The Cambrian infosec team has received an advisory regarding malicious actors attempting to phish using a technique referred to as ‘Quishing’. Also known as QR code phishing, this involves tricking someone into scanning a QR code using a mobile device. The QR code then takes the user to a fraudulent website that might download malware or ask for sensitive information. The goal of the attackers is to move a user from a desktop or laptop to a mobile device, which might have weaker anti phishing protections.
What are the attackers doing?
- Attacker send malicious links embedded in QR Codes in legitimate looking emails.
- When the malicious QR Code is scanned by a device, it will lead victims to a legitimate looking, yet malicious, website requesting the employee’s username and password, most commonly for their Microsoft account.
- These malicious websites portray a sense of urgency to entice users to submit their credentials quickly.
As a remediation measure, we recommend you take the below steps:
- If you receive a QR code from a trusted source via email, confirm via a separate medium -- e.g., text message, voice call, etc. -- that the message is legitimate.
- Any suspicious emails which contain fraudulent QR code should be reported using a “Report a Phish” button from your Cambrian College Microsoft Outlook account.
- Be extremely wary if a QR code takes you to a site that asks for personal information, login credentials or payment.
- Never scan a QR code from an unfamiliar source. (e.g., in a public transit station or advertisements on the street).
- Observe good password hygiene by using long, strong, and unique password for all your accounts.
- Set up and use Multi-Factor Authentication (2FA) wherever possible.
If you require further assistance with your Cambrian College account or suspect an account compromise, please contact the IT Service Desk immediately at 705-566-8101 x7370 for further investigation.