
In an age of ubiquitous QR codes, cybercriminals have devised a new way to deceive internet users - quishing. This type of attack uses QR codes to redirect users to fake websites, where personal data may be stolen or devices infected with malware.
How Does Quishing Work?
Criminals generate QR codes that look identical to real ones. They then place these codes in public places, such as sidewalks, lamp posts, or bulletin boards, or send them in emails or SMS messages. These codes may lead to fake banking sites, social media portals, reward pages, or other popular services.
After scanning the QR code, the user is redirected to a page that looks identical to the original. Scammers often use social engineering techniques to persuade victims to provide login details, credit card numbers, or other confidential information.
What Are the Threats Associated with Quishing?
As reported recently by Bankier.pl, there are no official statistics on quishing attacks in Poland. However, the threat is rising, as evidenced by warnings from the Ministry of Digitization, the Financial Supervision Authority, and CERT. A new vector of attack includes counterfeit QR code stickers on parking meters.
According to analysts at Keepnet Labs, quishing will be one of the most serious threats to businesses and individuals in 2024. In 2023, the number of data or money theft cases using this method increased globally by 587%.
Quishing can lead to serious consequences for victims, including:
- Theft of personal data: Scammers may use victims` personal information for identity theft, financial fraud, or other crimes.
- Financial loss: Victims may lose money from their bank accounts or credit cards.
- Device infection with malware: Fake websites may contain malware that can damage devices or steal data.
- Loss of reputation: In cases of identity theft, victims may have difficulties obtaining credit or employment.
How to Protect Yourself from Quishing?
To protect yourself from quishing, exercise caution when scanning QR codes:
- Never scan QR codes from unknown sources: Do not scan QR codes placed in public locations or received in emails or SMS from unknown senders.
- Carefully check the QR code: Before scanning, closely inspect the QR code. Look for any spelling errors or discrepancies in the URL.
- Use a QR code scanning app with authenticity checking: Some apps can verify whether a QR code is authentic.
Never provide personal data on websites after scanning a QR code, even if the site looks identical to the original. Also, remember to regularly update your antivirus software.
COMMERCIAL BREAK
New articles in section Law in media
SEO Poisoning. Hackers Use Search Engines to Target Businesses
Piotr Rozmiarek
Search engines help us quickly find information, but they can also be used by cybercriminals. SEO poisoning is a tactic where attackers manipulate search engine rankings to place harmful websites at the top of search results.
Phishing in the Cryptocurrency Industry. Fake Recruitments Steal Data
Piotr Rozmiarek
Security researchers have detected a social engineering campaign targeting job seekers in the Web3 industry. The attack aims to conduct fake job interviews via a meeting application that installs information-stealing malware.
SLAPP Lawsuits in Europe. How Journalists and Activists Are Silenced
Krzysztof Fiedorek
The number of strategic lawsuits aimed at intimidating journalists, activists, and civil society organizations is increasing in Europe. According to the CASE SLAPPs Report 2024, as many as 1,049 such cases were identified between 2010 and 2023.
See articles on a similar topic:
Cyber Threats 2023: Phishing Dominates, AI Targeted
Krzysztof Fiedorek
The CERT Orange Polska 2023 report reveals a rapidly evolving cyber threat landscape. Phishing has taken a decisive lead, accounting for over 44% of reported incidents. Advanced social engineering techniques, deepfakes, and a surge in malicious ads lure users with promises of quick profits or easy opportunities.
Why do People Spread Disinformation? Results of DigiPatch Research
Ewelina Krajczyńska-Wujec
People strongly driven by the need for power are more likely to share posts on social media, including disinformation. Power itself, like the need to gain prestige and recognition, is not associated with the frequency of spreading false information, according to research involving Professor Małgorzata Kossowska from the Jagiellonian University.
What Data Google Collects. Privacy on the Internet
KF
According to a gs.statcounter.com report – May 2018, Google captures over 97% of internet users. Currently, many free applications are available to users. What does Google collect? When using the most popular search engine, we should be aware of how our data is collected and used.
Data for Benefits: What Encourages Sharing Personal Information Online
Krzysztof Fiedorek
Most Poles are aware of the value of their personal data and do not share it without reason. However, one in five is willing to share data in exchange for benefits, and 16% of us do not remember if we have done so. These are the results of a study conducted by ChronPESEL.pl and the National Debt Register under the patronage of the UODO.