Banking giants and government regulators are reportedly raising the alarm over a new kind of fraud designed to slip through traditional security measures.
Santander, HSBC, TSB Bank, the U.S. Federal Trade Commission (FTC) and the UK National Cyber Security Centre are issuing warnings about “quishing,” reports the Financial Times.
Quishing, or QR code phishing, is a new type of fraud campaign that lures victims into unsuspectingly scanning a QR code that forces them to visit a malicious website or download a harmful application, allowing attackers to obtain passwords, financial details and personally identifiable information.
Cybersecurity experts now say quishing is being widely deployed in email campaigns where criminals embed malicious QR codes in PDF attachments.
Chester Wisniewski, the global field chief technology officer at cybersecurity firm Sophos, says the strategy is yielding results at the expense of victims as corporate online defenses are not designed to scan attachments.
“The appeal for criminals is that it’s bypassing all of the [cyber security] training and it’s also bypassing our products…
Today almost no [cyber security] products are looking through attachments. If this continues to be a problem, I suppose the industry will have to move there – but it will slow down the delivery of emails, and it will also make things more expensive.”
The FTC previously warned that bad actors are taking advantage of the widespread use of QR codes to launch sophisticated fraud campaigns.
The regulator says criminals are covering QR codes on parking meters with one of their own. They are also sending malicious QR codes via text or email while giving victims a compelling reason to scan them.
Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inboxGenerated Image: Midjourney
The post Trillion-Dollar Banks Sound Alarm As Sophisticated New Fraud Technique Bypasses Security Measures: Report appeared first on The Daily Hodl.