
You may have used or seen a Quick Response code, more commonly known as a QR code. A QR code is a grided barcode that when scanned with a device’s camera, can take the user to websites, connect to Wi-Fi networks, allow the user to view and order food, download files, authenticate services or even make payments.
QR codes are a very convenient and versatile tool that can be tailored to your need and uses. With that being said, QR codes also come with some risks.
You have probably also heard of ‘phishing’. It is when cyber criminals trick you into giving them personal information by sending you fraudulent emails or text messages often by pretending to be from well-known organisations.
With the rise of QR codes, the term ‘Quishing’ has been adopted to describe a form of phishing attack that uses QR codes, instead of the traditional text-based links in emails and texts. A quishing victim may inadvertently allow cyber criminals to monitor their online activities, steal personal information, distribute malware, gain access to their device and even by-pass multi-factor authentication.
The Office of the Australian Information Commission’s Notifiable Data Breaches Report for January to June 2024 identified that during this period, human error accounted for 30% of all data breaches and 12% of all breaches were caused by phishing. This shows how human factors pose a real threat to personal information security risks and how we may unknowingly and unintentionally be contributing to the risk of data breaches.
Individuals can take proactive steps to keep themselves informed about how to recognise scams, including quishing, to protect their privacy and personal security. A few signs to look out for when identifying a suspicious QR code can include:
- a different QR code being placed over the original QR code;
- a misaligned QR code or spelling mistakes around the signage;
- a file downloading after scanning a QR code (if this occurs, the file should not be installed); or
- a lack of detail explaining where the QR code will direct you to.
Here are some tips and tricks to reduce the risk of a quishing attack:
- only scan QR codes from trusted sources (for example, avoid scanning QR codes found in car parks, stations, parks, etc) and ensure the QR code is legitimate and not unusual;
- check Scamwatch for advice on known scams using QR codes;
- check where the QR code link is taking you before clicking;
- avoid downloading or entering personal or financial details accessed via unfamiliar QR codes. Instead, head directly to the official website or source;
- regularly update your mobile device’s operating system and any apps to protect against vulnerabilities; and
- continue to inform yourself, your friends and family members on how to spot a scam and detect socially engineered messages.
Next time you are about to scan a QR Code or click on the related link, remember to first pause and consider the above tips and tricks to ensure its legitimacy and reduce your risk of becoming a victim of a quishing attack.
For more information or advice on detecting scams or mitigating their damage, contact our team today.