[Ads-l] New Word: Quishing

[Baker, John]

A posting today from the Financial Industry Regulatory Authority, or FINRA (the self-regulatory organization for securities brokers and dealers), includes the novel term "quishing" to refer to QR code phishing.   The posting, entitled "FINRA Cyber Alert - ONNX Store Purportedly Targeting Firms in Quishing Attacks," is available online at https://www.finra.org/rules-guidance/guidance/cybersecurity-alert-onnx-store-purportedly-targeting-firms-quishing-attacks.  The first two paragraphs:

ONNX Store, a Phishing-as-a-service platform (PhaaS), is targeting Microsoft 365 (M365) accounts at FINRA member firms with an advanced social engineering attack known as quishing: a business email compromise (BEC) attack that uses QR codes in embedded PDF documents to redirect victims to phishing URLs.

Threat actors leverage quishing attacks because victims will typically scan QR codes on their personal mobile devices (which the victim may use for business purposes, as part of their firms' Bring Your Own Device (BYOD) program). As a result, these attacks are exceptionally difficult to monitor with typical endpoint detection.

Other notable terms, though not new to me, are "bring your own device," or "BYOD," a term (and the related acronym) for the common business practice of having employees use their own smartphones and other electronic devices to carry on their employer's business, and "[criminal activity]-as-a-service."

"Phishing," of course, is in the OED and has cites going back to 1996.  Quishing is not its only variant; others include smishing (SMS text message phishing) and vishing (video phishing).  It may also have influenced catfishing (pretending to be a potential romantic partner), although that derives from the 2010 film Catfish.


John Baker



------------------------------------------------------------
The American Dialect Society - http://www.americandialect.org