The scam works via QR codes. Attackers can steal data, money, and infect your phone.
Quishing is a scam similar to phishing except that it's carried out using QR codes. With quishing, cybercriminals use QR codes that look legitimate to direct you to a website that allows them to steal your data.
We're going to breakdown precisely what quishing is and go over its main characteristics so that you’ll recognize and distinguish it from other types of scams. Knowing it exists is the first step in protecting yourself from it. Then, we’ll give you some essential tips on how to avoid this cyber trap.
What Is Quishing? How Does It Work?
“Quishing” comes from the phrase QR phishing, which is basically phishing via QR codes, a scam that uses QR codes that people have to scan as bait.
A QR code is an indecipherable drawing of black and white squares. It acts as a shortcut because it displays a web link when you point at it with your camera or a QR code reader app.
However, cybercriminals are no longer just distributing QR codes on the street and directing victims to fraudulent sites to enter their information (these are obviously scams). They’re putting more work into the scam, as they often do with SMS phishing (scams via SMS), also known as smishing.
With quishing, criminals try to make the QR code look legitimate and like it belongs to a real, well-known company. They use business cards, promotional materials, or online images with offers as bait.
The code will take you to a fraudulent website that is a copy of the site that the QR code should actually point to. The page will ask for personal information, such as the login details for one of your Internet accounts or your credit card number.
Imagine momentarily finding a piece of paper stating that you can get receive an Amazon gift card. There you find a QR code that takes you to a website where you have to identify yourself with your Amazon info or directly with your credit card. This is how cybercriminals trick you into giving them your data, which they can use to steal money from you.
How to Avoid Falling for This Scam
The first step to avoiding these scams is to be wary of QR codes that you come across unsolicited or from an unreliable source. Also, be cautious of the QR codes on the street or codes that directly promise you things or offers that are too good to be true.
As such, before scanning a QR code, verify the source. Look at the brochure, poster, or sticker with the QR code. If you find it on the street, you already know it’s not authentic. What about if you find it in your mailbox? You should still be suspicious and try to double check that it's legitimate. And you should always distrust a QR code that tries to hide the website it's taking you to.
Usually, nothing happens when you scan a QR code. However, cybercriminals sometimes try to pique your curiosity and try to get you to click on the website that the QR code takes you to. By scanning the QR code, you may also download a dangerous file or a virus onto your device. You might be told to use these files for one purpose or another, when the goal is to infect your device.
When you enter the website associated to the QR code, always check the URL. This way, you can verify that the site is genuine or whether it's another one with an entirely different name. Sometimes, the QR code that takes you to a site may use a word that's in the company’s name, so you should know the actual address to avoid entering websites with similar names that aren’t official.
Today, almost all native mobile camera apps have a QR scanner. However, using a QR scanner app with safety features is also convenient. Some have a feature to detect malicious links and deliver a warning before you go a website linked to in a QR code.
Finally, it’s also a good idea to keep your phone security up-to-date. Ensure your operating system is updated, and if you have any protection or service against malicious websites or harmful downloads, turn it on.
Images | Xataka On
Related | Wi-Fi 7: What is It, What is It for and All the New Wi-Fi Standard Features
See all comments on https://www.xatakaon.com
SEE 0 Comment