Previous | 2024 Annual Big Game Predictor Next | Tips for using peer-to-peer payment apps
February 08, 2024 / Ray Wills
Quishing attacks use QR codes to lure victims

Quishing attacks use QR codes to lure victims

First there was phishing. Then came smishing. Now, we’re being warned about quishing, an attack in which a QR code is used to manipulate users, typically by redirecting them to a website that either downloads malware or solicits their sensitive information.

A QR code, or quick response code, is a square barcode that compatible mobile device cameras can read. When a user scans a QR code, it often opens a web page, although it could also trigger a phone call, text message, or digital payment.

Anecdotal evidence suggests quishing attacks have increased since the beginning of the COVID-19Graphic of a person holding a phone that shows a QR code with a robber hiding behind it. pandemic when a growing number of legitimate organizations started using QR codes to enable low-contact transactions. Many restaurants, for example, link QR codes to online menus, rather than providing hard copies. Digital wallets use QR codes to facilitate contactless payments. As users have become increasingly accustomed to interacting with QR codes in daily life, quishing opportunities have increased.

According to the Better Business Bureau, a common scam involves sticking fraudulent QR codes on parking meters to trick drivers into sharing financial credentials when they try to pay for parking. Consumers also can encounter QR code scams in emails, in text messages, on signage, on direct mail, and even in person from criminals posing as utility workers or government employees.

The best defense against quishing attacks is an educated user base. Here are some best practices you can use to avoid falling victim to an attack:

  • Never scan a QR code from an unfamiliar source.
  • If you receive a QR code from a trusted source via email, confirm through a separate medium – text message, voice call, etc. – that the message is legitimate.
  • Stay alert for hallmarks of phishing campaigns, such as a sense of urgency and appeals to emotions such as sympathy, fear, etc.
  • Review the preview of the QR code’s URL before opening it to see if it appears legitimate. Make sure the website uses https rather than http, doesn't have obvious misspellings, and has a trusted domain. Don’t click on unfamiliar or shortened links.
  • Be extremely wary if a QR code takes you to a site that asks for personal information, login credentials, or payment.
  • Observe good password hygiene by changing your email password frequently and never using the same password for more than one account.

The simplest thing you can do is not scan QR codes – especially those from unknown sources.

 

Ray Wills is security officer for F&M Trust.

Recent Articles
Tips for using peer-to-peer payment apps
Tips for using peer-to-peer payment apps

Tips for using peer-to-peer payment apps

February 21, 2024 / Matt Sheibley

Consider these things when filing your tax return
Consider these things when filing your tax return

Consider these things when filing your tax return

February 14, 2024 / Alyssa Proctor

2024 Annual Big Game Predictor
2024 Annual Big Game Predictor

2024 Annual Big Game Predictor

February 04, 2024 / Warren Hurt

How to manage your checking account
How to manage your checking account

How to manage your checking account

January 18, 2024 / Mary Kate Mumper

Just Married: Individual or joint accounts?
Just Married: Individual or joint accounts?

Just Married: Individual or joint accounts?

January 16, 2024 / Laura Lowry

What is financial wellness, and how do I achieve it?
What is financial wellness, and how do I achieve it?

What is financial wellness, and how do I achieve it?

January 09, 2024 / Meghan Heebner

Buying a car: Used, new, or leased?
Buying a car: Used, new, or leased?

Buying a car: Used, new, or leased?

January 02, 2024 / Lisa Hogue

Finding funds in an emergency
Finding funds in an emergency

Finding funds in an emergency

December 19, 2023 / Anne Bednar

Is a bridge loan right for me?
Is a bridge loan right for me?

Is a bridge loan right for me?

December 12, 2023 / Alicia Beecher

Join our e-newsletter

Sign up for our e-newsletter to get new content each month.

NOTICE: YOU ARE LEAVING F&M TRUST!

You are now leaving the F&M Trust website. Links to third-party sites are provided for your convenience. Such sites are not within our control and may not follow the same privacy, security or accessibility standards as ours. F&M Trust neither endorses nor guarantees offerings of the third-party providers, nor is F&M Trust responsible for the security, content or availability of third-party sites, their partners or advertisers.