The Next Generation of Quishing: Evolving QR Code Phishing Tactics to Watch Out For

In a recent post, we discussed how cybercriminals use QR codes for phishing attacks, known as quishing. Now, Barracuda researchers have uncovered new tactics designed to evade security defenses. As awareness grows, attackers are innovating. Here’s what you need to know about these evolving techniques and how to protect yourself, based on recent findings.

The ASCII and Unicode QR Code Technique

Traditional quishing attacks use static QR code images to embed malicious links, which security tools scan. Now, attackers are using QR codes made from text-based ASCII or Unicode characters, fooling optical character recognition (OCR) tools that scan emails for malicious intent.

• How it Works: Attackers create a 49×49 matrix of ‘full block’ characters (█) that mimic QR codes. OCR detection tools can’t interpret them as harmful since they’re text-based.
• Why It’s Dangerous: These codes evade image-based scanning, making malicious emails harder to detect.

Blob URI Attacks: Hard-to-Detect Phishing Pages

Another technique involves using Blob URIs (Binary Large Object Universal Resource Identifiers), which allow phishing pages to be hosted directly in browsers without interacting with external servers.

• How it Works: Blob URIs don’t rely on external URLs, making it difficult for URL scanning tools to detect malicious content. Additionally, Blob URIs are dynamic and can expire quickly, adding another layer of evasion.
• Why It’s Dangerous: Blob URI attacks can bypass URL filtering and are harder to track, making it easier for attackers to steal sensitive information.

The Growing Impact of Quishing

These advanced techniques are making phishing more difficult to detect. While ASCII-based codes confuse OCR tools, Blob URIs bypass traditional URL filters. According to Barracuda, 1 in 20 mailboxes were targeted by QR code attacks in the last quarter of 2023, highlighting the growing prevalence of these threats.

How to Protect Yourself

To guard against these evolving quishing tactics, take the following steps:

• Upgrade Email Security: Ensure your tools can detect ASCII/Unicode-based QR codes and Blob URI phishing attempts.
• Train Your Team: Educate staff on how to spot suspicious QR codes in emails, especially those that look slightly off.
• Use Multi-Factor Authentication (MFA): MFA adds an extra layer of protection, reducing the risk even if a phishing attack is successful.
• Perform Regular Audits: Regular security checks help ensure your systems can detect these newer threats.

Conclusion: Staying Ahead of Evolving Threats

Quishing is no longer about scanning a simple malicious QR code. Attackers are using increasingly sophisticated methods to evade detection. As these threats evolve, it’s crucial to stay informed and take proactive steps to protect your business.

If you need help protecting your business against these emerging threats, then contact CDML today for a security assessment.