The rise of QR code scams is a concern that is plaguing users. This scam is known as quishing. Quishing is a wordplay on "phishing" and "QR code". It is a growing scam that uses fake QR codes to steal your personal information or lead you to malicious websites.
Here's how it works and how you can protect yourself
What is Quishing scam?
Although phishing scams have been prevalent in India for many years a recent technique known as quishing has emerged in which scammers digitally loot money from citizens. Scammers use AI to generate malicious QR codes, which when scanned, lead to phishing websites or trigger malware downloads. These scams are likely to spread to all platforms, especially mobile devices.
How Quishing Works
Here's how quishing works:
Scammers generate QR codes that visually resemble legitimate ones they might find online or copy from genuine businesses. These might be placed on flyers, posters, stickers, and even public screens, or sent through emails or messages.
Scanning the fake code sends you to a website designed to look like a familiar and trusted one, like your bank, a popular restaurant, or a delivery service.
The fake website prompts you to enter sensitive information like login credentials, credit card details, or even OTPs. Once submitted, this information is stolen by the scammers.
Sometimes, scanning the code might automatically download malware onto your device, allowing the attacker to steal data or control your device remotely.
How To Protect Yourself From Quishing
Here's what you need to do to protect yourself from quishing:
Never scan QR codes from unknown sources: If you come across a QR code in a public place, on an unsolicited message, or from someone you don't trust, avoid scanning it.
Verify before scanning: If you receive a QR code from a seemingly trusted source, double-check with them if it's legitimate before scanning. Don't rely solely on the visual appearance.
Use a dedicated QR code scanner app: Some QR code scanner apps can show the destination URL before you actually visit it. This can be a helpful red flag if the URL doesn't look right.
Don't give personal information: Never enter personal information, passwords, or financial details on any website you access through a scanned QR code. Always type the official website address directly into your browser for sensitive transactions.
Keep software updated: Regularly update your operating system, web browser, and QR scanner app to ensure they have the latest security patches.
Report suspicious activity: If you believe you have encountered a quishing scam, report it to the relevant authorities or the platform where you found the code.