11.03.2024 Law in media
Quishing. How to Protect Yourself from QR Code Scams
Krzysztof Fiedorek
According to analysts from Keepnet Labs, quishing will be one of the most serious threats to businesses and individuals in 2024. In 2023, the number of data or money theft cases using this method increased globally by 587%.
illustration: bing.com/createIn an age of ubiquitous QR codes, cybercriminals have devised a new way to deceive internet users—quishing. This type of attack uses QR codes to redirect users to fake websites, where personal data may be stolen or devices infected with malware.
How Does Quishing Work?
Criminals generate QR codes that look identical to real ones. They then place these codes in public places, such as sidewalks, lamp posts, or bulletin boards, or send them in emails or SMS messages. These codes may lead to fake banking sites, social media portals, reward pages, or other popular services.
After scanning the QR code, the user is redirected to a page that looks identical to the original. Scammers often use social engineering techniques to persuade victims to provide login details, credit card numbers, or other confidential information.
What Are the Threats Associated with Quishing?
As reported recently by Bankier.pl, there are no official statistics on quishing attacks in Poland. However, the threat is rising, as evidenced by warnings from the Ministry of Digitization, the Financial Supervision Authority, and CERT. A new vector of attack includes counterfeit QR code stickers on parking meters.
According to analysts at Keepnet Labs, quishing will be one of the most serious threats to businesses and individuals in 2024. In 2023, the number of data or money theft cases using this method increased globally by 587%.
Quishing can lead to serious consequences for victims, including:
- Theft of personal data: Scammers may use victims` personal information for identity theft, financial fraud, or other crimes.
- Financial loss: Victims may lose money from their bank accounts or credit cards.
- Device infection with malware: Fake websites may contain malware that can damage devices or steal data.
- Loss of reputation: In cases of identity theft, victims may have difficulties obtaining credit or employment.
How to Protect Yourself from Quishing?
To protect yourself from quishing, exercise caution when scanning QR codes:
- Never scan QR codes from unknown sources: Do not scan QR codes placed in public locations or received in emails or SMS from unknown senders.
- Carefully check the QR code: Before scanning, closely inspect the QR code. Look for any spelling errors or discrepancies in the URL.
- Use a QR code scanning app with authenticity checking: Some apps can verify whether a QR code is authentic.
Never provide personal data on websites after scanning a QR code, even if the site looks identical to the original. Also, remember to regularly update your antivirus software.
COMMERCIAL BREAK
See articles on a similar topic:
Harassment of Female Journalists in Poland. Zamenhof Institute Report
RINF
Over half of female journalists have experienced harassment. The report and a dedicated website for the project, offtherecord.zamenhof.pl, present real, anonymous stories of harassed female journalists, along with numerical data documenting the scale of the issue.
Local Media in Poland - Court Cases
Bartłomiej Dwornik
Investigative journalists in local newsrooms often remain in the shadow of their colleagues from national outlets, despite frequently being the first to uncover a scandal.
Local Media in Poland - Corrections
Bartłomiej Dwornik
The regulations regarding corrections are perhaps the most frequently violated rule in Polish media. There is a clear division between those who never admit to mistakes and those who can humbly accept their faults.
Cyberwarfare on the Internet. The ESET Report
KF
Governments, corporations, and even the education sector are becoming targets of advanced cyber attacks. The report for the period from October 2023 to March 2024, prepared by ESET, sheds light on the intensification of activities by Advanced Persistent Threat (APT) groups, which conduct espionage, sabotage, and destabilization operations in key sectors on behalf of states.
Illusory Security. Small and Medium Enterprises Easy Targets for Cybercrime
KF
35% of micro, small, and medium enterprises (SMEs) fear the theft of their employees' personal data. This comes from research conducted on behalf of ChronPESEL.pl and the National Debt Register of Poland.
Data for Benefits: What Encourages Sharing Personal Information Online
Krzysztof Fiedorek
Most Poles are aware of the value of their personal data and do not share it without reason. However, one in five is willing to share data in exchange for benefits, and 16% of us do not remember if we have done so. These are the results of a study conducted by ChronPESEL.pl and the National Debt Register under the patronage of the UODO.
Children’s Online Safety. Clickmeeting Analysis
KrzysztoF
Over half of surveyed parents believe their children are aware of the dangers lurking online. At the same time, just over 40 percent of respondents admit to taking steps to protect their children’s privacy online.
