Gone Quishing: A Field Study of Phishing with Malicious QR Codes

by   Filipo Sharevski, et al.

The COVID-19 pandemic enabled "quishing", or phishing with malicious QR codes, as they became a convenient go-between for sharing URLs, including malicious ones. To explore the quishing phenomenon, we conducted a 173-participant study where we used a COVID-19 digital passport sign-up trial with a malicious QR code as a pretext. We found that 67 were happy to sign-up with their Google or Facebook credentials, 18.5 create a new account, and only 14.5 the single most cited factor for the willingness to yield participants' credentials. Reluctance of linking personal accounts with new services was the reason for creating a new account or skipping the registration. We also developed a Quishing Awareness Scale (QAS) and found a significant relationship between participants' QR code behavior and their sign-up choices: the ones choosing to sign-up with Facebook scored the lowest while the one choosing to skip the highest on average. We used our results to propose quishing awareness training guidelines and develop and test usable security indicators for warning users about the threat of quishing.


page 3

page 4

page 9


"I Knew It Was Me": Understanding Users' Interaction with Login Notifications

Login notifications are intended to inform users about recent sign-ins a...

Privacy Perceptions and Behaviors of Google Personal Account Holders in Saudi Arabia

While privacy perceptions and behaviors have been investigated in Wester...

Malicious Selling Strategies in Livestream Shopping: A Case Study of Alibaba's Taobao and ByteDance's Douyin

Livestream shopping is getting more and more popular as a new shopping f...

'Surprised, Shocked, Worried': User Reactions to Facebook Data Collection from Third Parties

Data collection and aggregation by online services happens to an extent ...

Influences of Displaying Permission-related Information on Web Single Sign-On Login Decisions

Web users are increasingly presented with multiple login options, includ...

A Study of Different Awareness Campaigns in a Company

Phishing is a major cyber threat to organizations that can cause financi...

Please sign up or login with your details

Forgot password? Click here to reset