Meet phishing’s evil sibling. How many times have you scanned a QR code on a flyer or a magazine ad without knowing where it was going to take you?
Quishing – or QR phishing, for short – has caught our attention as the newest type of phishing attack plaguing our customers. At the beginning of December, the Federal Trade Commission (FTC) released a consumer alert warning against the outcomes of these harmful QR codes. When a QR code is sent to you digitally, you may subconsciously have a lack of urgency around cyber safety. We’ve all seen and used QR codes without thinking twice, right? When a cyber attacker sends you a QR code over your work email, their intent is to get you to use your mobile device (with far less security controls) to gain access to both work and personal information. The digital world isn’t the only place to stay on alert though. Scammers could cover legitimate QR codes with stickers of their own on signs, parking meters, flyers, you name it.
The destinations can resemble websites you might be familiar with, such as the Microsoft login page. Another potential scam involves receiving these fake QR codes via text that promote some kind of urgency, like rescheduling an appointment, delivery, or making an online payment. The goal of these attempts is to capture login credentials, credit card info, or user info and further attack using your email.
So what do you do to prevent quishing attacks? Since your typical URL filters will not filter URLs within QR codes we encourage you to download tools such as, Sophos Intercept X, from your phone’s app store. This includes a QR code scanner that will let you know what the QR code links to ahead of time, and whether the app thinks it is a safe destination or not. Another safeguard is to simply not scan QR codes, especially from unknown sources. Don’t take action on anything that pressures you to make quick decisions. Legitimate companies will send easy to understand instructions and will be willing to answer questions if you reach out about their QR codes.
Quishing is on the rise, and here at Proton, we are dedicated to keeping you safe. If you’d like to know more, or discuss what your dealership could be doing differently, let’s talk.