Abstract:
- QRishing is an extension of phishing that utilizes Quick Response (QR) codes by encoding a Uniform Resource Locator (URL) of a malicious webpage/website into it, aiming to direct the user to that site. QRishing is a very dangerous and potentially devastating attack that can be combined easily with other techniques. Non-technical approaches exist that are necessary but not sufficient without reliance on technical solutions. Blacklisting is the most popular and used anti-phishing technique, however, has many shortcomings, suffers from high false positive rates and importantly subject to obfuscation and evasion techniques. In this paper we introduce a Proof of Concept (POC) of consortium Blockchain-based Whitelisting solution wherein, the very nature of exact match of a URL makes it almost impossible to be evaded, which is unlike Blacklisting. Every URL (long/short, static/dynamic) is an asset recorded by its owner for building this whitelist. Varied business owners will benefit to defend their assets of URLs from Banks to Coffee shops, etc., who make QR-code Ads so any real-world user can check that URLs' legitimacy. The Consortium's legal agreements, obligations and fines for wellbeing and trustworthiness is out-scope of the writing.
|