‘Quishing’ Scams Grow in Tandem With Use of QR Codes
As QR codes have grown in popularity, so too have QR-code driven scams.
[contact-form-7]“Because they are everywhere — from gas pumps and yard signs to television commercials — they’re simultaneously useful and dangerous,” Dustin Brewer, senior director of proactive cybersecurity services at BlueVoyant, said in an interview with CNBC Sunday (July 27).
Brewer added that hackers exploit these symbols to dupe people into visiting malicious websites or unwittingly turn over their private information, a scam known as “quishing,” (a play on “phishing”).
The CNBC report noted that the appeal of this scam for criminals is its simplicity. Just put a fake QR code sticker on a parking meter or a utility bill payment warning and let the victim’s sense of urgency take care of the rest.
“The crooks are relying on you being in a hurry and you needing to do something,” Gaurav Sharma, a professor in the department of electrical and computer engineering at the University of Rochester, told CNBC
Sharma expects QR scams to grow along with the use of QR codes. The report added that another reason QR codes have become more popular with scammers is an uptick in safeguards to prevent traditional email phishing campaigns.
The report also cited a study earlier this year from cybersecurity platform KeepNet Labs which found that 26% of all malicious links are now sent via QR code. That 26% figure is up from the 20% cited in an interview here last year with Greg Hancell, fraud expert at Lynx Tech.
“QR code scams are different from other cybercrimes as they are harder to identify,” Hancell said. “QR codes cannot be read by humans, meaning victims cannot know the link destination until it is too late. Many individuals now have an awareness of how to identify phishing or smishing scams, however, as QR codes are relatively new, victims are more susceptible.”
He also offered some tips on spotting QR code scams, such as signs of physical tampering, like stickers placed on original codes, or codes that appear damaged or partially covered.
“The quality of the code itself can also indicate fraud. It’s also important to use general awareness and consider context, alongside visual indicators. If a QR code appears in an unusual location for example or is paired with pressuring messaging like ‘Scan immediately to avoid fees,’ that’s a red flag,” he said.
Meanwhile, PYMNTS wrote earlier this year about the prevalence of QR code logins, arguing they represent “immediate, practical transformation” by “reducing friction, closing security gaps, and enabling real-time financial agility for the over 2 million businesses that trust them.”
The post ‘Quishing’ Scams Grow in Tandem With Use of QR Codes appeared first on PYMNTS.com.