Threat prevention provider Perception Point has announced the release of new features in its email security offering to combat the rise of QR code phishing, commonly referred to as “quishing.” The company said its new detection engine provides a proactive approach to stopping malicious QR code campaigns at their source, preventing them from reaching the user’s inbox. Perception Point’s Advanced Email Security now employs an image recognition model that identifies and scans QR codes in near real-time, extracting links and following them to dynamically scan for phishing or malware delivery attempts, according to the vendor.

QR code phishing an increasing mobile security threat

QR code phishing is when fraudsters launch email campaigns using seemingly legitimate QR codes to embed malicious URLs that lead unsuspecting users to compromised websites containing malware or designed to harvest credentials. Emails typically impersonate well-known and trusted brands, and a key psychological element that drives the success of quishing attacks is the shifting of users from a computer screen onto a mobile device, where they are primed for additional actions. QR code phishing has surged significantly recently, partly driven by the re-emergence of QR codes during the COVID-19 pandemic.

Cofense recently observed a large amount of QR code phishing campaigns targeting the Microsoft credentials of users from a wide array of industries. Emails spoofed Microsoft security notifications that contained PNG or PDF attachments, asking users to scan a QR code to update or review their security settings. The average month-to-month growth percentage of the campaign is more than 270%, with the overall campaign increasing by more than 2,400% since May 2023, Cofense said. The most notable target, a major energy company based in the US, saw about 29% of the over 1,000 emails containing malicious QR codes, according to the firm.

Quishing prevention includes image recognition, anti-malware detection

Key features of Perception Point’s new quishing prevention include:

  • Real-time image recognition identifies and extracts all QR codes from an email body, images, and file attachments.
  • An anti-evasion algorithm follows and scans URLs embedded within QR codes, unpacking content into smaller units (files and URLs) to overcome evasion techniques and identify hidden malicious payloads.
  • AI detection models include two-step phishing, GenAI Decoder, brand spoofing recognition, domain lookalike, and URL lexical analysis.
  • Robust anti-malware detection with patented CPU-level technology deterministically blocks attacks at the exploit phase pre-malware release/execution.

“The threat landscape is constantly escalating, and with it, the tactics employed by threat actors. The rise of quishing is a testament to the ingenuity of cybercriminals and requires cybersecurity vendors to stay ahead of the curve,” said Peleg Cabra, senior product marketing manager at Perception Point.

Cybersecurity teams must be aware of QR code risks

QR code security threats are problematic due to the element of surprise among unsuspecting users. The main issue is that QR codes can initiate several actions on the user’s device, such as opening a website, adding a contact, or composing an email, but the user often has no idea what will happen when they scan the code. Normally, users can view the URL before clicking on it, but this isn’t always the case with QR codes.

Cybersecurity and IT teams need to be aware of the risks involved with QR codes, especially with the increasing use of mobile devices and apps across organizations. Enterprises should have an endpoint solution that gives them the ability to secure every device, along with device security such as mobile threat defense and exploit protection on all devices used to access corporate resources. Businesses should also include information about QR code threats and risks in their cybersecurity awareness training and communication.

This article first appeared in CSO Online, written by Michael Hill on September 7, 2023.