Quishing
Phishing conducted via QR codes, bypassing traditional email security scanners that fail to analyze embedded images.
Quishing is the latest evolution of phishing, where the attacker uses a QR code to deliver the malicious payload. The term is a blend of "QR" and "phishing." The attacker embeds a QR code into an email, flyer, or message, asking the recipient to scan it for an "urgent security update," to "view an invoice," or to "claim a gift card." When the code is scanned with a phone, it takes the user directly to a malicious website designed to steal credentials or install malware. This tactic is effective because people trust QR codes and the mobile environment. Furthermore, traditional email security scanners often fail to analyze images or embedded codes, letting the threat pass right into the inbox. Quishing bypasses the standard desktop security checks entirely, making the mobile user an easy target. Since this threat bypasses conventional link-scanning, your email security must feature advanced image and code analysis capable of detecting and blocking malicious QR codes before your employees ever scan them.