In 2023, there was a significant surge in QR code attacks, often termed as ‘quishing’, with no indications of this attack method diminishing in 2024. Cybercriminals deliver emails containing QR codes that direct to counterfeit sites, aiming to steal credentials or conduct other harmful activities.
These attempts are often challenging to detect as QR codes, now commonplace for legitimate uses such as restaurant menus, sign-up forms, competitions, and scan-to-pay online payments, are not typically viewed as a threat.
According to Mimecast’s The State of Email Security 2023 report, 92% of South African companies have been the target of email-based attacks, with 68% witnessing an increase in email-based threats over the same period.
With the international rise of ‘quishing’, local companies are likely to be targeted through this attack vector.
The Global Threat Intelligence Report revealed that overall attacks with malicious links rose by 22% in Q3 of 2023 compared to Q2. The report, which processes over one billion emails daily for 42,000 global customers, found that embedding QR codes in an email to deliver malicious links is a common tactic employed by cybercriminals and threat actors.
The Mimecast Email Security system is designed to identify QR codes in an email’s body and extract the URL for deep scanning. This enhanced ‘quishing’ protection will aid in safeguarding employee inboxes.
“Operating in one of the most advanced economies in Africa and the Global South, South African companies are prime targets by cyber threat actors, and this is not lost on them. With collaboration at the heart of business operations, nearly 95% of companies agree that they need stronger protection than what comes with popular collaboration tools. The rise of QR code attacks is adding an additional layer of threat for local organisations,” said Brian Pinnock, VP of sales engineering.
“At Mimecast, we are continuously innovating to meet our customers' needs, and we are tackling this growing attack vector head-on to keep local organisations secure and our economy growing.”
Deep scanning of QR code URLs is now live within Mimecast Email Security, and more enhancements to combat ‘quishing’ will follow.
