Quishing Scam Alert: Beware of Fake QR Codes—Here’s How to Protect Your Personal Info
Learn to spot fake QR codes and avoid falling victim to these dangerous scams
These days, QR codes are everywhere. While they make it easy to access websites, apps and more, the iconic codes have provided hackers with a new way to acquire money or private information. Enter: Quishing. Keep reading for more about quishing scams, why they’re concerning and how to protect yourself from falling victim.
What is a quishing scam?
A QR code, short for “Quick Response” code, is a two-dimensional barcode made of tiny black squares that store information—anything from tickets to restaurant menus. Since it can be scanned using a smartphone or tablet’s camera, the technology makes it easy to pull upinformation in a flash.
This easy access is also appealing to bad actors and has led to a scam called “quishing”, or QR phishing. Like traditional phishing attacks, it’s done to get you to unknowingly surrender private or financial information—but it all starts with a QR code.
How does quishing work?
In many cases, a quishing attack starts with an email. The QR code is often sent as a message attachment and appears to be from a legitimate source, like a bank lender, reports TechRadar.com.
Then when you scan the code, it will take you to a malicious link on the iInternet. The scammer is hoping you submit your information believing you are logging into an official website (like a bank, for example).
In more sophisticated cases, the scammer can do even more damage. Scanning that fake code may install malware or other dangerous software that could infect your device, according to experts at Experian.com. This can result in a data breach or a locking of your device unless you pay their demanded “ransom.”
The scammer may also be able to direct an altered QR code to access any payment platforms you use, follow certain social media accounts from your own or send emails using your email address. This can essentially expand the reach of the cybercrime, as others become targeted by phishing attacks from your hacked accounts.
Why quishing is so dangerous
A suspicious email or text message may be enough to tip you off that something isn’t right, which will hopefully keep you from scanning the fake digital QR code. But quishing is starting to spread to public locations, which makes the scam all that much more concerning.
In fact, it’s been reported in three states so far, according to KJCT News in Colorado, and the Interstate Technology and Regulatory Council expects the scam to become even more widespread. These instances have involved fraudulent QR codes being posted in public places where it would make sense for them to appear.
Doctored QR codes can appear at restaurants, stores, bars, on packages or even parking meters/garages. This was becoming a significant issue in the UK this summer, with scammers sticking these codes to parking machines. Users would then be taken to a website designed for stealing sensitive information when they believed they were just paying their parking fees.
The big problem: Any unsuspecting consumer or citizen won’t be able to tell they’re being duped. “Quishing is especially effective because it’s impossible for a person to read a QR code without electronic assistance,” writes the pros at Experian.
The contents of the codes can often be hidden and slip past cyber security tools, so you won’t know the code you’re seeing was created by a scammer. Even cyber experts have called out how advanced this scam can be depending on how tech-savvy the hacker is.
What to do if you’ve been ‘quished’’
If you believe you have fallen victim to a quishing scam, your first step should be protecting your information. This means changing your login credentials and passwords for online accounts. If you suspect you’ve been impacted financially, you should contact your credit card company or bank.
For extra security, you may want to create a free fraud alert for yourself through the Experian, TransUnion or Equifax credit reporting agencies. But if you experience identity theft, do notify the Federal Trade Commission who will help investigate this type of fraud.
How to avoid a quishing scam
Scammers may have found what they believe to be a successful way to target people, but staying alert can ensure you don’t fall for their trap. Here are some helpful ways to stay clear of a quishing scam:
- Look for doctored codes: If you’re scanning from a paper QR code in a public place, make sure there aren’t extra stickers on top of the original code. These would indicate a doctored code placed by a bad actor.
- Double check it’s authentic: Only trust codes from a person or organization that you recognize. For example, if a restaurant allegedly has one for a menu, check with an employee to make sure the QR code is legitimate.
- Be wary of sketchy URLs: Carefully investigate the URL that comes from a QR code. A short website address that contains odd characters or does not begin with “https://” may be fraudulent. When in doubt, go to the official website of the organization or business.
- Don’t use one to download an app: Avoid downloading apps directly from a QR code. Instead, go to the app store for your device.
- Beware of unsolicited QR codes: When receiving an email with a QR code—or a text— from an unexpected sender, don’t scan it. If you believe it may be safe because it came from someone you know, reach out to them first before taking any action.
Conversation
All comments are subject to our Community Guidelines. Woman's World does not endorse the opinions and views shared by our readers in our comment sections. Our comments section is a place where readers can engage in healthy, productive, lively, and respectful discussions. Offensive language, hate speech, personal attacks, and/or defamatory statements are not permitted. Advertising or spam is also prohibited.
