Quishing Alert — QR Code Phishing Scams Spike 587%
By: Jim Stickley and Tina Davis
January 29, 2024
It’s the latest form of email phishing to hit the headlines. Researchers at Check Point find QR code phishing scams, called “Quishing” were up a whopping 587% in just two months. Quishing is a phishing attack using emails to send a malicious QR code. And now this credential-stealing scam has grown into epic proportions. Here’s what you need to know to help avoid Quishing…
What Is Quishing?
QR codes can carry all types of mischief within their busy black and white boxes. These days, simply scanning one to see a menu or get more information can be trouble. On their own, these codes can be filled with malware or malicious links sending you to an info-stealing website. But as you can probably guess, socially engineered phishing emails may also carry Quishing QR codes in the message. Scammers hope falling for their email means you’ll scan the QR code too. You can think of Quishing as a one-two punch email phishing + QR code scam looking to knock out its next victim.
How Not to Scan a Quishing Scam:
Think first: Do you really need to follow a QR code as opposed to typing-in the real, trusted website yourself?
- Be suspicious of any email with a QR code. Run through email phishing red flags before opening and acting on the email, especially those saying to scan a QR code.
- Beware of providing any personal information after scanning a QR code, especially one from an unfamiliar email source.
- Carefully check the URL spelling of a website the QR scan brings you to. Make sure the website is exactly what it claimed to be.
- To avoid unintended scans, consider turning off the scanning feature on your phone. You can always turn it one when you need it.
In our growing desire for instant information, QR codes and Quishing present a uniquely tempting challenge. Once again, it’s up to users to protect ourselves from cyber-creeps and their own growing desire to rip-us-off, so stay vigilant. Remember, the more you know, the safer you’ll be.