What is QRishing?
QRishing works on the same principle as traditional phishing: tricking victims into visiting malicious websites.
However, instead of using hyperlinks, cyberattackers use QR codes. These codes can be printed and placed in public areas, sent by mail, or even emailed. Once scanned, they redirect the victim to a fraudulent website where they may be asked, for example, to enter sensitive information.
QRishing typically relies on social engineering. By exploiting users’ trust in these codes, attackers trick them into scanning a malicious QR code.
Why is QRishing effective?
Since the COVID-19 pandemic, the use of QR codes has skyrocketed for a wide range of services, such as restaurant menus and check-ins. People are now accustomed to scanning these codes without giving it a second thought.
Scanning a QR code is quick and often requires nothing more than a smartphone camera.
Unlike hyperlinks, the URLs encoded in QR codes are not visible until they are scanned, making it difficult for users to determine whether the destination is legitimate.
How can you protect yourself from QR code attacks?
Be skeptical: Don’t scan QR codes if you don’t know where they came from. Be wary of QR codes found in unusual places or sent by strangers.
Check the URL: After scanning a QR code, always check the URL of the page you’ve been redirected to. Make sure it’s a legitimate domain and not a fake.
Update your browser: Modern browsers are generally good at detecting and warning you about phishing sites. Make sure yours is up to date.
As technology evolves, phishing techniques adapt. It is crucial to stay informed and remain vigilant. QR codes, while convenient, are not without risks. By staying vigilant and following best practices, you can enjoy the convenience of QR codes while staying safe.
Did you know? Avant de Cliquer raises awareness among users about the issue of QRishing.
Make an appointment now
CIOs, CISOs, and DPOs, request a free demonstration of the fully automated phishing and QRiching awareness solution:
