Cybersecurity Alert – What is Quishing?
Quishing is a relatively new type of cybersecurity risk that has emerged in recent years and has been growing quickly. According to a ZDNet article 1, the term “quishing” was first used to describe the use of QR (Quick Response) codes in phishing scams in 2023. QR codes, which are two-dimensional barcodes that can store various types of information, are used for quickly linking to websites, applications, making payments, accessing menus or other information quickly. As they store information horizontally and vertically, they can hold up to 100 times more information than a traditional bar code.
Quishing is derived from the words “QR” and “phishing”. Scammers use deceptive QR codes to lure people into visiting fraudulent websites that may look legitimate. Once on the site, the user is prompted to enter sensitive information such as personal identity data, credit card numbers, bank account details, and passwords. The scammers then use this information to steal your money and/or your identity.
Tips to Prevent Being Compromised:
- Only scan QR codes from trusted sources. Be wary of QR codes in public places or received through unsolicited messages.
- Before entering any personal information, check the URL of the website you are visiting. Misspelled variations of the domain name or excessive hyphens can indicate a fraudulent website. The address should start with “https//” with a padlock icon in front of it to indicate it is a secure connection. Be very careful providing any sensitive information if you do not see the “https//” and padlock.
- Use a QR Code Scanner with Built-In Security. Some QR code scanner apps come with built-in security features that can alert you if a scanned QR code leads to a potentially harmful website or application.
- As the QR Code typically opens a browser, use a secure browser and malware protection that can detect fraudulent websites and warn you before you enter any sensitive information.
- Keep your operating system, browser, and antivirus software up-to-date and ensure that you have the latest security patches installed.
- Check for signs of tampering on signs with QR codes. If the code looks altered or damaged, do not scan it.
- Stay informed about quishing, phishing and other cybersecurity threats. Educate yourself and your coworkers and family members about the risks and how to recognize potentially dangerous QR codes. Human error is a common cause of cybersecurity incidents.
By following these tips, you can protect yourself from quishing scams and keep your personal and financial information safe.