• About
  • Advertise
  • Careers
  • Contact Us
Saturday, June 21, 2025
  • Login
No Result
View All Result
NEWSLETTER
Tech | Business | Economy
  • News
  • Tech
    • DisruptiveTECH
    • ConsumerTech
    • How To
    • TechTAINMENT
  • Business
    • Telecoms
    • Mobility
    • Environment
    • Travel
    • StartUPs
      • Chidiverse
    • TE Insights
    • Security
  • Partners
  • Economy
    • Finance
    • Fintech
    • Digital Assets
    • Personal Finance
    • Insurance
  • Features
    • IndustryINFLUENCERS
    • Guest Writer
    • EventDIARY
    • Editorial
    • Appointment
  • TECHECONOMY TV
  • Apply
  • TBS
  • BusinesSENSE For SMEs
  • Chidiverse
  • News
  • Tech
    • DisruptiveTECH
    • ConsumerTech
    • How To
    • TechTAINMENT
  • Business
    • Telecoms
    • Mobility
    • Environment
    • Travel
    • StartUPs
      • Chidiverse
    • TE Insights
    • Security
  • Partners
  • Economy
    • Finance
    • Fintech
    • Digital Assets
    • Personal Finance
    • Insurance
  • Features
    • IndustryINFLUENCERS
    • Guest Writer
    • EventDIARY
    • Editorial
    • Appointment
  • TECHECONOMY TV
  • Apply
  • TBS
  • BusinesSENSE For SMEs
  • Chidiverse
No Result
View All Result
Tech | Business | Economy
No Result
View All Result
ADVERTISEMENT
Home Business Security

From QR Code to Compromise: “Quishing” is a Growing Threat – Sophos Warns

…Hackers exploit QR codes in PDF email attachments to steal company credentials from mobile devices.

by Joan Aimuengheuwa
November 18, 2024
in Security
0
Sophos Report on quishing
Quishing report by Sophos

Quishing report by Sophos

UBA
Advertisements
  • Sophos X-Ops researchers offer tips on how to protect yourself

Sophos, a global leader of innovative security solutions for defeating cyberattacks, has released the results of Sophos X-Ops research on a new type of threat: quishing.

This new attack vector involves the use of fraudulent QR codes, emailed by threat actors, to bypass the phishing security measures put in place by companies.

This fraudulent QR code, embedded in a PDF document attached to an email, takes the form of a message about payroll, employee benefits, or other forms of official paperwork a business might send to an employee. Because QR codes are not readable by computers, the employee must scan the QR code using their mobile phone.

The QR code links to a phishing page, which the employee may not recognize as malicious since phones usually are less protected than a computer.

The goal of the attackers is to capture employees’ passwords and their multi-factor authentication (MFA) tokens in order to access a company’s system by bypassing the security measures in place.

“We spent a considerable amount of time sifting through all the spam samples we had to find examples of quishing,” comments Andrew Brandt, principal researcher at Sophos X-Ops. “Our research has revealed that attacks that exploit this specific threat vector are intensifying, both in terms of volume and sophistication, especially when it comes to the appearance of the PDF document. »

In addition to social engineering tactics, the quality of emails, attachments and QR code graphics, these attacks seem to be growing in terms of organization as well. Indeed, some malicious actors now offer as-a-service tools to run phishing campaigns using fraudulent QR codes.

In addition to features such as CAPTCHA bypasses or the generation of IP address proxies to bypass automated threat detection, these criminal organizations provide a sophisticated phishing platform that can capture the credentials or MFA tokens of targeted individuals.

To encourage organizations to better protect systems against this type of attack, Sophos X-Ops shares a list of recommendations:

  • Be vigilant about internal emails about HR topics, salaries or company benefits: Sophos X-Ops’ research has found that social engineering tricks exploit these themes to trick employees into scanning fraudulent QR codes from their mobile devices.
  • Install Sophos Intercept X for Mobile : Available on Android, iOS and Chrome OS, this solution includes a secure QR code scanner that helps identify known phishing websites and alert if the URL is considered malicious.
  • Monitor risky sign-ins: Using identity management tools, organizations can detect unusual sign-in activity.
  • Enable Conditional Access: This feature helps enforce access controls based on the user’s location, device status and risk.
  • Enable effective access monitoring thanks to sophisticated logs: this type of advanced monitoring allows you to better visualize all access to the system and detect this type of threat in time.
  • Implement advanced email filtering: Sophos’ QR code phishing protection solution detects fraudulent QR codes included directly in emails and plans to expand its solution to QR codes in attachments as early as the first quarter of 2025.
  • Leverage on-demand email retrieval: Sophos Central Email customers who use Microsoft 365 have this feature to eliminate spam or phishing emails from corporate emails.
  • Encourage employees to be vigilant and report incidents: Prompt reporting of anomalies to the incident response team is essential to protect company systems from phishing.
  • Revoke suspicious user sessions: It is imperative to have a plan in place to revoke user access that shows signs of compromise.

Despite the continuous development of new attack vectors, organizations can protect themselves from compromised systems by equipping themselves with the right tools, fostering a culture and work environment, and surrounding themselves with security vendors that, like Sophos.

Loading

Advertisements
MTN ADS

0Shares
Tags: quishingSophosSophos ReportSophos X-OpsX-Ops
Joan Aimuengheuwa

Joan Aimuengheuwa

Joan thrives at helping individuals and businesses scale via storytelling...

Next Post
Commissioning of the building donated by Dr Taiwo Afolabi, SIFAX Group Chairman (1)

SIFAX Group Chairman Donates Building to Alma Mater

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Recommended

Liquid C2, Google Cloud and Anthropic

Liquid C2 Partners with Google Cloud to Bring Generative AI Capabilities to Africa

1 year ago
5 reasons you won't get a Valentine gift

5 Reasons You Won’t Get a Gift this Valentine’s

2 years ago

Popular News

    Connect with us

    • About
    • Advertise
    • Careers
    • Contact Us

    © 2025 TECHECONOMY.

    No Result
    View All Result
    • News
    • Tech
      • DisruptiveTECH
      • ConsumerTech
      • How To
      • TechTAINMENT
    • Business
      • Telecoms
      • Mobility
      • Environment
      • Travel
      • StartUPs
        • Chidiverse
      • TE Insights
      • Security
    • Partners
    • Economy
      • Finance
      • Fintech
      • Digital Assets
      • Personal Finance
      • Insurance
    • Features
      • IndustryINFLUENCERS
      • Guest Writer
      • EventDIARY
      • Editorial
      • Appointment
    • TECHECONOMY TV
    • Apply
    • TBS
    • BusinesSENSE For SMEs

    © 2025 TECHECONOMY.

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In
    Translate »
    This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.