Logix InfoSecurity > Blogs > Blog > Red Alert: Quishing Is Evolving 

Red Alert: Quishing Is Evolving 

The Evolution Of Quishing

Quishing—QR code phishing—is a rapidly evolving threat. Since its noticeable rise in recent times, there have been significant changes in the nature of QR code attacks. 

Initially, these attacks involved standard MFA authentication requests, then evolved into conditional routing and custom targeting. Now, we’re witnessing a new wave: the manipulation of QR codes. 

The New Threat: ASCII-Based QR Codes 

Harmony Email researchers have uncovered a novel campaign where QR codes are not embedded as images but created using HTML and ASCII characters. In late May, over 600 similar emails were identified by Harmony Email researchers. 

In the campaign emails, the QR code appears as follows: 

Image

For comparison, here is a standard QR code: 

Image 1

The difference is subtle yet crucial. The former is constructed with HTML and ASCII characters, a tactic designed to bypass OCR (Optical Character Recognition) engines. Here’s what the HTML for such a QR code looks like: 

Image 2

Threat actors use small HTML blocks to mimic a QR code. While it appears legitimate to users, OCR engines may fail to recognize it as a QR code. 

There are websites aiding threat actors in generating these ASCII-based QR codes, which can still contain malicious links. 

Another example of this technique is a re-authentication request email where the QR code, composed of ASCII characters, might be ignored by security systems, deeming the email safe. 

Techniques and Evolution 

QR code phishing has evolved rapidly. 

  1. MFA Verification Codes: Initially straightforward, these attacks prompted users to scan a code to reset MFA or access financial data. 
  1. Conditional Routing Attacks (QR Code Phishing 2.0): These links adapt based on user interaction, showing different content depending on the device used (e.g., Mac vs. Android). Custom campaigns dynamically populated logos and usernames. 
  1. QR Code 3.0 – Manipulation Campaigns: The latest evolution involves text-based representations of QR codes, making it harder for OCR systems to detect them. 

This rapid evolution illustrates the ongoing cat-and-mouse game in cybersecurity. As security vendors develop protections, hackers adjust their methods to bypass them. 

Best Practices: Guidance and Recommendations 

To guard against these sophisticated attacks, businesses should: 

  • Implement security measures that automatically decode QR codes embedded in emails and analyze the URLs for malicious content. 
  • Use security solutions that rewrite the embedded QR code in the email body, replacing it with a safe, rewritten link. 
  • Deploy advanced AI-based security that examines multiple indicators of phishing. 

An AI tool that combats advanced Quishing 

Check Point Harmony, with its AI-enabled capabilities, is at the forefront of detecting and mitigating QR code phishing scams. Harmony’s advanced security measures include automatic QR code decoding, URL analysis, and the ability to rewrite unsafe QR codes. By leveraging Harmony’s sophisticated AI, organizations can stay one step ahead in the ever-evolving landscape of QR code phishing. 

Stay protected with Check Point Harmony and ensure your security systems are equipped to handle the latest phishing threats. 

Continue to chat
Hello 👋
Let us know how we can help you!