A new system of digital fraud has arrived and is known by the moniker of quishing. It involves using QR codes to delude people. This can be done by getting them to hand over information or downloading software. In this article, we discuss how to spot the signs of quishing.
Every day, hundreds of spam emails will litter your inbox. Many are so fraudulent, they are laughable. Yet very often, ones get through that are highly advanced. Using language and technology to make them look legitimate, it is easy to be fooled. Quishing is the new frontier in scams, using QR code technology. You will find a guide on how to avoid it in the following writing.
The New Trend in Online Fraud: Quishing
Quishing is a new method of online fraud. It uses QR codes to con individuals into following links to unwanted websites. It can also be used to make them download content that has the potential to damage their device and hijack information. With QR codes becoming more used in day-to-day activities, quishing is on the rise.
The name is derived from the broad term for this type of scam known as phishing. Generally, it is when fraudulent emails are sent to a person. They may disguise themselves as being from someone the recipient knows, another individual, business or organisation. The aim of phishing emails is to get personal information from them. This can include bank details or can be used in identity theft.
Once upon a time, these emails were easy to spot. They have now become extremely sophisticated with phishing emails looking almost identical to those sent by financial institutions and legitimate companies. In some cases, they can download malware onto a device, which can then be used as a base for further nefarious schemes.
Quishing takes this one step further. Recent studies show it has moved from occupying 0.8% of all cyber attacks in 2021 to 11% in 2024. These codes can come through email like a standard phishing email. However, they are also being printed and stuck over codes in real-world locations.
Possible Places You May Find Quishing
The most likely source you will find quishing is through emails. They will be disguised as codes sent by real companies, like banks and money lenders. Check the email address against the one on the company website and see if it is real. The codes may ask you to scan them to download statements or verify a transaction.
Other emails include ones that offer free promotions, such as discounts and samples. Check the email address and the purported company doing the offer to see if they are running any promotions.
Public places are the second areas you may find them. Anywhere you can find a QR code could be linked to a quishing scam. Parking meters are a prime location. People scan them assuming they are paying the fee, but the scammers will have changed the code. This can lead them to a website where they download unwanted software. However, anywhere like billboards, advertising, restaurants and shops may have QR codes that have been switched.
Parking Meter Scams
This year, a range of media outlets including the UK’s Guardian newspaper, reported a rise in quishing scams involving parking meters. This was in response to a statement by the motoring organisation the RAC. Simon Williams, head of the RAC stated that a quick response code could now be a quick route to losing money. He also noted that it can lead to drivers being financially hit twice. The first is when they realise they were part of fraud, and the second is when they get a fine for not paying car parking which they thought they had.
The scams have not just been confined to one area either. They had been noticed by Barking and Dagenham Council in London, Pembrokeshire in Wales and Northumberland in the North East. All have said that very few councils actually use QR codes on parking meters.
The councils mentioned above stated that people should check the physical QR code. If it has been stuck on afterwards, it is most likely a quishing scam. When clicked on, it should also take them to a legitimate site with a green padlock symbol. This applies to any QR code you click on or receive via email or any other format. Inspect the URL and check it is not from a fake website, with a different address made to look similar.
The Evolution of Phishing Scams
Phishing scams are always evolving with new ones arriving each year. This has proven no different, with a range doing the rounds in 2024. PayPal has always been a target of these, due to its nature as a payment gateway. Phishing emails will usually ask people to click links to claim a refund.
Amazon is another major brand that has seen a spate of phishing emails in its name this year. Usually, they state that someone has been locked out of their account. They will ask for personal information to be sent via email, something you should never do.
QR codes are extremely useful in everyday life. However, if these trends increase we may see consumers shy away from using them. Quishing is one evolution of the phishing trend and the best prevention is self-education and knowing the signs.