Quishing (QR Phishing) bypasses email filters by hiding malicious URLs inside images (QR Codes). It moves the attack from the protected corporate PC to the vulnerable personal smartphone.
The Blind Spot
Most Secure Email Gateways (SEGs) scan text. They cannot "read" the QR code image. This allows the phishing email to sail right into the inbox, bypassing defenses.
Real-World Examples
MFA Setup: 'Your 2FA is expiring. Scan here to re-authenticate.'
Parking Meters: Stickers placed over real codes to steal credit card data.
Cafeteria Menus: Fake codes leading to malware downloads.
Safety Tips
Inspect the Preview: Look at the URL before confirming. Is it trusted?
Context: Why would Microsoft ask you to scan a code from your desktop email?
Use a Scanner App: Some apps perform security checks on the URL before opening.
Key Takeaway
"Don't scan blindly. If an unsolicited email asks you to scan a code, be extremely suspicious."
