Quishing, the QR Code scam

Cyber ​​scams are becoming increasingly sophisticated and difficult to detect as the Quishing. This emerging threat is similar to phishing but exploitative QR codesthose black and white squares now widely used in restaurants, in advertising and on many occasions. While QR codes are convenient tools for quickly accessing information or payments, they also represent a potential danger for the security of our devices and above all of our personal data.

The term Quishing derives from the fusion of «QR code» and «Phishing», it is a social engineering technique which aims to deceive users through seemingly harmless messages. In some cases the malicious QR is inserted into a PDF document like fake electricity bills. These messages, often personalized and well-constructed, simulate communications from trusted entities, such as banks, payment services or well-known companies.

The attack occurs in a very simple way: cyber criminals select their victims through stolen contact lists or using public information on social networks; the malicious QR code is distributed through various channels, such as email, social media, stickers on public surfaces or even on business cards.

When the user scans the code with their smartphone, they are redirected to a malicious website which may seem legitimate. This site may ask you to enter login credentials, banking information, or to download infected files. Once collected, this information is used to steal identities, empty bank accounts, or access your personal data.

It’s a subtle threat that of Quishing because it is difficult to immediately identify the suspicious link and because everything happens very simply, with a quick and automatic gesture. All the more reason to pay attention and avoid falling into the trap, the consequences can in fact be quite serious. With this technique, in fact, not only can criminals steal sensitive information, such as login credentials, financial data, but also facilitate the installation of malicious software on our devices which in some cases can even lead to loss of control of our smartphone.

Here are some useful countermeasures to avoid the risks of Quishing:

  • Verify the source: Before scanning a QR code, verify the source and context. Avoid scanning QR codes found in public places or received from untrustworthy sources.
  • Enable Preview: Make sure the reader app shows the full URL before opening the site. This allows you to evaluate whether the link is suspicious.
  • Check the URL: After scanning a QR code, check the address of the website you are redirected to. Make sure the URL is legitimate and has no warning signs.
  • Update software: Keep your device software and apps up-to-date to protect against known vulnerabilities.
  • Avoid entering sensitive information: If a QR code redirects you to a site that requires login or personal information, think twice before proceeding. Always access directly from the official website, without going through the QR code.

Unfortunately, news reports the growing spread of this threat, so get to know Quishing and adopt prudent behaviour it’s the first step in protecting yourself and your data. At the same time, it is important to be aware of other cyber threats that can affect smartphones, because digital security is never absolute.

So be careful of public wi-fi, harmful apps, keylogging (theft of access credentials), juice jacking (threats that come from charging systems). Always keep your guard up it is a fundamental attitude because the techniques used by cyber criminals are increasingly sophisticated but also particularly effective in making us fall into traps. Sometimes it doesn’t take much, we just need to overcome a little aversion and laziness to install good protection software on our devices.

Source: Vanity Fair

You may also like