SlashNext’s QR Code Phishing Protection leverages patent-pending computer vision and natural language processing (NLP) to block the delivery of messages containing malicious QR codes and block malicious QR code URLs scanned by users’ mobile phones
PLEASANTON, Calif. – Nov. 14, 2023 – SlashNext, the leader in SaaS-based Integrated Cloud Messaging Security across email, web, and mobile, today announced the release of QR Code Phishing Protection to stop Quishing, QRLJacking and other scams distributed via malicious QR codes. SlashNext’s QR Code Phishing Protection is the first security solution to offer multi-channel Quishing protection that blocks malicious QR codes in email, mobile, web and messaging channels such as Slack, iMessage, Microsoft Teams, and more.
The use of QR codes in cyberattacks has grown dramatically in the wake of widespread adoption of QR codes during the pandemic for legitimate, contact-free purposes. Unlike other security solutions that aim to address Quishing (QR code phishing) and QRLJacking (QR code login jacking), SlashNext’s solution leverages both its patent-pending computer vision and a new QR code natural language processing (NLP) classifier and protects users from more than just credential Quishing. Its ability to detect malicious intent in both the QR code itself as well as the accompanying message makes it the most comprehensive and accurate protection against QR-code based attacks.
“In recent months, Quishing and QRLJacking have contributed to the huge growth we have observed in phishing,” said Patrick Harr, CEO, SlashNext. “As a security company focused on phishing protection, we dedicate resources to continuously observe attack patterns, technology innovations leveraged by cybercriminals, and overall trends in the security landscape in order to anticipate and proactively address emerging threats. We are pleased to extend this critical protection to all existing and new customers.”
In October 2023, SlashNext Threat Labs published a blog post detailing how threat actors leverage QR codes for various attacks and breach attempts. Quishing, a blend of QR code and phishing techniques, manipulates QR codes for nefarious purposes. With Quishing, the attacker generates a QR code embedded with a phishing link or malware download and then distributes the QR code to victims via phishing emails, digital ads, social media, or even posters in common areas. Believing the QR code came from a legitimate source, a victim scans the QR code with their mobile phone camera.
QRLJacking is a social engineering method that exploits the “login with QR code” feature available on many legitimate apps and websites and is leveraged by bad actors to gain full control of victims’ accounts.
“Without proper protection, it is nearly impossible for the average user to distinguish a legitimate QR code from a malicious code,” continued Harr. “It is unreasonable to expect employees and everyday users to avoid QR codes altogether when they are quickly becoming ubiquitous in many legitimate service industries and for login purposes. However, the cybercriminals know this as well, which is why we will only see increased reliance on Quishing and QRLJacking as attack techniques.”
SlashNext protects the modern workforce from malicious messages across all digital channels. SlashNext Complete™ integrated cloud messaging security platform utilizes patented Generative AI technology with 99.9% accuracy to detect threats in real-time to stop zero-hour threats in email, mobile and web Messaging Apps across M365, Gmail, LinkedIn, WhatsApp, Telegram, Slack, Teams and others messaging channels. Take advantage of SlashNext’s Integrated Cloud Messaging Security for email, browser, and mobile to protect your organization from data theft and financial fraud breaches today.
Lumina Communications for SlashNext