Article Per Year (5 Year)
p-Index From 2021 - 2026
0.23
P-Index
This Author published in this journals
All Journal Jurnal Teknik Informatika (JUTIF)
Yuniati, Shavira Eka
Unknown Affiliation
Computer Science & IT

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search
Journal : Jurnal Teknik Informatika (JUTIF)

 1 
Implementation and Analysis of QR Code Phishing Attacks on Indonesian Internet Banking Using Attack Tree and Time-Based Metrics Yuniati, Shavira Eka; Widjajarto, Adityas; Hediyanto, Umar Yunan Kurnia Septo
Jurnal Teknik Informatika (Jutif) Vol. 7 No. 1 (2026): JUTIF Volume 7, Number 1, February 2026
Publisher : Informatika, Universitas Jenderal Soedirman

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.52436/1.jutif.2026.7.1.4819

Abstract

The development of technology in Internet banking services facilitates customers’ financial transactions. However, this can also create opportunities for cybercrime threats, including a quishing attack. A quishing attack is a type of phishing attack that uses a QR Code to redirect victims to a fake website to steal sensitive information. This research formulates an attack tree model for quishing attacks by combining OSINT, social engineering, and QR Code exploitation, structured using data flow diagrams and evaluated with time-based metrics. The attack was simulated as a Proof of Concept (PoC) to realistically depict the stages of exploitation. Results from the experiments show that the fastest attack path using the OSINT tool Truecaller, the social engineering tool SEToolkit, and the QR Code tool Qrencode takes 248.31 seconds. This path is considered more efficient, outperforming the second fastest combination, which uses the OSINT tool Find Mobile Number Location by 25.15 seconds, with a total time of 273.46 seconds. Truecaller’s advantage lies in its ability to obtain data quickly without requiring a geographic location process like the Find Mobile Number Location tool. This approach shows that banking institutions can integrate time-based metric attack trees to assess vulnerability response times, simulate realistic threat scenarios, and develop more effective incident response strategies to prevent unauthorized access during quishing attacks.
Co-Authors Adityas Widjajarto Umar Yunan Kurnia Septo Hediyanto