QRishing: Difference between revisions

From Cognitive Attack Taxonomy
← Older editNewer edit →
No edit summary
Line 1: Line 1:
== '''QRishing (aka Quishing) ''' ==
== '''QRishing''' ==


'''Short Description:'''  Phishing variant employing QR codes<ref>Schlienger, T., Teufel, S., & Wolff, C. (2013). QRishing: The susceptibility of smartphone users to QR code phishing attacks. In M. Bezzi, P. Dupré, & D. Naccache (Eds.), Emerging Security Information, Systems and Technologies (pp. 80-87). Springer. https://doi.org/10.1007/978-3-642-41320-9_4</ref>. <br>
'''Short Description:'''  Phishing variant employing QR codes<ref>Schlienger, T., Teufel, S., & Wolff, C. (2013). QRishing: The susceptibility of smartphone users to QR code phishing attacks. In M. Bezzi, P. Dupré, & D. Naccache (Eds.), Emerging Security Information, Systems and Technologies (pp. 80-87). Springer. https://doi.org/10.1007/978-3-642-41320-9_4</ref>. <br>
Line 15: Line 15:
'''Subcategory:'''  <br>
'''Subcategory:'''  <br>


'''Also Known As:''' <br>
'''Also Known As:''' Quishing <br>


== '''Description:''' ==
== '''Description:''' ==

Revision as of 21:07, 6 November 2024

QRishing

Short Description: Phishing variant employing QR codes[1].

CAT ID: CAT-2024-011

Layer: 8

Operational Scale: Tactical

Level of Maturity: In Common Use

Category: TTP

Subcategory:

Also Known As: Quishing

Description:

Closely Related Concepts:

Mechanism:

Multipliers: Mobile device users have been found to be more likely to click on masked links compared to traditional computing systems [2]

Detailed Description: Threat actors create QR codes that redirect to malicious sites impersonating legitimate sites[3].

INTERACTIONS [VETs]: Misdirection-Distraction (Exploit, CAT-2022-014)

Examples:

Use Case Example(s):

Example(s) From The Wild:

Comments:

References:
  1. Schlienger, T., Teufel, S., & Wolff, C. (2013). QRishing: The susceptibility of smartphone users to QR code phishing attacks. In M. Bezzi, P. Dupré, & D. Naccache (Eds.), Emerging Security Information, Systems and Technologies (pp. 80-87). Springer. https://doi.org/10.1007/978-3-642-41320-9_4
  2. Almukaynizi, M., Redmiles, E. M., & Rader, E. (2023). What you see is not what you get: The role of email presentation in phishing susceptibility. Proceedings of the ACM on Human-Computer Interaction, 7(CSCW1), Article 2. https://doi.org/10.1145/3579618
  3. https://blog.knowbe4.com/qr-code-phishing-is-growing-more-sophisticated
Retrieved from "https://cognitiveattacktaxonomy.org/index.php?title=QRishing&oldid=474"