We’ve all become familiar with QR Codes, those square bar codes that seem to be everywhere. You scan them with your phone camera, and they take you directly to a website. With COVID came the need for less physical contact with things like restaurant menus, registration and contact information at conferences, and even online payments.
The convenience of QR codes makes things easier for the end user; just capture and go. However, this also opens end users to a new rise in cyber threats, such as “quishing.” Quishing is the term used for phishing emails that contain a QR code. Quishing emails appear to be sent from a legitimate source and request that you scan the QR code. Once you scan, it takes you to a malicious website and usually asks for your user credentials and/or payment information. If performed, the scammers gain new information to start using fraudulently.
Want to Avoid QR Code Scams? Here Are a Few Tips:
Provide Proper Education
Employees must have the tools to defend against something they’re unaware of. Cybersecurity awareness training uses various tactics and techniques to help participants understand the risks associated with their digital environment and adopt behaviors that protect the business and themselves.
Preview The QR Code Link
Once you scan the QR code, preview the URL to make sure it looks legitimate. Look for misspellings within the URL (for example, www.Micr0soft.com instead of www.Microsoft.com).
Check The Website
Look over the website for flaws such as poor-quality images or misspelled words within the context. Check to make sure the URL is secure (https:// and not http://).
When In Doubt, Contact The Company
If you receive a new email with a QR code, contact the company directly and verify the legitimacy of the email.
Don’t Scan QR Codes From Strangers
If the offer looks too good to be true, like an offer for free products or money, a request for immediate donations, or an immediate need to pay a supposed debt, don’t scan the QR code.
Takeaways
If you or someone within your organization becomes a victim of quishing, contact your administrator, change your passwords, and add on multi-factor authentication controls where available. If credit or debit card information was provided on the fraudulent website, contact your financial institution immediately to cancel your card and make them aware of the possibility of fraudulent activity on your account.
And while it will be hard to avoid scanning QR codes altogether, by taking proactive steps in your own cybersecurity practices, you can reduce risk for your organization and to yourself as an individual.
