You might have heard about these different types of scams, such as phishing (using emails), vishing (using voice calls), and smishing (using SMS) to defraud people. However, have you heard of the new scam called “quishing?”
Quishing is the latest “innovation” by cybercriminals in the advent of digital payments using QR codes, like the ones used by GCash, Maya, and QR Ph.
Let’s take a look at what quishing means and how to avoid it.
What is ‘quishing’?
Quishing is the contraction of the words “QR code” and “phishing,” in which cybercriminals use QR codes to redirect unsuspecting users to malicious websites, steal login credentials, download harmful content, or install malware on their computers.
Similar to other “phishing” techniques, quishing is a method employed by attackers through QR codes to steal your login information, personal information, like name and contact details, or sensitive financial information, like credit card details.
What are QR Codes?
To better understand quishing, it’s important to know what QR codes are.
QR codes, or Quick Response codes, are 2-D matrix barcodes invented in 1994 that gained popularity in the 2010s. They are usually scanned using a camera or QR code scanning app on your phone to redirect you to a website, product details, or contact information.
Here’s an example of a QR code (this will redirect to noypigeeks.com).
However, since these codes are commonly used in digital payments, are “quick response,” and are easily accessible using phones, cybercriminals are now also using them to scam people.
How does ‘quishing’ work?
Attackers use quishing in various creative ways to make their targets scan the QR code, which will redirect them to malicious websites. For instance:
- They will embed a compromised QR code on social media posts and emails by offering promotions or giveaways.
- They will print QR codes on printed fliers or physical objects, like delivery packages.
- They will use social engineering techniques to persuade victims to scan the QR codes, like offering a prize or cash.
Once you are directed to the malicious site, you will be prompted to enter your personal and financial information, such as your name, email address, phone number, date of birth, or credit card details.
Afterward, the attackers can use the information extracted for identity theft, financial fraud, or installing ransomware.
Quishing is also different because it may require victims to use multiple devices – one for receiving the email and a phone for scanning the code.
How to prevent quishing scams
These types of social engineering and phishing schemes can happen to anyone, so you must be prepared. Here are some ways you can prevent cybercriminals from getting your information through quishing:
- Don’t scan any QR code. Be careful when scanning QR codes attached to unsuspected places and things, like delivered items and packages. You may also check for signs of tampering.
- Check the URL. Hover your camera or QR scanning app first to check if the website URL is trustworthy.
- Check for signs. Avoid common phishing signs on emails, like misspellings and grammatical errors.
- Check their “rewards.” Beware of the language used in emails or texts; they typically deceive their victims by making them feel a sense of urgency to scan the QR code.
- Don’t input anything. If you accidentally entered a malicious website, refrain from providing crucial personal and financial information.
Remember: The weakest link in these quishing scams is you.
What to do if you suspect you’re compromised by quishing?
If you think that your information has been compromised by quishing, then it’s crucial to act fast through these actions:
- If you entered your credentials into the quishing website, change your login details immediately, such as your social media and online banking accounts.
- Notify your bank about a potential compromise. You may request a new credit card if needed.
Quishing is a different application of the same concept of phishing, but instead of emails, SMS, or voice messages, it uses QR codes.
Since these square blocks of bar codes are now common, the risk of falling into this trap also increased. If you’re not careful, you may unwillingly give up your information. That’s why you should be cautious when scanning and opening QR codes.