SmartBanking Blog

Quishing

                Technological advances are usually made in pursuit of making everyday life easier. However, these advances sometimes get hijacked by those looking to cause harm to people. QR codes were meant to make it easier for consumers to view websites, make payments, and more, but criminals have now devised ways to make QR codes a new means of phishing attacks.

                QR codes are those little black and white squares we often now see in restaurants or coffee shops that lead consumers to websites, PDFs, or other digital media. Usually, consumers scan QR codes with their smartphone camera and click the link to view the linked source. Now, however, QR codes are popping up in phishing emails, on brushing scam packages, and even crypto scams. It’s called ‘Quishing,’ and it’s one of the latest kinds of phishing scams.

                Criminals are creating malicious QR codes in order to steal sensitive information, install malware, or commit identity theft. Some criminals will email phony QR codes, much like sending phishing links, with calls for immediate action to secure information. Once the user scans the code, they may unknowingly provide personal information to a bad actor or expose their device to further manipulation via malware. Other criminals will send packages to consumers that the consumer never ordered. On this package there will be a QR code that can have similar consequences. Still others will use QR codes at scam crypto ATMs. So how do you know which QR codes you can trust?

                There are various ways to verify whether or not a QR code is legitimate or whether it is a scam. The first way would be to contact the sender via a trusted method. If the email says it is from a coworker or family member, contact them at their verified phone number. If the email claims to be from a company, use their contact form on the verified website to confirm validity. Remember that email security protections cannot always detect malicious QR codes.

                Another way to verify a QR Code is to use a trusted QR code scanner app from a reputable company. These apps have many security features that just your smartphone camera does not. They can often detect if a QR code leads to a scam website or contains malware.

                Lastly, continue to be aware of regular scam red flags. These Quishing attempts will often include things like calls for immediate actions, spoofed email addresses, and errors the legitimate source would not make. Also, continue to be wary of unsolicited communications or items received.

                While QR codes were meant to make everyday life easier for the consumer, they have unfortunately created a new avenue for bad actors to gain access to you and your sensitive information. Stay safe out there!

Sources:

https://news.usps.com/2024/06/19/if-you-dont-know-about-quishing-read-this/