- QR -Ocode -Phishing is increasing, reports on warnings
- These attacks required over 1,300 victims in 2024
- Cyber criminals explain their QR codes as legitimate payment methods
“Quishing” or QR code phishing claims more victims in the UK than ever, with action fraud, received 1,386 incidents reports last year, a serious increase from 2019, when 100 attacks were recorded.
These are especially widespread in “contactless payment hotspots” as parking meters and restaurant menus, where criminals will stick their own malicious QR code over an existing legitimate QR code.
Victims of these scams are encouraged to scan a malicious QR code using their phones and then redirected to websites controlled by criminals and are asked to provide their financial information on a false payment page, or malware is postponed to their device.
Caution is key
These attacks are difficult to spot, even after the fact, as criminals often take smaller amounts, but more frequently, to hide the payments as legitimate looking subscriptions or parking fees for example – which flies under the radar and not always reported.
“QR codes were designed to make things more practical, but threat players have benefited from this and wisely made cloned and false places that look authentic at the end of a click,” comments Jake Moore, Global Cybersecurity Advisor at Eset.
“QR fraud can often be difficult to protect against, as there is very little that immediately meets the eye to make the user aware of something fraudulent. It can be difficult to separate these codes from each other, especially when the link that the QR code generates does not look different from what you can expect, such as a parking payment site.”
As with all social technical attacks, the key to staying in safety is remaining vigilant. Only scan QR codes, you are 100%, are secure and never hand out your payment information to a non -verified source.
Via BBC
