Bulletproof’s range of cyber security, data protection and compliance services are your best defence against threats to your business. With nearly a decade of providing trusted security services, we’re continuing our mission of solving the greatest cyber security & compliance challenges through innovation and simplicity. Explore our range of services and find out how Bulletproof can help your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you.
Discover CREST penetration testing & continuous security
Internal & external infrastructure, network & system testing
Manage multiple tests & get external security assurance
Thoroughly assess your web apps & APIs for security flaws
Test your response to a simulated real-world cyber attack
All cloud platforms & services tested, including Azure & AWS
Test your human cyber defences with social engineering
Android, iOS & custom mobile application security testing
Find out more about penetration testing – what it is, when you need it, and why it’s a core component of any business. Discover how pen test helps with compliance, powers best practices, and helps your organisation win new business.
Gap analysis, implementation, audits & more from GDPR experts
On-going support to easily manage your data protection obligations
Consultant-led support to meet all levels of DSPT submission
Flexible & engaging data protection training from certified experts
Get peace of mind that your data protection is being managed by trusted, certified consultants. All Bulletproof data protection services are delivered by our highly trained, experienced and qualified staff.
Gap analysis, implementation, audits & more from dedicated ISO consultants
Find the next step in your strategy with this consultant-led assessment
Get quick & easy CE certification with a range of feature-packed packages
Flexible access to top-tier information security strategy & management
Experienced SOC 2 consultants, AICA audits & compliance automation platform
On-site, remote and video-based security training to boost your resilience
Affordable expertise & support to help you meet & maintain PCI DSS compliance
Go beyond compliance with information security services that are designed to give real operational benefits to your business. All delivered by seasoned, certified Bulletproof security consultants.
24/7 defence against cyber attacks with proactive threat detection
Get help responding & recovering from cyber incidents
Detect, analyse and stop cyber attacks with real-time prevention
Forensic support & data recovery following cyber attacks
Stay on top of new vulnerabilities with powerful, flexible scanning
Evaluate your wireless network for security weaknesses
Discover how your business can identify & manage cyber threats
Comply with regulations, meet certification standards & best practices
Train and test your staff for security resilience, data protection & compliance
No matter what your cyber or compliance challenges, Bulletproof is here to help. We like to work with you as a trusted partner to solve problems, not sell services. No pressure tactics and no false promises.
Learn about our mission to make cyber & compliance accessible to all
Grow your business with high-margin, high-value & partner-ready services
Become part of the Bulletproof team & supercharge your career
Bulletproof’s in-house SOC powers our Managed SIEM & MDR services
We love to talk. Tell us about your cyber & compliance challenges
At Bulletproof we love to solve problems with simplicity & innovation. It’s our mission to make compliance & cyber security services accessible to all. We take pride in building and nurturing teams of exceptional talent, so we’re confident that our cyber security & compliance services are the best way to stay one step ahead of the hackers and protect your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you, no matter what you have to say.
Get the latest news, views & expert insight in the world of cyber security, data protection & compliance
A helpful index of cyber security terms, compliance acronyms and industry terminology to make life easy
Discover what we have to say about the threat landscape & what businesses need to know to get ahead
Find out how we can make companies like yours Bulletproof. Don’t take our word for it, hear direct from our clients
Detailed insights & helpful tips for understanding penetration testing, data protection & more
Interesting data & top tips at a glance, with insightful infographics covering all areas of cyber security & compliance
Watch our experts talk through their thoughts & opinions on a variety of security & compliance topics
See when & where we’re going to be bringing Bulletproof insight to an event near you
Ayisha Bari
Find out what ransomware is, how attacks work & types of attack to help you get started with keeping ransomware out of your business.
Read More
Malicious actors are always coming up with new and innovative ways to steal your money and information. This means it’s all the more important to be aware of these new attacks as they appear and know how to spot and respond to them. In this article I’ll be bringing attention to a new attack that has become increasingly common in recent months. That attack is called ‘Quishing’, and it is a specific new variant of the much broader attack known phishing.
You’ll probably already be familiar with phishing in some form – and have probably been on the receiving end of a phishing attack. If you need a refresher, this ‘what is phishing’, article does a good job of laying down the basics. Phishing takes many forms, including spear phishing, whaling, smshing and vishing. It’s a form of social engineering in which a scammer pretends to be somebody trustworthy such as a friend, subscription service or a bank to convince a person to do something for them, such as:
Quishing is a new form of phishing that uses QR codes, and it’s becoming more popular – you may have even already seen it in the wild. A QR code, or Quick Response code, is a two-dimensional barcode that stores information in a machine-readable format. These can be read and interpreted your smartphone camera and store a variety of information. QR codes are designed to be used for a range of different purposes including:
QR codes look like this:
In the case of QR code phishing, attackers create a malicious QR code that, when scanned by a mobile device or QR code reader, leads the user to the same kind of activities as we see in other types of phishing. This could be a fraudulent website, a fake login page that captures sensitive information, or a URL that delivers malware. As for how the QR code gets to you in the first place, often it’s via an email, pretending to be from a reputable company, or from a friend’s email address. No, your friend probably hasn’t turned into a cyber criminal, but their email might have been hacked. Social media apps and messaging apps like Whatsapp are also attack vectors for quishing.
Quishing has the potential to get through spam filters and antimalware protection that may be scanning emails. If a malicious link is sent in an email, a spam filter or antimalware software would scan and block this, however, if the malicious link is a QR code, it may be seen as ‘just an image’ and therefore would not trigger a spam filter or malware scanner.
Cyber security is a constant game of cat and mouse between good guys and cyber criminals. New technologies present new opportunities and challenges, and the bad guys are often the first to exploit new tech capabilities. While QR codes might slip through some spam filters and anti-malware programs now, the defensive tech will evolve to combat QR-based threats.
In the meantime, I recommend the same defence as any other type of phishing attack: education. Regular security awareness training is a fundamental part of stopping all cyber attacks, but especially for phishing and social engineering attacks.
For security training to be effective, it should always be reviewed, updated and provided regularly to include advice on new threats in the ever-evolving landscape of cyber security.
Tells users how to spot phishing attempts. Often Quishing attempts may still show common red flags of other phishing attacks such as bad spelling/grammar, misspelt/strange sender Email address and a cover story to make you take an action without thinking about it i.e. a time limit before your account is deleted.
This one varies according to your company policies, but I recommend reporting the email to your IT department, not just deleting it. This way tech teams can start to mount a proactive defence.
The rise of quishing attacks highlights how hackers and malicious actors are adapting to people becoming more security conscious and aware of the risks of links in emails. This advice, although correct and important, does not usually stretch to QR codes specifically and may lead a user to scan the QR code without thinking of the security repercussions as it may not have been specifically outlined as a potential risk to them in the past.
In the ever-evolving cyber landscape, where hackers continually devise innovative ways to exploit vulnerabilities, our awareness becomes paramount in safeguarding against emerging threats. We must never forget that there are malicious actors always trying to find new and unexpected ways to exploit and attack. It can never be understated how important awareness and knowledge of emerging threats are for preventing attacks and data breaches. And even things as straightforward as reading this blog can be the difference between falling for quishing and remaining safe online.
Building a multi-layered security strategy can help overcome the impact of a successful quishing attack. And I recommend getting the basics right first. A good example here is Cyber Essentials certification and especially Cyber Essentials Plus. This makes you look at the elemental security components of your organisation and build a strong foundation. Even businesses with a mature security strategy can benefit from Cyber Essentials certification. Who knows, you might even get me as your Cyber Essentials Assessor!
Jason’s experience as a Cyber Essentials Plus Assessor has given him a keen insight into helping businesses make smart, effective improvements to their security posture. He leverages his technology background to make Cyber Essentials certification as painless as possible for his clients.
Keep hackers out of your business with Cyber Essentials. Protect against quishing and keep your data secure. Find the right Cyber Essentials package to suit your needs.
If you are interested in our services, get a free, no obligation quote today by filling out the form below.
I'd like to receive Bulletproof communications about relevant services and events
For more information about how we collect, process and retain your personal data, please see our privacy policy.