Squish the Quish – Stop and Think Before You Access a QR Code

What are quishing attacks and why are they growing in popularity?

早在5月份,我就参加了 Cyburgh, an annual conference held by the 匹兹堡 Technology Council to bring together cybersecurity professionals and enthusiasts across the Greater 匹兹堡 region to discuss challenges and opportunities within the cybersecurity industry.

我被其中一位主讲人迷住了, 夏日狂热福勒, 时任motion网络安全和IT高级副总裁. 当她在幻灯片上移动时, she really worked to engage the audience with humor and pop culture references to liven up the cybersecurity discussion she was leading us through. 她看了一张带有二维码的幻灯片, 我很惊讶她说了这样的话, “别担心. 这个二维码很安全,我保证.”

QR码并不安全? I thought to myself as I picked up my iPhone to scan the QR code to access the link.

2021年COVID-19限制措施放松后, QR码随处可见——餐馆, 酒吧, 零售商店, 办公室. They became second nature to me, and I’m assuming to many others too. Even my grandmother knows how to scan a QR code via her iPhone. When something becomes expected as a convenience and established as a norm, it’s natural to let your guard down and assume it’s inherently safe.



Quishing 定义为通过QR码发起的网络钓鱼攻击. 毫无疑问,退学的人数正在上升. According to re搜索 conducted by Check Point, there was a 大幅增长587% 在2023年8月至9月期间平息了袭击. QR码可以引导你到一个网站, 添加联系人, 下载附件, 发送电子邮件, 或者另一个动作, 哪个是恶意的,哪个不是. Malicious information or links can easily be encoded in the standard QR code image format. This makes it harder to detect if it’s malicious or not because it will appear as a “normal looking” QR code you’re exposed to every day.


意识是关键. Knowing that you should be wary of QR codes – at home, work or in public – is the first step. Take the precautionary measure to verify the domain associated with a QR code before you scan it.

也, 如果你用移动设备扫描二维码的话, remember that there are often fewer security measures than on your network-connected corporate devices. Some devices automatically go the URL when you hover over the code, and even if your device prompts you to accept the redirect, 该链接可能是恶意的. Be sure to double check the that the URL is valid just as you would on a web browser and avoid scanning any codes you find in the wild.

例如, 如果你在一家有二维码菜单的餐馆吃饭, be sure to verify the URL is legitimate before clicking through. Remember, it takes seconds for a threat actor to cover up a genuine QR code with a malicious one.

Always alert your IT team if you receive a suspicious email with a QR code. 当有疑问时,不要扫描!


The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, 包括渗透测试, 入侵防御/检测审查, ransomware安全, vulnerability assessments and a robust digital forensics and incident response team. 此外,我们的 数字取证和事件响应 teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.

要了解更多信息,请访问我们专门的 网络安全 页面.

想要了解情况? 订阅我们的双周通讯, 关注网络安全.


The Schneider Downs 我们对 blog exists to create a dialogue on issues that are important to organizations and individuals. 虽然我们喜欢分享我们的想法和见解, 我们对你要说的特别感兴趣. If you have a question or a comment about this article – or any article from the 我们对 blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. 电邮至 (电子邮件保护).

Material discussed is meant for informational purposes only, 而且这不能被理解为投资, 税, 或法律建议. 请注意,个别情况可能有所不同. 因此, this information should be relied upon when coordinated with individual professional advice.

©2024施耐德唐斯. 版权所有. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without 书面许可.

$1 Billion a Day: Unpacking the 金融 Aftershock of the Change 医疗保健 Cyber-Attack
Get the Low Down Before You Download: Exploring the Temu App’s Security Risks
Fortifying 零售 Security: Essential 网络安全 Tools and Software
Register to receive our weekly newsletter with our 最近的 columns and insights.
有问题吗?? 问我们!

我们很乐意听到你的消息. Drop us a note, and we’ll respond to you as quickly as possible.


This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our 隐私政策.

" class="hidden">敬业签