Phishing is the number-one cause of data breaches for organizations, large and small. With 95% of data breaches caused by simple human error, it’s essential to comprehend the risks associated with phishing schemes. The newest and most common type of phishing is something called quishing.
Traditionally, phishing scams are delivered via email. Red flags like misspellings, grammatical errors, vague or threatening language, incorrect sender domains, suspicious links and attachments. If it’s suspicious, pause and investigate further!
We live in a hyper-digitized world, so cyber criminals present phishing scams in many different forms. Vishing or voice phishing over the phone. Smishing or SMS phishing, sent by text message.
You can be a phishing victim through a QR code. That’s what is called Quishing.
Those little black and white squares popping up everywhere are convenient QR codes. They can take you to websites, download apps, or display restaurant menus.
Unfortunately, with technological convenience comes significant risks.
Hackers are using these codes in a tactic called “quishing” (QR code phishing) to steal your information and wreak havoc. You have no idea what lies at the other end when you scan and follow an unknown QR code. It could be a website that automatically downloads malware onto your device or contains hidden fields that steal more data than you intend to give. You could give away your login credentials and financial information or open your systems to a serious breach.
How to Stay Safe from Quishing
Think Before You Scan: Don’t scan every QR code you see. Be especially cautious of codes in unexpected places like flyers, posters, or public spaces. If what the QR code promises seems too good to be true, it probably is.
Verify the Source: Only scan QR codes from trusted sources. Double-check the legitimacy before scanning if you encounter a code in a physical location. For example, is the code on an official company poster or a random sticker placed on top?
Don’t trust the link preview: Most smartphones offer a preview of the website a QR code leads to; however, this preview can be manipulated by hackers. Always double-check the actual URL before entering any information.
Manually Type the URL: If a QR code directs you to a legitimate website (like a company website), avoid entering sensitive information directly on that page. Instead, manually type the trusted URL into your browser and go through the official website.
Beware of Download Prompts: Legitimate QR codes typically lead to websites or download app stores. Be wary if a QR code tries to download a file to your device automatically.
Use a Secure QR Code Scanner: While most phones have built-in QR scanners, consider using a dedicated app from a reputable source. Some scanners offer additional security features like checking the URL’s legitimacy before opening it.
Stay Informed: Keep yourself updated on the latest quishing tactics. Reputable cybersecurity websites and organizations often publish warnings and tips for staying safe online.
Your organization should also be careful about how you or if you use QR codes. If cyber criminals can access your QR in the wild, they could modify it for their own criminal purposes. For example, someone puts stickers over the QR code on the table tops in your restaurant. They could create a fake website to look like your menu. While reviewing the menu, cyber criminals could download spyware onto your customer’s phones. Who do you think your customers will blame, some faceless cyber criminals or you, whom they trusted to keep them safe?
By following these tips, you can avoid falling victim to quishing scams. Remember, a healthy dose of skepticism is critical when encountering QR codes. If something seems off, err on the side of caution and avoid scanning it altogether. Be wary of what you click, and keep your devices more cyber secure!
At Commonwealth Sentinel, we can help keep you and your organization safe from malicious QR codes through technological, training, and policy solutions. Contact us today at 502-320-9885 for more information, or click here to schedule a free consultation.