Suggested IT Security Resources

What is Quishing?

“Quishing” is the method used in fraud where valid QR codes are replaced with another code to facilitate fraud or information harvesting,

QR codes are two-dimensional barcodes that can be scanned using a smartphone or other QR code scanning devices. They are commonly used to quickly access websites, apps, or other digital content.

Threat actors have started to use QR codes to redirect the attack from your TU Dublin device to your mobile phone and trick users into providing sensitive information on a fake Microsoft logon page.

QR codes are a new way for hackers to pull off the same old scams. But by being extra vigilant, you can avoid getting drawn in by malicious codes if you know what to look for.

 

Quishing 1

How does it work?

Threat actors send an email that contains a QR code, requesting the user to scan the QR code with their mobile phone to complete a specific request.  This QR code, once scanned, can take the user to a malicious website where they may be asked to upload financial information or other sensitive information. 

Quishing Video

Below is a video showing how Quishing works and what indicators to look out for when you receive an email with a QR code.

Below is a still image of the Quishing email that was received by a staff member in TU Dublin that is visible in the video above.  

Staff should remain vigilant when they receive emails similar to this.  In the example below, although the email appears to have come from "HR-Department", the actual email address used was from an external email address.

Quishing

What to do if you receive a phishing email?

If you receive a phishing email that contains a QR code, a link or an attachment, you should report it as a phishing email from within Outlook

Report the Email: Please click here for out guide on how to report a phishing email

If you have scanned a QR code with your mobile phone and provided sensitive information, such as a username and password, please contact the IT Service desk as soon as possible.