Protecting Against Quishing Scams: What You Need to Know

In the digital age, QR codes are everywhere, but so are scams. Learn how to protect yourself from QR code fraud.

The Rise of QR Codes: What You Should Know

QR codes have become increasingly popular due to their convenience and versatility. Quick response codes, commonly known as QR codes can be compared to an average barcode, it is a scannable image that contains certain information. While a barcode will usually tell a consumer what a product is and how much it costs, a QR code can be more varied, containing URLs, contact information, product or services information, etc. 

Many businesses have been utilizing QR codes as digital replacements for physically printed items, for example restaurants have been using them as access to their menu, a financial institution may use it to advertise certain promotions, the uses vary. Unfortunately, as with anything new, scammers have discovered how they can use this less secure communication method to their advantage.

Quishing: How Does It Work

Those with previous knowledge of common cyberattack methods may already know the term phishing, a cyber attack method in which a malicious attacker send emails/ messages posing as a reputable individual or organization, such as a bank, in order to manipulate the user into divulging their information.

Quishing, or QR phishing, works in much the same way. Malicious attacker will create a QR code that seems to be coming from or directing to a legitimate source. In reality, the QR code itself may contain malware or will re-direct you to a fraudulent, yet legitimate looking website, in order to entice the user into inputting information such as emails and passwords.

Red Flags: How to Spot a Fraudulent QR Code

As with any phishing attempt, the first sign to look for is who sent you the QR code. FIrst, be sure you recognize who the sender is, and that their email or phone number matches previous communication attempts. Next, preview the URL, if it is a link, you can simply use your mouse to hover over and the URL will be displayed in the bottom left hand corner of your screen, for a QR code, simply use your phone camera and hold it up to the code, before any clicking occurs, a URL will appear below the code. If you are ever unsure about a link destination, do not open the link.

With quishing, sometimes the attacker will not have to reach out, they simply need to place their QR in a convenient spot, and wait for someone to unknowingly scan it. When spotting QR codes in the wild, be on the lookout for deals that seem too good to be true or if the URL doesn't seem to be to a legitimate site. As always, when in doubt, simply leave it alone and move on.

Tools and Resources to Help You Stay Safe

Businesses in general have a large target on their back when it comes to cyber attacks since businesses hold much more and high value information than an individual might. Though there isn't always a preventative measure for the latest and greatest in cyberattack methods, keeping your systems monitored and being aware of any possible attacks can save you time and money by stopping the attack in it's tracks.

Utilizing services such as network or device monitoring and management, you can be assured that your systems are constantly monitored and notifying the necessary personal when it is determined there may be an issue. Ensuring that you have a confident IT team that will not only work to prevent threats, but take action against them, ensures peace of mind and business security.