- QR code phishing is increasing, reports a report warns
- These attacks claimed more than 1,300 victims in 2024
- Cybercriminals are disguising their QR codes as legitimate payment methods
“Quising”, or the QR code code, claims more victims in the United Kingdom than ever, with action fraud that received 1,386 incident reports last year, a serious increase in 2019 where 100 attacks were recorded.
These are especially frequent in the “contact points without contact” such as parking lots and restaurant menus, where criminals will paste their own malicious QR code on an existing legitimate QR code.
The victims of these scams are urged to scan a malicious QR code using their phones, and then redirected to websites controlled by criminals, and they are asked to deliver their financial information by a false payment page, or the malware is implemented on its device.
Caution is key
These attacks are difficult to detect even after the fact, since criminals often take smaller amounts, but more frequently, disguising payments such as legitimate -looking subscriptions or parking charges, for example, which fly under the radar and do not always do not inform themselves.
“The QR codes were designed to make things more convenient, but the threat actors have taken advantage of this and skillfully made cloned and false places that seem authentic at the end of a click,” says Jake Moore, Global Cyber Safety Advisor of ESET.
“QR scams can often be difficult to protect, since there is very little that is seen immediately so that the user knows something fraudulent. It can be difficult to distinguish these codes, especially when the link generated by the QR code does not look different from what it can expect, as a parking payment website.”
As with all social engineering attacks, the key to staying safe is to remain attentive. Just scan the QR codes in which it is 100% sure, and never deliver your payment information to an unsecured source.
BBC via
