QRishing: Difference between revisions
From Cognitive Attack Taxonomy
Created page with "== '''Quishing ''' == '''Short Description:''' Phishing variant employing QR codes<ref>Schlienger, T., Teufel, S., & Wolff, C. (2013). QRishing: The susceptibility of smartphone users to QR code phishing attacks. In M. Bezzi, P. Dupré, & D. Naccache (Eds.), Emerging Security Information, Systems and Technologies (pp. 80-87). Springer. https://doi.org/10.1007/978-3-642-41320-9_4</ref>. <br> '''CAT ID:''' CAT-2024-011 <br> '''Layer:''' 8 <br> '''Operational Scale:'..." |
|||
(2 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
== ''' | == '''QRishing''' == | ||
'''Short Description:''' Phishing variant employing QR codes<ref>Schlienger, T., Teufel, S., & Wolff, C. (2013). QRishing: The susceptibility of smartphone users to QR code phishing attacks. In M. Bezzi, P. Dupré, & D. Naccache (Eds.), Emerging Security Information, Systems and Technologies (pp. 80-87). Springer. https://doi.org/10.1007/978-3-642-41320-9_4</ref>. <br> | '''Short Description:''' Phishing variant employing QR codes<ref>Schlienger, T., Teufel, S., & Wolff, C. (2013). QRishing: The susceptibility of smartphone users to QR code phishing attacks. In M. Bezzi, P. Dupré, & D. Naccache (Eds.), Emerging Security Information, Systems and Technologies (pp. 80-87). Springer. https://doi.org/10.1007/978-3-642-41320-9_4</ref><ref>Vidas, T., Owusu, E., Wang, S., Zeng, C., Cranor, L. F., & Christin, N. (2013). QRishing: The susceptibility of smartphone users to QR code phishing attacks. In Financial Cryptography and Data Security: FC 2013 Workshops, USEC and WAHC 2013, Okinawa, Japan, April 1, 2013, Revised Selected Papers 17 (pp. 52-69). Springer Berlin Heidelberg. https://kilthub.cmu.edu/articles/journal_contribution/QRishing_The_Susceptibility_of_Smartphone_Users_to_QR_Code_Phishing_Attacks_CMU-CyLab-12-022_/6468011?file=11896547</ref>. <br> | ||
'''CAT ID:''' CAT-2024-011 <br> | '''CAT ID:''' CAT-2024-011 <br> | ||
Line 15: | Line 15: | ||
'''Subcategory:''' <br> | '''Subcategory:''' <br> | ||
'''Also Known As:''' | '''Also Known As:''' Quishing <br> | ||
== '''Description:''' == | == '''Description:''' == |
Latest revision as of 00:25, 11 November 2024
QRishing
Short Description: Phishing variant employing QR codes[1][2].
CAT ID: CAT-2024-011
Layer: 8
Operational Scale: Tactical
Level of Maturity: In Common Use
Category: TTP
Subcategory:
Also Known As: Quishing
Description:
Closely Related Concepts:
Mechanism:
Multipliers: Mobile device users have been found to be more likely to click on masked links compared to traditional computing systems [3]
Detailed Description: Threat actors create QR codes that redirect to malicious sites impersonating legitimate sites[4].
INTERACTIONS [VETs]: Misdirection-Distraction (Exploit, CAT-2022-014)
Examples:
Use Case Example(s):
Example(s) From The Wild:
Comments:
References:
- ↑ Schlienger, T., Teufel, S., & Wolff, C. (2013). QRishing: The susceptibility of smartphone users to QR code phishing attacks. In M. Bezzi, P. Dupré, & D. Naccache (Eds.), Emerging Security Information, Systems and Technologies (pp. 80-87). Springer. https://doi.org/10.1007/978-3-642-41320-9_4
- ↑ Vidas, T., Owusu, E., Wang, S., Zeng, C., Cranor, L. F., & Christin, N. (2013). QRishing: The susceptibility of smartphone users to QR code phishing attacks. In Financial Cryptography and Data Security: FC 2013 Workshops, USEC and WAHC 2013, Okinawa, Japan, April 1, 2013, Revised Selected Papers 17 (pp. 52-69). Springer Berlin Heidelberg. https://kilthub.cmu.edu/articles/journal_contribution/QRishing_The_Susceptibility_of_Smartphone_Users_to_QR_Code_Phishing_Attacks_CMU-CyLab-12-022_/6468011?file=11896547
- ↑ Almukaynizi, M., Redmiles, E. M., & Rader, E. (2023). What you see is not what you get: The role of email presentation in phishing susceptibility. Proceedings of the ACM on Human-Computer Interaction, 7(CSCW1), Article 2. https://doi.org/10.1145/3579618
- ↑ https://blog.knowbe4.com/qr-code-phishing-is-growing-more-sophisticated