Security Tips

Quishing – Next Generation Phishing

In our digital age, QR codes have become an everyday sight. QR Codes are a convenient way to access websites, wireless networks, and information quickly. However, as with any other technology, there’s a dark side to QR codes that you should be aware of – QR code phishing or Quishing.

What is a QR Code?

Before we dive into QR code phishing, let’s understand what a QR code is. QR stands for “Quick Response,” and these can supply various information such as website URLs, contact information, or text. To read a QR code, you simply use your smartphone’s camera or a QR code scanner app.

What is QR Code Phishing?

QR code phishing is a technique used by cybercriminals to trick you into scanning a malicious QR code. The goal is to steal your personal information, such as login credentials, credit card details, or infect your device with malware.

How Does QR Code Phishing Work?

1. Fake QR Codes: Cybercriminals create counterfeit QR codes that appear legitimate but lead to malicious websites or apps. For instance, you might scan a QR code that you believe will take you to a legitimate website, but it directs you to a fake login page designed the same way as the legitimate website in attempt to steal your username and password.

2. Malware Delivery: Scanning a QR code can also trigger the download of malicious software onto your device. Once installed, this malicious software can compromise your device’s security and steal sensitive information.

3. Data Theft: In some cases, QR code phishing can lead to data theft by tricking you into supplying personal information, such as your email address, phone number, or credit card details.

How to Protect Yourself from QR Code Phishing

Now that you know about the risks of QR code phishing, here are some simple tips that can help you not fall victims for these types of attacks:

1. Verify the Sender: Make sure to verify the authenticity from where you received the QR code. If you received the QR code in an email format or a text message, make sure to verify the email address or the phone number from where you received it from.

2. Look for the external source banner: Many companies implement a banner that informs the user that the email received is coming from an external source. Always question emails coming from an unknown sender.

3. Install a Reliable QR Code Scanner: Download a reputable QR code scanner app from your device’s app store. These apps often have built-in security features to detect malicious codes.

4. Verify the URL: When a QR code leads to a website, check the URL in your browser’s address bar or the URL preview on your preferred scanner to ensure it matches the legitimate website’s domain.

5. Use Two-Factor Authentication: Whenever possible, enable two-factor authentication for your online accounts. This adds an extra layer of security which will make it harder for the cybercriminal to access your account, even if your login credentials are compromised.

In conclusion, while QR codes offer convenience and quick access to information, they can also be used with a bad intent like QR code phishing. By staying alert and by keeping these tips in mind, you can protect yourself from falling victim to QR code phishing frauds.

This Cybersecurity Awareness Campaign is co-funded by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Cybersecurity Competence Centre. Neither the European Union nor the European Cybersecurity Competence Centre can be held responsible for them.