Since the Covid pandemic, QR codes have become a common part of everyday life.
Now we are familiar with how to use them, businesses are deploying QR everywhere.
You can encode virtually anything in in one of those squares, from website addresses to WiFi passwords to contact details and more.
Anyone can make their own using free QR code tools online.
Seeing a new opportunity, hackers are generating QR codes that direct victims to fake websites.
Just like a traditional phishing website, the user will then be encouraged to disclose sensitive personal information like passwords or credit card details.
Sometimes the victim may also be encouraged to download malware from the site.
So by adding 'hacked' QR codes to emails, instant messages or social media replies, hackers can trick people into visiting fraudulent websites.
First, you cannot 'read' the encoded website without scanning the QR code, making it hard to identify if the address is legitimate.
Second, it is common practice to use URL shorteners when creating QR codes to make them perform more effectively.
Even if your QR code scanner app shows the website address before you visit.
It is impossible to accurately determine where the shortened URL points to.
Which means you may expose yourself to additional risk by clicking through the link.
The good news is that defending yourself against quishing is very similar to protecting yourself against regular phishing.
If attached to an email or message from a known and trusted sender, or printed in a magazine, the code is likely to be safe.
Make sure you do the usual checks of the destination website before entering any personal information or downloading any files.
Make the sure the website is secure and that the address itself is correct.
Third, enable muiti-factor authentication on your online accounts.
If you are tricked into visiting a fraudulent website and you do disclose your password, cybercriminals will still not be able to use that information.
Hopefully you never find yourself in this position however.
This Cyber News was published on www.pandasecurity.com. Publication date: Mon, 22 Jan 2024 09:13:05 +0000