Beware of Quishing Scams! All you need to know about the new cyber fraud
Hyderabad: Indian government has been cracking down on common cyber crimes, and setting up portals and helplines for victims to report them. In a latest warning, the government has warned against a new kind of a fraud called ‘Quishing’.
QR phishing or simply ‘quishing’ is a social engineering phishing attack that will manipulate victims into scanning QR codes which will redirect them to bogus or fake websites. These QR codes are most often sent embedded in emails sidestepping security and link filters.
Due to their stealthy nature, quishing attacks become far more dangerous than most other forms of phishing attacks. The availability of QR codes, nearly everywhere today makes people prone to scan them without second guessing their purpose or even their legitimacy.
Identifying this vulnerability, fraudsters are now imitating QR codes and leading people to spoofed websites up on scanning the codes. Fraudsters then steal the information of the victims or end up installing malware on their devices.
Who are the targets?
It is a given that most attackers commit the crime for monetary gains. Hence, businesses, banks, service providers, online stores and payment systems become the more vulnerable group.
Common individuals are also targeted by fraudsters pulling off these attacks. However, to attack individuals, scammers mask themselves as popular and trustworthy corporations and lure people with a false sense of familiarity.
Once the trust is gained, fraudsters ensure the would-be victims scan the fraudulent QR codes without questions sources and then unleash their attacks.
How to avoid these scams?
The most important thing to do before scanning QR codes is to check if they are legitimate. Before scanning QR codes, check if they are glued on top of the original codes.
When the QR code does lead you to a website, or a download link, check the legitimacy of the URLs by seeing if they actually belong to the business or the service that you are looking for. URLs of fake or fraud websites may contain spelling errors or hyphens in between words.
Then check the website itself. Check if it seems genuine, especially if it prompts you to make payments or download something. Checking legitimacy of the websites becomes extremely important, as fraudster are becoming increasing skilled at copying websites.
Telling a fake website apart could be possible by identifying the page layouts and URLs.