QUISHING: BEWARE OF MALICIOUS QR CODES

Qishing (QRCode Phishing) is an attack technique based on the possibility that the unsuspecting victim scans a malicious QR code. Malicious QR codes can contain false information, redirects to compromised or fake sites, and last but not least the download of malware or ransomware.

Following the outbreak of the Covid-19 pandemic, the use of QR Codes has increased significantly.

In fact, during this period everyone has become much more sensitive to the topic of hygiene, especially hand hygiene. For this reason, the use of QR codes has become popular, often replacing paper menus in bars and restaurants.

Scanning QR codes is very convenient and simple. In fact, it allows the exclusive use of your smartphone to access menus, pay bills and bills and much more.

WHAT TO DO TO NOT FALL A VICTIM? Here are 5 USEFULL TIPS:

(1) QR CODE SCAN

Qishing (QRCode Phishing) is an attack technique based on the possibility that the unsuspecting victim scans a malicious QR code. Malicious QR codes can contain false information, redirects to compromised or fake sites, and last but not least the download of malware or ransomware.

Following the outbreak of the Covid-19 pandemic, the use of QR Codes has increased significantly.

In fact, during this period everyone has become much more sensitive to the topic of hygiene, especially hand hygiene. For this reason, the use of QR codes has become popular, often replacing paper menus in bars and restaurants.

Scanning QR codes is very convenient and simple. In fact, it allows the exclusive use of your smartphone to access menus, pay bills and bills and much more.

2) CORRECT URL QR

After scanning a QR Code we always check the URL to make sure it is the intended site and that its content appears authentic. Pay close attention if the site you are directed to seems different from what you expect and verify that the domain name is that of an authoritative and reliable source.

3) DOWNLOAD APP

Do not download apps starting from a QR Code. For a safer download we always use the official app stores. We only use QR Codes present on known and reliable sites or on documents whose origin we are certain of.

4) PAYMENTS

Be careful with payments! We only use the QR Code on secure sites and shops and are very careful when requesting sensitive data. Always pay attention to all sites, whether they are QR Codes or links sent via email, especially when they ask you to enter your bank or payment details. Pay attention to the QR codes placed on the payment columns. The original codes can be replaced with new codes, which direct you to a fake payment site which, once you have entered your financial data, allows scammers to empty the victims’ bank accounts. They could replace or send us a paper bill in the mailbox and if we were used to making the payment by scanning the QR code, we would find ourselves paying the scammer and/or giving him access to our banking credentials.

5) VOICE MESSAGES

Pay attention to receiving e-mails alerting you to the presence of recordings in your voicemail or answering machine. Threat actors use QR Codes that, when scanned, direct the user to a fraudulent Microsoft landing page in an attempt to steal account credentials and other information. This particular campaign is notable for using compromised infrastructure to send phishing emails, a business survey service, Amazon and Google services to host the phishing pages, and a reCAPTCHA.

Trusted by the top companies