QUISHING: Scams Defined

Posted on June 4, 2025 by Dr. David Edward Marcinko MBA MEd CMP™

QR Code Cyber Security Scams

SPONSOR: http://www.CertifiedMedicalPlanner.org

By Cloudflare and AI

***

***

What is quishing?

Quishing, or QR phishing, is a cybersecurity threat in which attackers use QR codes to redirect victims to malicious websites or prompt them to download harmful content. The goal of this attack is to steal sensitive information, such as passwords, financial data, or personally identifiable information (PII), and use that information for other purposes, such as identity theft, financial fraud, or ransomware.

This type of phishing often bypasses conventional defenses like secure email gateways. Notably, QR codes in emails are perceived by many secure email gateways as meaningless images, making the users vulnerable to specific forms of phishing attacks. QR codes can also be presented to intended victims in a number of other ways.

MISHING: https://medicalexecutivepost.com/2025/02/28/mishing-a-mobile-first-phishing-technique/

What are QR codes?

QR codes, or Quick Response codes, are two-dimensional barcodes that can be scanned easily with a camera or a code reader application. The main component of a QR code is data storage. QR codes have the capability to store significant amounts of information including URLs, product details, or contact information. Scanning technology allows smartphone cameras or code readers to easily and quickly access the website to which the URL points.

SMISHING: https://medicalexecutivepost.com/2025/01/08/smishing-beware-scams/

How does quishing work?

In a quishing attack, the attackers create a QR code and link it to a malicious website. Typically, the attacker will embed the QR code in phishing emails, social media, printed flyers, or physical objects, and use social engineering techniques to entice the victims. For example, victims might receive an email urging them to access an encrypted voice message via a QR code for a chance to win a cash prize.

Upon using their phones to scan the QR code, victims are directed to the malicious site. The site may prompt victims to enter private information, such as login information, financial details, or personal information. In the example above, the site may request the user’s name, email, address, date of birth, or account login information.

Once this sensitive information is captured, attackers can exploit it for various malicious purposes, including identity theft, financial fraud, or ransomware.

What is Cyber-Security SPOOFING and PHISHING?

COMMENTS APPRECIATED

Like and Confirm

***

***

Filed under: CMP Program, Ethics, Glossary Terms, Information Technology, LifeStyle | Tagged: , , , , , , , , , , , , , , , , , , | Leave a comment »

MISHING: A Mobile-First Phishing Technique

Posted on February 28, 2025 by Dr. David Edward Marcinko MBA MEd CMP™

DEFINITION

By Staff Reporters

***

***

Mishing, a term coined by Zimperium, covers all sorts of mobile-first phishing techniques: Smishing (SMS/text-based phishing), Quishing (QR code phishing), voice phishing, Wi-Fi-based phishing (the so-called “Evil Twin” attack), and many others.

Zimperium says organizations are increasingly relying on mobile devices for business operations, including multi-factor authentication, mobile-first applications, and more, and cyber criminals are taking notice, tailoring their phishing attacks for mobile devices, successfully evading traditional anti-phishing measures designed for desktops. As a result, businesses urgently need to adopt mobile-specific security, Zimperium stresses.

Smishing, for example, is now the most common mobile phishing vector, accounting for 37% of attacks in India, 16% in the US, and 9% in Brazil. Quishing, on the other hand, is described as an emerging threat, with notable activity in Japan (17%), the US (15%), and India (11%).

Furthermore, 3% of phishing sites use device-specific redirection, showing benign content on desktops while targeting mobile devices with phishing payloads.

Note: Zimperium, Inc. is a global leader in mobile device and app security, offering real-time, on-device protection against both known and unknown threats on Android, iOS and Chromebook endpoints. The company was founded under the premise that the then current state of mobile security was insufficient to solve the growing mobile security problem. At the time, most mobile security was a port from traditional endpoint security technologies.

COMMENTS APPRECIATED

Refer, Like and Subscribe

***

***

Filed under: Ethics, Experts Invited, Information Technology, LifeStyle | Tagged: , , , , , | Leave a comment »

SMISHING: Beware Scams!

Posted on January 8, 2025 by Dr. David Edward Marcinko MBA MEd CMP™

***

***

Smishing is a form of phishing that uses Short Message Service (SMS), commonly known as text messages, instead of email. Typically, the scammer poses as a legitimate institution, such as a bank, a service provider or a reputed company. The text message they send creates a sense of urgency or threatens consequences if the victim doesn’t respond immediately. It downloads malware on the phone or includes a link to a fraudulent website designed to look like the legitimate organization’s site. When victims reach that site they are tricked into entering their personal information.

Seven Types of Smishing Scams

1. Impersonation Scams: The attacker pretends to be a known organization or individual. The attack could be via a message pretending to be from a bank, government agency or a reputable company.
2. Tech Support Scams: Attackers pose as representatives from tech companies, claiming that the victim’s device or account has been compromised and that they need sensitive data to fix the problem.
3. Account Suspension Scams: These messages claim that an account (bank account, social media or any other service) has been suspended and prompt the victim to verify their identity by providing sensitive information.
4. Missed Delivery Scams: Attackers send messages claiming that the victim has missed a package delivery, and they need to provide personal details or a fee to reschedule the delivery.
5. Prize or Lottery Scams: Messages claiming that the victim has won a prize or a lottery, and they need to provide personal details or make a payment to claim the winnings.
6. Charity Scams: In these attacks, scammers impersonate a charitable organization, asking for donations, usually following a large-scale disaster or during holiday seasons.
7. Malware Link Scams: Messages containing a link, which when clicked, installs malware on the victim’s device, allowing the attacker to steal information or gain control over the device.

Attackers are constantly innovating and finding new ways to exploit human trust, so it’s crucial to be skeptical of any unsolicited or unexpected message that asks for sensitive information or prompts to click a link.

COMMENTS APPRECIATED

Refer and Subscribe

***

***

Filed under: Ethics, Glossary Terms, Information Technology, LifeStyle, mental health | Tagged: , , , , , , , , , , , | Leave a comment »