Highlights:

  • The SlashNext QR Code Phishing Protection service is designed to identify malicious intent in the QR code and the accompanying message, providing accurate protection against various QR code-based attacks.
  • Quishing, where cybercriminals use QR codes to redirect unsuspecting users to malicious sites or trick them into downloading malware, has become a common threat as people increasingly trust the legitimacy of QR codes.

Phishing protection firm SlashNext Inc. has introduced a new service to safeguard against malicious QR code threats, including quishing, QRLJacking, and other scams.

The recently launched SlashNext QR Code Phishing Protection service is positioned as the inaugural security solution providing defense against multi-channel quishing for QR code phishing. It effectively blocks malicious QR codes across various communication channels, including email, mobile, web, and messaging platforms like Slack, iMessage, and Microsoft Teams.

According to SlashNext, its newly introduced QR Code Phishing Protection service stands out from other security solutions targeting quishing and QRLJacking. The system utilizes computer vision and a novel QR Code natural language processing classifier, offering protection beyond credential quishing. The SlashNext QR Code Phishing Protection service is designed to identify malicious intent in the QR code and the accompanying message, providing accurate protection against various QR code-based attacks.

QR codes gained widespread recognition in the West during the COVID-19 pandemic, primarily through their use in contact tracing. However, they have been used extensively in the U.S. and countries like China. Popular trends often attract scammers and malicious actors; the same applies to QR codes.

A report by SlashNext in October highlighted a rising trend of cybercriminals exploiting the widespread use of QR codes to execute sophisticated phishing attacks. Quishing, where cybercriminals use QR codes to redirect unsuspecting users to malicious sites or trick them into downloading malware, has become a common threat as people increasingly trust the legitimacy of QR codes.

QRLJacking, a more specialized threat, involves attackers exploiting various apps and websites’ “login with QR code” feature. A common QRLJacking scenario involves deceiving a user into scanning a manipulated QR code, resulting in session hijacking.

Patrick Harr, the Chief Executive of SlashNext, said, “In recent months, quishing and QRLJacking have contributed to the huge growth we have observed in phishing. Without proper protection, it is nearly impossible for the average user to distinguish a legitimate QR code from a malicious code.”

“It is unreasonable to expect employees and everyday users to avoid QR codes altogether when they are quickly becoming ubiquitous in many legitimate service industries and for login purposes,” Patrick Harr added. “However, the cybercriminals know this as well, which is why we will only see an increased reliance on quishing and QRLJacking as attack techniques.”