Quishing is the new phishing: how to avoid QR scam

The QR code scam, like all cyber frauds, can be avoided with the utmost caution and the protection of your sensitive data. Discover the tips provided by MyBank, the electronic payment method based on the account-to-account system, which puts the protection of users’ digital identity at the core of its solution.
  • Learn more about quishing, a new phishing strategy now gaining popularity
  • Find out why you should be careful when you scan QR codes
  • Discover some best practices when interacting with QR codes

About quishing

Quishing is a phishing strategy that has been growing rapidly over the past few months.
A combination of “QR code” and “phishing,” quishing represents a spreading cybersecurity menace that exploits QR codes to entice individuals into disclosing confidential information.

The birth and growth of QR codes

Invented in Japan in 1994 by Denso engineer Masahiro Hara for inventory management, QR codes – short for quick response – slowly spread across the globe. [1]

The growth in QR code usage was fueled by the pandemic in which contactless became the norm.

Today, they have become ubiquitous: from adverts to billboards, from timetables to restaurants and bars now offering their menu through QR codes, sometimes only on QR codes.

More and more QR codes reach you via a range of media, including SMS, social media, and email.

Recent data showed that around 86% of smartphone users had scanned a QR code at least once, with 36% of users scanning one once every week. [2]

Potential Dangers of Scanning QR Codes

QR codes are everywhere, and they can also be dangerous. Cybercriminals can:

    • Embed malicious URLs containing malware into a QR code to exfiltrate data from a user’s device when scanned;
    • Embed malware in QR codes that redirect the victim to a phishing page asking to enter sensitive information;
    • Add unknown/suspicious contacts to the victim’s mobile contact list;
    • Connect the victim’s device to a malicious network;
    • Automatically initiate phone calls, draft emails, and send text messages through malware embedded in the QR code;
    • Reveal the user’s location;
    • Initiate automatic fraudulent payments.

QR code best practices for better security

Follow these tips when interacting with QR codes:

  • Avoid scanning random QR codes from suspicious or unknown sources;
  • Don’t scan QR codes received via emails;
  • Use QR scanner software to view the URL before clicking on it.

Essentially, to stay safe from quishing, you should follow the same advice provided for phishing, smishing, and vishing. Stay alert and be extremely wary if a QR code takes you to a site that asks for personal information, login credentials or payment.

Last but not least, always keep in mind that your bank and MyBank will never ask for sensitive information such as your online account credentials, social security number, name, address or password via a QR code in an email or text message.