarm’s Link and QR Code Scanner eliminates the risk of scanning codes by determining if it is safe for you to continue. In addition, the app can quickly verify all URLs, offering reassurance before you click on any link.
Quishing is both a (relatively) new and growing threat, with cybercriminals finding new and innovative ways to make URLs look legitimate. ZoneAlarm’s Link and QR Code Scanner gets ahead of this growing trend. It is easy to use, fast, and effective, taking just a few seconds to give you the peace of mind that the QR code or link in question is safe to use. It is one of the many ZoneAlarm Mobile Security features that will help keep you and your device fully protected from phishing, malware, and other cybersecurity threats.
Want to secure your devices and data from cyber threats? Download ZoneAlarm