Big banks and government watchdogs are warning about a sneaky new fraud technique called “quishing” that’s bypassing traditional security measures.
What is Quishing?
Quishing, or QR code phishing, is a clever way for criminals to trick you into scanning a malicious QR code. This could lead you to a fake website or force you to download a dangerous app, giving hackers access to your passwords, financial details, and personal information.
How Does it Work?
Cybersecurity experts say quishing is becoming increasingly common in email campaigns. Criminals are embedding malicious QR codes in PDF attachments, which bypasses most security systems designed to scan for threats.
The Problem:
Chester Wisniewski, a cybersecurity expert, explains that most security software isn’t designed to scan attachments for malicious QR codes. This means that criminals are getting away with it, and it’s costing people money.
Examples of Quishing:
- Parking Meters: Criminals are covering legitimate QR codes on parking meters with their own malicious ones.
- Text and Email: Criminals are sending malicious QR codes via text or email, often with a convincing reason to scan them.
The Bottom Line:
Be careful when scanning QR codes, especially those you receive unexpectedly. If you’re unsure, don’t scan it.
