What is Quishing?
Quishing", which is a contraction of the terms "QR code" and "phishing", is a type of scam in which fraudsters encourage their victims to scan malicious QR codes. These codes then redirect victims to phishing websites or run malicious programs.
How does it work?
The process is alarmingly simple and effective. Here is a typical scenario for a quishing attack:
- The hacker generates a malicious QR code. This code can direct you to a phishing site or download malicious software onto your device.
- The attacker then places this QR code in a public place or sends it to potential victims via email, messaging or social media. They often disguise it as something attractive or necessary, such as discounts in a popular shop or a much-needed update for your device.
- An unsuspecting victim scans the QR code with their smartphone.
- The victim is then redirected to the malicious website or the malware is downloaded onto their device.
A concrete example
We give below a few concrete cases received via [email protected]. Most of the time, criminals insert a malicious QR code into a message that appears legitimate, leading victims to phishing sites where their personal information can be stolen.
How to protect yourself
Here are a few tips to help you avoid becoming a victim of phishing:
- Be careful: treat QR codes with the same caution as you would an unknown link in an email or text message.
- Check the source: If you receive a QR code by email or on social media, check its source before scanning it.
- Use secure QR code scanners: Some QR code scanning applications offer security functions that allow you to check the security of a link before opening it.
- Keep your devices up to date: Regularly updating your devices and applications can protect you against known vulnerabilities that hackers could exploit.
In the same way as we encourage you to do for suspected phishing emails, you can forward emails containing suspicious QR codes to [email protected], where they will be analysed and flagged up in your browser if necessary.