QR code phishing, also commonly known as “quishing”, currently ranks among the most devious phishing variants. With the malicious link is not directly recognizable as text in the email, but rather concealed within an image file, these attacks are particularly treacherous.
What’s more, users often click on these codes using private or insufficiently protected mobile devices. It’s this shift in the attack path that makes QR code phishing so dangerous. The actual attack happens outside the protected company environment. In this way, the mode of attack deliberately circumvents conventional security mechanisms in several ways.
Multi-layer screening ensures optimum protection
At Retarus, however, we rely on our battle-tested and consistently multi-layer approach to combat QR code phishing. Rather than relying on just a single source of data, our Advanced Threat Protection (ATP) combines a number of powerful analysis techniques. Working together, these methods deliver a thoroughly substantiated, inherently consistent assessment which optimizes security while also ensuring extremely low false positive rates.
Our quishing prevention tools include:
- Hash-based file check: If a QR code has previously been identified as a malicious image, it is reliably identified and blocked based on its “file fingerprint.”
- AI-powered AntiPhishing analysis: powerful engines examine the structural features of emails, analyze their content and apply heuristic and behavior-based criteria.
- Sandbox analysis: At Retarus, all emails are subjected to smart prefiltering. This ensures that only those messages where more in-depth examination is likely to add value are sent to the sandbox – just one of the many secrets behind our unrivalled throughput times. Needless to say, this also applies to emails containing QR codes. Where necessary, the sandbox also assists in checking shortened URLs to reveal masked destination addresses.
The seamless interaction of the various scanning algorithms plays a crucial role in these efforts. In practice, the QR code itself is seldom the only red flag prompting cause for suspicion. These messages often also display other indicators of malevolence, for example in the header, the message structure, or the overall character and nature of the email. Our multi-layered approach to analyzing messages ensures that outcomes are never viewed in isolation but always assessed against the broader context.
Quishing protection forms part of Retarus Advanced Threat Protection
Retarus sets itself apart from many other providers in that its QR code phishing protection does not need to be purchased separately. It is already an integral part of the company’s ATP package. This is in line with our underlying mission: Retarus’ customers should always benefit from the latest threat protection methods, without having to manually take new attack scenarios into account or activate additional services. This can be of critical importance, especially when it comes to dynamic attack methods such as quishing.
