Don’t get Quished!
QR codes are now ubiquitous in daily life, used for tasks such as ordering meals in restaurants, paying for parking, renting bikes, or accessing information about TV programs and upcoming films
When these black-and-white codes are scanned with a mobile phone camera, a link appears, directing users to a specific website where they can place orders or obtain product information
However, scammers are reportedly exploiting this convenience by placing fake QR codes over legitimate ones on digital menus. This type of phishing, known as ‘quishing’, redirects the customer to a fraudulent website, prompting them to enter personal information that the scammer can then access
What Are QR Codes?
Quick response or “QR” codes function similarly to barcodes. Scanning them with a mobile phone camera reveals a link to the information they contain. In our digital age, QR codes are commonly used for browsing restaurant menus, connecting to public Wi-Fi, paying for parking, and redirecting users to websites
The widespread use of QR codes has opened up new opportunities for cybercriminals to commit identity theft and bank fraud
Types of QR Code Scams
Quishing (QR Code Phishing): Quishing involves using QR codes to direct users to fake websites that spread malware or solicit confidential information. Scammers may pose as legitimate companies, sending phishing emails with QR codes that lead to malicious sites or virus-infected downloads
Fake QR codes: Scammers may place fake QR codes over real ones, such as in restaurants or on-street advertisements. These fake codes can lead to fraudulent payment sites that steal money or credit card details
Inverted QR codes: In this scam, malicious QR codes appear as payment methods but actually solicit money from the user. Instead of paying a merchant, the code makes the merchant pay the scammer, and it can also be used to steal personal and financial information
How to avoid QR code scams
Think before you scan: Be especially wary of codes posted in public places. Take a good look. Is it a sticker or part of a bigger sign or display? If the code doesn’t fit in with the background, request a paper copy of the document you’re trying to access or type the URL in manually. When you scan a QR code, take a good look at the website it leads you to. Does it look like you expected it to? If it asks for login or banking information that doesn’t seem needed, don’t hand it over
Codes embedded in emails: These are almost always a bad idea, so skip them entirely. The same goes for codes you receive in unsolicited paper junk mail, such as those offering help with debt consolidation
Preview the code’s URL: Many smartphone cameras, including iPhones running the latest version of iOS, will preview a code’s URL as you start to scan it. If the URL looks strange, you might want to move on
Use a secure scanner app: Even better, as these are designed to spot malicious links before your phone opens them. Trend Micro, offers a free one, as do some of the other big antivirus companies. But stick to the well-known security companies. Malicious QR scanning apps designed to scrape user information have made it into the app stores in the past
Use a password manager: As with all kinds of phishing, if a QR code takes you to an especially convincing fake website, a password manager will still know the difference and won’t autofill your passwords
By staying vigilant and following these precautions, you can enjoy the convenience of QR codes while protecting yourself from potential scams
Leave a reply
You must be logged in to post a comment.