Quishing Scam: How It Works
Have you ever heard of quishing? If not, you better pay attention now. Have you received an email prompting you to scan a QR code for menu access, payment processing, or a irresistible deal? Be cautious; this might not be the fantastic offer it appears to be, and you may become a quishing scam victim.
Let me show you how it works below because I just received one.
What Is Quishing?
Essentially, quishing means a QR code phishing attack. It is driven by cybercriminals seeking innovative methods to steal your data or compromise your device with malware. “Quishing” cleverly combines the terms “QR code” and “phishing,” signifying the act of deceiving individuals through a phishing email that incorporates a QR code.
Here is the modus operandi and how to stay safe online.
Quishing: How Scammers Operate
Like typical phishing scams, a quishing email is crafted to trap unsuspecting victims. Scammers aim to capture your passwords, personal information or implant malware on your device.
These fraudulent emails often impersonate trustworthy sources like your bank or a reputable e-commerce platform. They try to cultivate a sense of urgency by claiming issues with your payment or promoting exclusive, time-limited offers that demand immediate action.
However, here is the thing: unlike traditional phishing emails that include clickable links, quishing emails present a QR code, instructing you to scan it promptly.
Below is a screenshot of how the suspicious email I received looked like:
It said: “The Black Friday is just around the corner. If you’re looking for the best deal this year, we’ve compiled a list of products and items that will be discounted between 55-80% off! Scan the QR code below and get these items before they go to market.”
Well, isn’t that a treat? At what price? Let me show you.
Watch the video below to see how the quishing scam happens when trying to park using a QR code:
What Happens If You Scan a Suspicious QR Code?
In a quishing email, a QR code serves a nefarious purpose, much like a malicious link in a traditional phishing message. Should you choose to scan it, several detrimental outcomes may occur. Here are three of them:
1. Request For Login Credentials
This trick is the most common. The QR code may present a counterfeit login portal, prompting you to enter your username and password.
For instance, the quishing email scenario might falsely claim an issue with your Shein delivery (or Amazon, Temu, etc.). As a result, it may request you to scan the QR code to rectify the problem. If you comply, the scammer gains access to your Shein account with your password.
2. Infection With Malware
The QR code might be configured to initiate an automatic download as soon as you scan it. The content of this download could contain harmful software like malware, ransomware, or spyware, endangering your device’s security.
You don’t want to do that.
3. Redirection to a Phishing Website
Scammers have honed their abilities to replicate the appearance of legitimate organization’s webpages. When you encounter a familiar interface and logo, lowering your guard and unwittingly divulging personal information, such as your address, telephone number, credit card details, or banking PIN is easy.
Regrettably, all this sensitive data ends up in the hands of cybercriminals who can exploit it for financial fraud or identity theft.
I didn’t scan the QR code above but I assume it was a redirection to a fake Black Friday website.
The Increasing Danger of QR Codes
Since the pandemic started a few years back, I have observed a surge in quishing and QR code fraud cases. Criminals have increasingly gravitated toward these methods because they offer distinct advantages compared to traditional phishing techniques.
Luckily, most people have become more cautious about clicking suspicious links in emails or text messages. Most of us have acquired the ability to verify the safety of URLs. Great tools like Scam Detector’s website validator helped millions of consumers worldwide.
However, QR code scams are relatively unfamiliar, making them a more exploitable avenue for deceiving individuals.
Fraudulent QR codes can also adeptly evade digital security measures. These codes are typically embedded as image files, a form that is not typically categorized as a threat.
Furthermore, even if you receive a quishing email on your computer, scanning the QR code compels you to shift to your mobile device, which often lacks robust antivirus and anti-phishing defenses.
Quishing Scams: How To Avoid
To protect yourself from a quishing scam, consider implementing the 6 preventive measures below:
- A URL preview will be displayed when you scan a QR code on your mobile device. Refrain from clicking on unfamiliar or shortened links and scrutinize for subtle misspellings in well-known domain names, such as “Zillow.com,” spelled intentionally with two ‘i’ capital letters instead of the small letter ‘l.’
- Do not scan a QR code in an email from an unfamiliar sender. There is nothing wrong that can happen.
- Never input the login credentials if the QR code redirects you to a webpage that requests that. If the email claims to be from Amazon, eBay, Shein, or Temu admin, visit their official websites through your web browser directly.
- The three telltale signs of a phishing email are: a heightened sense of urgency. errors in the email content, and dubious sender addresses. Avoid clicking on links or scanning QR codes if anything appears off.
- Maintain your devices and software up to date so it can block or ignore the suspicious site.
- You know this last one from before: create robust, unique passwords for all your online accounts.
How To Report a Quishing Scam
Let your family and online friends know about the quishing scam. Please share this article if it was helpful. Meanwhile, you can report scammers and any other suspicious activity to the Federal Trade Commission (FTC) using the page below:
How To Protect Yourself More
If you want to receive alerts about the most notorious scams every week, subscribe to our Scam Detector newsletter. You will get periodic emails from us with insightful tips. That will include tips how to prevent fraud and information about the newest tools you can use to fight crime.
Meanwhile, feel free to educate yourself with some other fraud-related articles. They are listed under this paragraph, so that you know more about online security. Last but not least, if you have any bad experiences, make sure to use the comments section below to expose other scammers.
Verify a website below
Are you just about to make a purchase online? See if the website is legit with our validator: