Watch out for this QR code scam called ‘Quishing’
Scams have changed a lot in recent years, using advances in technology and insights into human behaviour to trick people and businesses. From old-school cons to clever digital schemes, they have developed a range of tactics, recently called ‘Quishing,’ to manipulate their victims into sharing personal information or sending money. As we rely more on technology in our everyday lives, it’s essential to understand this new form of scam to protect ourselves.
The new type of fraud is called ‘Quishing’
What is a QR code?
A Quick Response (QR) code is a two-dimensional barcode designed for reading encoded information quickly. You can scan QR code easily by using a mobile phone camera. They can encode almost any information, including alphanumeric characters, images, links, business cards, and payment details such as banking information and seller data. Scanning a QR code enables direct money transfers, with sellers receiving instant notifications of payments. This significantly speeds up and simplifies the payment process for goods and services.
As such, QR codes have become one of the most accessible, convenient, and fast tools for cashless payments for both buyers and sellers. However, scammers exploit this by placing QR codes in public spaces or attaching them to email spam.
How does Quishing work?
Creating a QR code is easy with various free online generators that redirect users to embedded URLs when scanned. Since the human eye cannot ‘read’ a QR code, scammers can replace a legitimate code with their own. These “fake” QR codes can lead to malicious websites designed to steal sensitive information.
QR code scam with contactless payments
One common use of QR codes is for payments at places like food courts or parking lots. Before making a payment with a QR code, check the website name and its security. It should start with HTTPS and display a padlock symbol. Unsuspecting citizens have scanned QR codes in public places and fallen victim to phishing, entering their personal details on fake websites.
Fake QR codes sent via email
When making online purchases, you might receive an email about a “failed payment,” requesting that you scan a QR code to complete the transaction. Such messages can be sent by scammers, especially if you shop on websites that have been hacked. If you suspect that your online purchase did not go through, log in to your account directly on the official website instead of using the QR code.
QR codes on unexpected packages
Scammers can exploit curiosity by sending a courier package from an online store that you didn’t order. Inside or on the packaging, you’ll find a QR code with “instructions” on how to return it (or learn more about your order). If you scan the code, it will automatically redirect you to a phishing website that can access your personal information.
Another version of this scam involves a written notice with a QR code left on your door about a “missed package.” When you scan the code, you might be asked to enter personal details or pay an additional delivery fee. If you receive an unexpected package, it’s best to contact the delivery service directly.
QR codes sent through social media
Scammers can send fake QR codes through hacked social media accounts with messages like, “Check out this photo of you!” You’re more likely to scan the code, thinking it’s from a “friend.” Account hacking is prevalent across all platforms. If you get a strange QR code message from someone you follow, contact them directly to confirm their account is secure.
Cryptocurrency QR code scam
Of all the types of QR code fraud, this one is associated with significant financial losses. Scammers posing as fake investment companies may offer you the chance to invest in cryptocurrencies. They send you a QR code that opens a payment processor allowing you to convert your money into Bitcoin and other cryptocurrencies. Once you make the transfer, the scammers disappear.
What to do to avoid becoming a victim
First and foremost, avoid scanning QR codes in crowded places. If you do scan a QR code and are directed to a website, check the URL before entering any personal information. It may be a phishing page disguised as an online store or marketplace.
For added security, consider using QR code scanning apps from reputable antivirus providers. It can check the code for malicious content and alert you to potential dangers.
If you notice money deducted from your account after using a QR code, contact your bank immediately to clarify the situation and block your accounts. Additionally, report the Quishing fraud to law enforcement. Don’t forget to change all your passwords across accounts. Try using secure passwords of at least eight characters that include uppercase and lowercase letters, symbols, and numbers. Install antivirus software to protect your device from malware. Stay vigilant!
