Quishing is a type of phishing attack that uses QR codes to trick people into visiting a malicious website or downloading a virus-filled document. With the option to host a variety of sources, such as links, documents, and payment portals, QR codes can be manipulated to hold malicious links, documents containing viruses, and false payment portals.
This type of phishing attack begins with a cybercriminal creating QR codes that lead to either a fake login page, where they collect the credentials of their victims, or to a downloadable virus or malware, which begins downloading immediately after the code is scanned. These codes can then be planted into emails as images or within attachments, but they can also be displayed in public places where victims are likely to scan them.
After scanning the QR code, victims are asked to provide sensitive information like login credentials or bank details or to download malicious software or apps – the download can also happen automatically right after scanning the code, further infecting their device.
