
In an age of ubiquitous QR codes, cybercriminals have devised a new way to deceive internet users - quishing. This type of attack uses QR codes to redirect users to fake websites, where personal data may be stolen or devices infected with malware.
How Does Quishing Work?
Criminals generate QR codes that look identical to real ones. They then place these codes in public places, such as sidewalks, lamp posts, or bulletin boards, or send them in emails or SMS messages. These codes may lead to fake banking sites, social media portals, reward pages, or other popular services.
After scanning the QR code, the user is redirected to a page that looks identical to the original. Scammers often use social engineering techniques to persuade victims to provide login details, credit card numbers, or other confidential information.
What Are the Threats Associated with Quishing?
As reported recently by Bankier.pl, there are no official statistics on quishing attacks in Poland. However, the threat is rising, as evidenced by warnings from the Ministry of Digitization, the Financial Supervision Authority, and CERT. A new vector of attack includes counterfeit QR code stickers on parking meters.
According to analysts at Keepnet Labs, quishing will be one of the most serious threats to businesses and individuals in 2024. In 2023, the number of data or money theft cases using this method increased globally by 587%.
Quishing can lead to serious consequences for victims, including:
- Theft of personal data: Scammers may use victims` personal information for identity theft, financial fraud, or other crimes.
- Financial loss: Victims may lose money from their bank accounts or credit cards.
- Device infection with malware: Fake websites may contain malware that can damage devices or steal data.
- Loss of reputation: In cases of identity theft, victims may have difficulties obtaining credit or employment.
How to Protect Yourself from Quishing?
To protect yourself from quishing, exercise caution when scanning QR codes:
- Never scan QR codes from unknown sources: Do not scan QR codes placed in public locations or received in emails or SMS from unknown senders.
- Carefully check the QR code: Before scanning, closely inspect the QR code. Look for any spelling errors or discrepancies in the URL.
- Use a QR code scanning app with authenticity checking: Some apps can verify whether a QR code is authentic.
Never provide personal data on websites after scanning a QR code, even if the site looks identical to the original. Also, remember to regularly update your antivirus software.
COMMERCIAL BREAK
New articles in section Law in media
SEO Poisoning. Hackers Use Search Engines to Target Businesses
Piotr Rozmiarek
Search engines help us quickly find information, but they can also be used by cybercriminals. SEO poisoning is a tactic where attackers manipulate search engine rankings to place harmful websites at the top of search results.
Phishing in the Cryptocurrency Industry. Fake Recruitments Steal Data
Piotr Rozmiarek
Security researchers have detected a social engineering campaign targeting job seekers in the Web3 industry. The attack aims to conduct fake job interviews via a meeting application that installs information-stealing malware.
SLAPP Lawsuits in Europe. How Journalists and Activists Are Silenced
Krzysztof Fiedorek
The number of strategic lawsuits aimed at intimidating journalists, activists, and civil society organizations is increasing in Europe. According to the CASE SLAPPs Report 2024, as many as 1,049 such cases were identified between 2010 and 2023.
See articles on a similar topic:
Cyberwarfare on the Internet. The ESET Report
KF
Governments, corporations, and even the education sector are becoming targets of advanced cyber attacks. The report for the period from October 2023 to March 2024, prepared by ESET, sheds light on the intensification of activities by Advanced Persistent Threat (APT) groups, which conduct espionage, sabotage, and destabilization operations in key sectors on behalf of states.
How to Detect Pegasus on Your Phone and Protect Against Spying
RINF
The nature of spyware is to remain as hidden as possible, making it difficult to detect on a device. However, some mechanisms can help verify if a smartphone has been compromised.
GDPR in Media. Regulations Complicate Campaign Planning and Execution
BARD
Most Polish news portals and online stores have adopted consent mechanisms designed in a way that makes it hard to refuse consent
Illusory Security. Small and Medium Enterprises Easy Targets for Cybercrime
KF
35% of micro, small, and medium enterprises (SMEs) fear the theft of their employees' personal data. This comes from research conducted on behalf of ChronPESEL.pl and the National Debt Register of Poland.