QR phishing (also called "QRshing" or "Quishing") is a technique that cyber criminals or scammers sometimes use. They attach a fake QR code to a message in an attempt to get the message recipient to scan the code and then be taken to a site that will be used to harvest information from the person or perpetrate some other scam. Using the options on this page you can configure SecurityGateway to detect and take action if a QR code image is attached to a message.
Configuration
Enable QR Code detection
Click this option to turn on QR Code detection.
When a QR Code is found attached th a message:
...refuse the message
Choose this option if you want SecurityGateway to refuse a message when a QR code is attached.
...quarantine the message
Choose this option if you wish to quarantine a message when a QR code is found to be attached. When this option is selected you can also use the "tag subject with" and "add points to" options below.
...accept the message
Choose this option if you wish to accept a message even when a QR code is found to be attached. You can then use the "tag subject with" and "add points to" options below to draw attention to the message or cause some other action to be taken by using SecurityGateway's filtering and anti-spam options.
...tag subject with [*** QR CODE ***]
When you choose to quarantine or accept messages with a QR code attached, you can use this option to add some text to the message's Subject header. You can then optionally use SecurityGateway's filtering options to take some other action based on that added text.
...add [xx] points to message score
When you choose to quarantine or accept messages with a QR code attached, you can use this option to add points to the Message Score, which can then cause some other action based on your Message Scoring settings. By default this option adds 2.0 points to the message score.
Exclusions
Exclude messages from allowlisted senders
Enable this option if you wish to exempt all allowlisted senders from QR Code Detection. This option is enabled by default.
Exclude messages from authenticated sessions
Use this option if you wish to exclude a session from QR Code Detection when the session is authenticated. This option is enabled by default.
Exclude domain mail servers
Check this box if you wish to exclude your domain mail servers from QR Code Detection. This option is enabled by default.
Exceptions - Domains
If you select a specific domain in the "For Domain:" drop-down list box at the top of the page when configuring these settings, that domain will be listed here after saving the settings. Click the View/Edit link for the corresponding domain to review or edit its QR Code Detection settings, or click Reset to reset the domain's settings to the default Global values.
