11.03.2024 Law in media
Quishing. How to Protect Yourself from QR Code Scams
Krzysztof Fiedorek
According to analysts from Keepnet Labs, quishing will be one of the most serious threats to businesses and individuals in 2024. In 2023, the number of data or money theft cases using this method increased globally by 587%.
w wydaniu polskim
illustration: bing.com/createIn an age of ubiquitous QR codes, cybercriminals have devised a new way to deceive internet users - quishing. This type of attack uses QR codes to redirect users to fake websites, where personal data may be stolen or devices infected with malware.
How Does Quishing Work?
Criminals generate QR codes that look identical to real ones. They then place these codes in public places, such as sidewalks, lamp posts, or bulletin boards, or send them in emails or SMS messages. These codes may lead to fake banking sites, social media portals, reward pages, or other popular services.
After scanning the QR code, the user is redirected to a page that looks identical to the original. Scammers often use social engineering techniques to persuade victims to provide login details, credit card numbers, or other confidential information.
What Are the Threats Associated with Quishing?
As reported recently by Bankier.pl, there are no official statistics on quishing attacks in Poland. However, the threat is rising, as evidenced by warnings from the Ministry of Digitization, the Financial Supervision Authority, and CERT. A new vector of attack includes counterfeit QR code stickers on parking meters.
According to analysts at Keepnet Labs, quishing will be one of the most serious threats to businesses and individuals in 2024. In 2023, the number of data or money theft cases using this method increased globally by 587%.
Quishing can lead to serious consequences for victims, including:
- Theft of personal data: Scammers may use victims` personal information for identity theft, financial fraud, or other crimes.
- Financial loss: Victims may lose money from their bank accounts or credit cards.
- Device infection with malware: Fake websites may contain malware that can damage devices or steal data.
- Loss of reputation: In cases of identity theft, victims may have difficulties obtaining credit or employment.
How to Protect Yourself from Quishing?
To protect yourself from quishing, exercise caution when scanning QR codes:
- Never scan QR codes from unknown sources: Do not scan QR codes placed in public locations or received in emails or SMS from unknown senders.
- Carefully check the QR code: Before scanning, closely inspect the QR code. Look for any spelling errors or discrepancies in the URL.
- Use a QR code scanning app with authenticity checking: Some apps can verify whether a QR code is authentic.
Never provide personal data on websites after scanning a QR code, even if the site looks identical to the original. Also, remember to regularly update your antivirus software.
COMMERCIAL BREAK
New articles in section Law in media
SEO Poisoning. Hackers Use Search Engines to Target Businesses
Piotr Rozmiarek
Search engines help us quickly find information, but they can also be used by cybercriminals. SEO poisoning is a tactic where attackers manipulate search engine rankings to place harmful websites at the top of search results.
Phishing in the Cryptocurrency Industry. Fake Recruitments Steal Data
Piotr Rozmiarek
Security researchers have detected a social engineering campaign targeting job seekers in the Web3 industry. The attack aims to conduct fake job interviews via a meeting application that installs information-stealing malware.
SLAPP Lawsuits in Europe. How Journalists and Activists Are Silenced
Krzysztof Fiedorek
The number of strategic lawsuits aimed at intimidating journalists, activists, and civil society organizations is increasing in Europe. According to the CASE SLAPPs Report 2024, as many as 1,049 such cases were identified between 2010 and 2023.
See articles on a similar topic:
Data for Benefits: What Encourages Sharing Personal Information Online
Krzysztof Fiedorek
Most Poles are aware of the value of their personal data and do not share it without reason. However, one in five is willing to share data in exchange for benefits, and 16% of us do not remember if we have done so. These are the results of a study conducted by ChronPESEL.pl and the National Debt Register under the patronage of the UODO.
GDPR and Press Releases. Is Journalists' Consent Required?
BARD
After May 24, will it be possible to send press releases to journalists without concern, or is it safer to obtain their consent? Industry experts and lawyers explained GDPR regulations on this topic to infoWire.pl news agency journalists.
Local Media in Poland - Workshop and Ethics
Bartłomiej Dwornik
Every day, journalists face the dilemma of whether to report on something or to omit it. Where does information end, and where does violation of privacy begin?
Illusory Security. Small and Medium Enterprises Easy Targets for Cybercrime
KF
35% of micro, small, and medium enterprises (SMEs) fear the theft of their employees' personal data. This comes from research conducted on behalf of ChronPESEL.pl and the National Debt Register of Poland.
