Introduction
Phishing.
It’s the number-one cause of data breaches for organizations like your own. With 95% of data breaches caused by simple human error, it’s important to fully comprehend the risks associated with phishing schemes…no matter how they present on the outside.
What does that mean?
Traditionally, phishing scams as we think of them are delivered via email. You can recognize red flags like foreign or misspellings, grammatical errors, vague and/or threatening language, incorrect sender domains, suspicious links and attachments, and anything else that sends up an instinctive red flag. If it’s suspicious, pause and investigate further!
We live in a hyper-digitized world now, however, hence cybercriminals present phishing scams in many different packages: Vishing, voice phishing, over the phone; and smishing, SMS phishing, sent via text message.
Did you know, however, that you can be a phishing victim through QR code?!
What is Quishing?
QR codes, those little black and white squares popping up everywhere, are convenient. They can take you to websites, download apps, or even display menus at restaurants.
Unfortunately, when it comes to technology, with convenience comes major risk.
Hackers are using these codes in a tactic called “quishing” (QR code phishing) to steal your information and wreak havoc. When you scan and follow an unknown QR code, you have no idea what lies at the other end. It could be a website that automatically downloads malware onto your device, or contain hidden fields that steal more data than you intend to give. You could end up giving away your login credentials and financial information, or open your systems up to a serious breach.
How to Stay Safe From Quishing
- Think Before You Scan: Don’t scan every QR code you see. Be especially cautious of codes in unexpected places like flyers, posters, or public spaces. If it seems too good to be true, it probably is.
- Verify the Source: Only scan QR codes from trusted sources. If you encounter a code in a physical location, double-check the legitimacy before scanning. For example, is the code on an official company poster or a random sticker placed on top?
- Don’t Trust the Link Preview: Most smartphones offer a preview of the website a QR code leads to; however, this preview can be manipulated by hackers. Always double-check the actual URL before entering any information.
- Manually Type the URL: If a QR code directs you to a legitimate website (like a company website), avoid entering any sensitive information directly on that page. Instead, manually type the trusted URL into your browser and go through the official website.
- Beware of Download Prompts: Legitimate QR codes typically lead to websites or download app stores. Be wary if a QR code tries to automatically download a file to your device.
- Use a Secure QR Code Scanner: While most phones have built-in QR scanners, consider using a dedicated app from a reputable source. Some scanners offer additional security features like checking the URL’s legitimacy before opening it.
- Stay Informed: Keep yourself updated on the latest quishing tactics. Reputable cybersecurity websites and organizations often publish warnings and tips for staying safe online.
Conclusion
By following these tips, you can avoid falling victim to quishing scams. Remember, a healthy dose of skepticism is key when encountering QR codes. If something seems off, err on the side of caution and avoid scanning it altogether.
QR codes can be a useful part of our society, but it needs as much caution as any other mode of communication. Be wary of what you click, and keep your devices more cybersecure!