Cybercrime has become a side hustle to young India where everyone has fell or experienced online money duping strategies. The old tactics of calling up numbers and making fake scenarios have got a new faceless image where online sites promise you of bigger and greater exchange rates. The hiking trend of online payment has opened various gates for scammers to practise their skills on any one of us.
Phishing, a long-standing threat that has evolved in various forms, has now adopted a new tactic known as “quishing,” leveraging QR codes for deceptive attacks. As QR codes have become ubiquitous for providing quick access to information, individuals often scan them without questioning their legitimacy.
Exploiting this widespread use, malicious actors create fraudulent QR codes, leading unsuspecting individuals to spoofed websites, where their information is stolen, or malware is installed on their devices. Quishing involves tricking people into thinking an action is harmless or necessary, while the true intent is malicious – aiming to access personal information, steal bank credentials, and more.
Scammers employ tactics such as sending fake emails posing as banks, claiming that debit/credit cards or bank accounts are about to expire. Individuals are prompted to scan a QR code for renewal, but the information entered is sent to scammers who can exploit it to access bank accounts.
How to protect ourselves?
To protect against QR code scams, individuals are advised to be cautious when scanning codes. QR codes are designed for sending money, not receiving it. Scepticism is warranted if someone claims that scanning a QR code will result in receiving money. In public spaces, individuals are encouraged to verify with vendors which QR code to use for payments, as multiple codes may be present, with some potentially being fake.
When engaging in online marketplace transactions, it is recommended to avoid scanning QR codes unless making a legitimate purchase, preferably in cash. If one falls victim to a QR code scam, prompt action is essential – contacting the bank to report the incident, potentially blocking the account temporarily if unauthorized access is suspected.