Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Home Cyber Fraud Quishing On The Rise: Strategies to Avert QR Code Phishing
Cyber Fraud phishing QR code Quishing User Security

Quishing On The Rise: Strategies to Avert QR Code Phishing

Quishing is a novel variant of phishing that uses QR codes and has gained traction recently.
Saturday, February 08, 2025

 

QR codes are already ubiquitous: from restaurant menus to public transportation schedules, everyone wants you to scan theirs. This normalisation of scanning random QR codes is being exploited, resulting in a new cybersecurity threat known as Quishing. 

What is Quishing? 

Quishing (QR code phishing) is the process of placing a malicious URL into a QR code. Rather than linking to a legitimate website, the code will load a page that attempts to steal information, infect your device with malware, or execute another malicious act.

It's a goofy name, but it poses a serious threat. While we're all aware that you shouldn't browse suspicious websites or download unfamiliar files, the nature of QR codes makes it impossible to tell what's on the other side. With a scan and a tap, you're whisked away to a website that may contain material you don't want to see, or routed to a malware download. 

It's also possible to be duped into scanning a QR code: many businesses build their QR codes using third-party services and URL shorteners, which means that the embedded links may not always redirect to their actual websites. This makes it challenging to determine whether a QR code has been tampered by someone carrying out a quishing assault.

Is quishing a real threat? 

Yes. It is already happening and has proven to be beneficial. QR codes for parking meters, restaurant payments and tip systems, and phoney advertisements are being tampered with all across the world to perpetrate quishing frauds, typically by simply sticking a sticker with a bogus QR over an already existing official code.

These trick codes then lead to false login pages and payment sites, where you can either pay the scammer directly or give them your information (which can be used to steal your money later or push further scams). 

Safety tips 

There are a few efficient strategies to safeguard yourself from quishing: 

  • Make use of your device's built-in QR code scanner. App shops' QR scanners have a bad reputation for security and privacy.
  • Avoid clicking on links that employ URL shorteners and make sure the destination a QR code is attempting to direct you to is genuine before clicking on the link. 
  • Avoid paying with QR codes whenever you can, especially if the payment link takes you to an unidentified address. 
  • Additionally, be aware that phoney websites often use names that sound similar to legitimate ones, so double-check your spelling.
Tags: Cyber Fraud phishing QR code Quishing User Security
Share it:

Cyber Fraud

phishing

QR code

Quishing

User Security