As organizations increasingly use QR codes, it seems QR code phishing AKA "quishing" is also on the rise. According to a new study released by ReliaQuest, in September 2023 the company saw a 51% increase in quishing attacks, as compared to the cumulative figure for January through August 2023.

Other key report highlights

  • Analysis of customer incidents showed a 51% increase in quishing incidents in September 2023, compared to the cumulative figure for January through August 2023.
  • A sample of customer incidents revealed that the most popular quishing scenario in the past 12 months involved Microsoft two-factor authentication (2FA) resets or enablement, occurring in 56% of quishing emails in this data set. Targets were encouraged to enter their Microsoft email addresses and passwords.
  • Online banking pages represented the second-most popular mechanism (in 18% of all quishing attacks). Page visitors were encouraged to enter their personal banking credentials.
  • In 12% of the quishing incidents in the sample we investigated, the attacker hid the QR code in a PDF or JPEG file attached to the email. With a benign — or even blank — message body, threat actors reduce the chance that email filters will flag the message. Such filters typically rely on analyzing clickable elements.