The Growing Threat of Quishing
QR codes have become an integral part of our mobile lives, offering quick access to websites, apps, and services. However, cybercriminals are exploiting this convenience with a new phishing technique called quishing. By creating fake QR codes that look legitimate, attackers can redirect users to malicious sites, install malware, or request sensitive device permissions. Anyone can generate QR codes, making it difficult to identify the real from the fake.
Who is at Risk?
Quishing targets a range of individuals, including the older people, online shoppers, job seekers, business executives, and those using public establishments like restaurants and coffee shops. These attacks have increased as QR codes have become more widespread, especially during the COVID-19 pandemic. To avoid falling victim, inspect QR codes for tampering, verify URLs before scanning, be cautious of unsolicited requests, and keep NFC turned off when not in use. Staying vigilant and following these guidelines can protect you from quishing schemes.
How Quishing Works
The Federal Trade Commission (FTC) has reported a rising trend in quishing attacks, where scammers use seemingly legitimate QR codes to send users to malicious websites and applications. These attacks are highly effective due to the impulsivity associated with scanning QR codes for convenience, the ease of code generation, and the anonymity they provide. Criminals can print out fake codes and paste them over legitimate ones to make them appear credible. Many people don’t think twice about scanning these codes and accept security bypass prompts to access applications or services.
Staying Protected
To stay protected, think before scanning a new code, especially if it requires access to device permissions. Look for physical signs of tampering, such as pixelation or misalignment, and inspect URLs before using them. Be wary of unsolicited QR code requests and keep NFC off when not in use. By being cautious and following these strategies, you can avoid becoming a quishing victim.
