The Better Business Bureau (BBB) of Central and South Alabama is warning people about the growing danger of “Quishing.” This is a type of phishing scam that uses QR codes to get people to visit harmful websites or download harmful content.
Cybercriminals have changed how they do things to take advantage of QR codes becoming more popular, especially in daily tasks like paying for things and looking at restaurant menus. This makes quishing attacks a serious and growing threat.
In 2021, QR code phishing made up only 0.8% of all hacks. By the first half of 2024, that number had risen to nearly 11%. Attackers can go after anyone, but most of the time they go after customers who don’t think twice about scanning QR codes.
What Is Quishing?
When scammers make malicious QR codes and hand them out through phishing emails, social media, written materials, or even in public places, they are engaging in quishing. When the target scans the code, they are taken to a website that looks real but is actually set up to steal personal information or install malware.
Key Examples of Quishing Attacks:
- Parking Meters: Scammers place fake QR codes on parking meters, tricking users into scanning them to pay for parking. Instead of completing a legitimate transaction, users are redirected to malicious websites that steal their payment information.
- Phishing Emails : QR codes embedded in emails, disguised as messages from trusted sources like banks or companies, trick recipients into scanning the code to verify accounts or access documents.
- Public Locations : QR codes are placed in everyday environments like restaurants, public transit ads, or posters. Unsuspecting individuals scan them, expecting to see a menu or advertisement, but are redirected to harmful websites.
- Fake Promotions: Scammers create QR codes promoting “free gifts” or discounts. When scanned, victims are directed to malicious sites designed to collect personal information or install harmful software.
Tips to Protect Against Quishing:
- Verify the Source: Always confirm that a QR code comes from a legitimate source before scanning, especially in emails or public places.
- Inspect URLs: Use a QR scanner app that allows you to preview the URL before visiting a site. If the URL seems suspicious, do not proceed.
- Update Security Tools : Many security tools are not equipped to scan QR codes. Ensure you use advanced software that can detect these threats.
- Stay informed and vigilant against quishing scams. Visit BBB.org for additional resources on how to protect yourself and your organization from cyber threats, and to report any suspicious activity.