QR codes are becoming more and more part of our everyday life. However, users should be careful, as fraudsters can also use QR codes to obtain sensitive data through so-called “quishing”.
Virus scanners are useless
The term “Quishing” is made up of the words QR code and phishing. In the scam, attackers create a QR code that leads to a fake website or malicious application to steal victims’ confidential information. For example, the perpetrators can create fake QR codes that appear to be from a bank or an application that purports to provide useful functionality. In fact, the fake codes contain malware: once the victim scans the QR code, they are redirected to the fake website or application and asked to enter sensitive information such as usernames, passwords or credit card information. The perfidious thing about this is that typical virus scanner programs do not recognize QR codes and are therefore ineffective.
Safety precautions can reduce danger
There are various measures one can take to protect against quishing attacks. One of them is to scan QR codes only from trusted sources, such as official websites or applications. It is important to avoid scanning QR codes sent via email, SMS or social media from unknown senders. Another important step is to check the link pointed to by the QR code before scanning it. The authenticity of a QR code can be checked by entering the URL manually or using a search engine. It is also recommended to use antivirus software or a security app that can detect and block potentially malicious QR codes. It is also important to keep the operating system up-to-date to close potential security holes. To further increase the security level, it is advisable to use two-factor authentication. As a result, attackers have no access to sensitive data if a data leak has already occurred.
Businesses should also protect themselves against quishing attacks. As the Police Union’s Prevention Portal recommends, a company’s safety policy should include smartphones. Company telephones should also be included in the mostly strict security regulations. Employees should also regularly take part in further training courses in order to be able to recognize the corresponding dangers.
Editorial office finanzen.net