Information Security Tips (May 2023) – Quishing Attack
資訊安全貼士 (2023年5月號) - QR code的釣魚攻擊
To: All Users
“Quishing” or “QR code phishing” is a type of phishing attack. When a user scans the QR code, he/she will then access the phishing website. Since a QR code is an image, current security measures may not be able to detect it as a threat. “Quishing” may therefore become a new normal in the future.
Safety Tips of Using QR code:
- Mobile payment:
- Verify the information carefully in the mobile app before making any payment in any transaction with QR code. After transaction, verify the transaction details sent by the bank or mobile payment service provider immediately.
- Do not share or disclose the QR codes generated by mobile payment services to others.
- Website redirection:
- Stay alert before scanning QR codes and do not scan any codes from unknown sources.
- Turn off the QR code scanner’s automatic URL redirection function. Once you turn it off, the scanner will show the URL content and request you to confirm if to open the URL or not.
- Account login:
- Only scan account authentication QR codes in the official websites.
- Contact the service providers immediately for any unusual login records
Should you have any enquiries, please feel free to contact ICTO Help Desk.
ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo
Information and Communication Technology Office
各位用戶:
「Quishing」是結合QR code的釣魚攻擊。當用戶掃瞄QR code後,便會進入釣魚網站。由於QR 只是一個圖像,現時的保安措施未必能識別是一個威脅,因此「Quishing」可能是日後一種攻擊的新常態。
使用QR code的保安小貼士:
- 流動支付:
- 以QR code進行流動支付前,需小心核實應用程式提供的交易資料。完成支付交易後,要立即核實銀行或流動支付服務供應商所發出的交易記錄;
- 切勿隨便向他人透露流動支付服務所產生的QR code。
- 網頁瀏覽:
- 掃瞄QR code前要提高警覺,不要掃瞄一些來歷不明的QR code;
- 關閉QR code掃瞄器自動瀏覽網頁功能。關閉設定後,每次掃瞄QR code都會彈出對應的URL,待你確認才會連接到該網站;
- 使用防毒軟件上的QR code 掃瞄器功能,讓防毒軟件預先檢查URL是否安全才開啟網頁。
- 賬戶驗證:
- 只掃瞄官方網站內的賬戶驗證QR code;
- 如發現不尋常的登入記錄,應立即向服務供應商查詢。
如有任何疑問,請聯絡資訊及通訊科技部服務中心。
服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo
資訊及通訊科技部