
In an age of ubiquitous QR codes, cybercriminals have devised a new way to deceive internet users - quishing. This type of attack uses QR codes to redirect users to fake websites, where personal data may be stolen or devices infected with malware.
How Does Quishing Work?
Criminals generate QR codes that look identical to real ones. They then place these codes in public places, such as sidewalks, lamp posts, or bulletin boards, or send them in emails or SMS messages. These codes may lead to fake banking sites, social media portals, reward pages, or other popular services.
After scanning the QR code, the user is redirected to a page that looks identical to the original. Scammers often use social engineering techniques to persuade victims to provide login details, credit card numbers, or other confidential information.
What Are the Threats Associated with Quishing?
As reported recently by Bankier.pl, there are no official statistics on quishing attacks in Poland. However, the threat is rising, as evidenced by warnings from the Ministry of Digitization, the Financial Supervision Authority, and CERT. A new vector of attack includes counterfeit QR code stickers on parking meters.
According to analysts at Keepnet Labs, quishing will be one of the most serious threats to businesses and individuals in 2024. In 2023, the number of data or money theft cases using this method increased globally by 587%.
Quishing can lead to serious consequences for victims, including:
- Theft of personal data: Scammers may use victims` personal information for identity theft, financial fraud, or other crimes.
- Financial loss: Victims may lose money from their bank accounts or credit cards.
- Device infection with malware: Fake websites may contain malware that can damage devices or steal data.
- Loss of reputation: In cases of identity theft, victims may have difficulties obtaining credit or employment.
How to Protect Yourself from Quishing?
To protect yourself from quishing, exercise caution when scanning QR codes:
- Never scan QR codes from unknown sources: Do not scan QR codes placed in public locations or received in emails or SMS from unknown senders.
- Carefully check the QR code: Before scanning, closely inspect the QR code. Look for any spelling errors or discrepancies in the URL.
- Use a QR code scanning app with authenticity checking: Some apps can verify whether a QR code is authentic.
Never provide personal data on websites after scanning a QR code, even if the site looks identical to the original. Also, remember to regularly update your antivirus software.
COMMERCIAL BREAK
New articles in section Law in media
Dietary supplement ads in Poland. Who keeps influencers in check?
Newseria, KFi
One in three Polish internet users considers influencer recommendations when deciding on medicines and dietary supplements. Although promotion of such products is regulated, there are still cases of advertising that skirt the law.
SEO Poisoning. Hackers Use Search Engines to Target Businesses
Piotr Rozmiarek
Search engines help us quickly find information, but they can also be used by cybercriminals. SEO poisoning is a tactic where attackers manipulate search engine rankings to place harmful websites at the top of search results.
Phishing in the Cryptocurrency Industry. Fake Recruitments Steal Data
Piotr Rozmiarek
Security researchers have detected a social engineering campaign targeting job seekers in the Web3 industry. The attack aims to conduct fake job interviews via a meeting application that installs information-stealing malware.
See articles on a similar topic:
Hate in the Polish Internet. IRCenter Study
Krzysztof Fiedorek
The proportion of hate speech victims is inversely proportional to the age of internet users. The study authors point out that this is directly influenced by the fact that older generations are instilled with the principles of respectful discussion and use the internet less frequently.
Illusory Security. Small and Medium Enterprises Easy Targets for Cybercrime
KF
35% of micro, small, and medium enterprises (SMEs) fear the theft of their employees' personal data. This comes from research conducted on behalf of ChronPESEL.pl and the National Debt Register of Poland.
Local Media in Poland - Freedom of Speech
Bartłomiej Dwornik
Abuse of freedom of speech is as common as imposing muzzles on journalists. Although the Press Law and the Constitution guarantee this fundamental freedom to everyone.
Cyber Attack on a Corporate Smartphone. How to Protect Yourself
KrzysztoF
Internet-connected mobile devices are an attractive target for cybercriminals. The key to protecting sensitive business data is employee awareness, hardware solutions, and appropriate software. This mini-guide provides a quick overview of how to protect each of these areas.