Quishing... What is it?

The New Phishing Scam Involving QR Codes 

Quishing… What is it? 

The New Phishing Scam involving QR Codes 

The rise of the QR code has been incredibly useful for advertising, ticketing and even presenting basic information like restaurant menus. However, with great technological advances come great risks, and cyber criminals are using this easy method of communication as a means to carry out fraudulent activities.  

If you aren’t already familiar with the concept of QR codes, they are 2 dimensional barcodes which, when scanned by a compatible camera device (e.g. most modern mobile phones), send you to a web link. As you can imagine, this opens up a realm of opportunities for cyber criminals, made especially effective by codes being hard to recognise by a human victim or even a digital spam filter. 

Lots of Quishing scams consist of sending standard Phishing emails with seemingly innocent content and an attached QR code for the victim to scan with their phone. The links in the codes redirect from legitimate domains associated with Bing, Salesforce and Cloudflare, to phishing sites that try to gather Microsoft credentials from the target. 

But it doesn’t always have to be techy. Nowadays, we’re a lot more aware of email scams, so some Quishing scammers have resorted to more organic means. Have you ever stumbled across a QR code sticker on a lamppost, or spotted a leaflet on a park bench with a QR code web link? These will often be completely innocent methods of advertising but this is exactly how scammers may find their victims. 

So, how can you avoid a Quishing blunder? 

1.  Be smart.
If a QR code is in a “safe” location (e.g. a flyer handed to you by a company’s employee, an information placard beside a museum artefact, a piece of official product packaging), it’s probably okay. But don’t make the mistake of assuming unless there’s absolutely no doubt, and still consider asking for direct confirmation.
“Anyone can stick something on the back of a dispenser in a restaurant or on the back of a door… Independently verify — is this the real business?” Brian Rauer, the executive director and general counsel for the Better Business Bureau of Metro New York. 

2. Watch out for suspicious URLs and webpages after scanning.
As well as sneaky redirections, scammers can also create completely fake webpages, designed to look just like the real thing. Make sure to inspect the website name in the URL and keep a close look out for errors on the page’s design or text.

3. Have the appropriate safety barriers in place.
Sometimes, despite all your best efforts, things might still go wrong. That’s why it is vital to have powerful, reliable endpoint protection in place, helping to keep your device safe even after a breach may have occurred.

Looking to find out more about Quishing and how best to protect yourself? Get in touch with our expert Cyber Security department today. 

Blog Top Picks

Terms of Use   /   Privacy Policy        Company Registration Number: 02059640