What does Quishing mean? And what measures can I take to safeguard against QR code breaches?
Ever since the onset of the Covid pandemic, QR codes have seamlessly integrated into our daily routines. These peculiar square-shaped barcodes frequently appeared on Covid passes (you remember those, right?) to verify vaccination status.
Now that we’ve grasped their usage, companies are implementing QR codes ubiquitously.
What does ‘quishing’ mean?
QR codes are impressively adaptable. They have the capacity to store almost any type of data, such as web URLs, WiFi credentials, personal contact information, and more. The best part? Anyone can create their own QR code using freely available online tools.
Cybercriminals are seizing fresh chances and crafting QR codes that guide victims to counterfeit websites. Much like the typical ‘phishing’ website, individuals are enticed to divulge confidential data such as passwords or credit card information. On occasions, the victim might also be nudged to download harmful software from these sites.
Thus, by incorporating ‘tampered’ QR codes into emails, immediate messages, or responses on social media, cybercriminals can deceive individuals into landing on counterfeit websites.
What makes quishing successful?
Quishing’s success can be attributed to two main factors. Firstly, the encoded website can’t be ‘decoded’ without scanning the QR code, which makes it challenging to verify if the URL is genuine.
Next, it’s a widely adopted habit to employ URL shorteners in the formulation of QR codes to augment their efficiency. However, even if your QR code scanning application displays the website’s URL prior to your visit, it’s virtually impossible to precisely pinpoint the destination of the shortened URL. This implies that you could potentially be opening yourself up to extra hazards by clicking on the link.
How to safeguard yourself from quishing?
The encouraging part is that the methods to shield yourself from quishing are quite akin to the ways you would secure yourself from standard phishing.
Initially, it’s a definite no-no to scan a QR code that originates from an unidentified source. If the code is connected to an email or a note from a trusted sender or published in a reputable magazine, it’s most likely secure. However, if the image surfaces from an anonymous account, or if you stumble upon one in public places (like pasted on a wall), it’s recommended not to scan it since you cannot guarantee its legitimacy.
Next, always stay alert. If you decide to scan a QR code that you don’t recognize, ensure to perform the standard assessments of the target website before providing any personal details or initiating any downloads. Confirm that the website is safe (look for the padlock symbol in your URL bar) and that the URL is accurate (for instance, it should be facebook.com NOT facebookmail.com and so on).
Thirdly, it’s a good idea to activate multi-factor authentication for your internet accounts. In a scenario where you’re duped into landing on a fake website and end up revealing your password, cyber thugs won’t be able to misuse it. Simply because they won’t have access to your additional authentication methods, like the Google Authenticator app. Ideally, you’ll never have to face such a situation.
Apply your practical judgment
Despite the rise of novel dangers such as quishing, a majority of these threats can be effortlessly evaded by staying vigilant and applying your practical judgment. Also, don’t forget to get a complimentary trial of Panda Dome for added security – you never know when you might need it!