Contact
More about DataExpert

News

Qishing: a new sort of scam

QR codes have become an indispensable part of our daily lives. Whether it is scanning a QR code to view a menu in a restaurant, paying a bill or getting extra information, these square codes offer convenience and speed. However, with the increase in use, the risk of abuse by cybercriminals also increases.

A QR code (Quick Response code) is a type of barcode with black and white blocks and can contain different information. By scanning the code with the camera of your smartphone, you get direct access to the stored information. Scanning QR codes has become easy and this also makes it attractive to criminals.

What is qishing?
Qishing is a form of phishing where in most of cases the scammer creates a fake website and creates a QR code for this fake website. This code is then distributed and the scammer aims to send the victims to the fake website. On this fake website, they try to obtain data from the victims or install malware on the device the victim uses to access the fake website.

How do you see whether a QR code is good or malicious?
Because QR codes are everywhere these days, it is difficult to distinguish which codes are good and which are malicious. This is also because as a user you cannot see what is behind the code. We have listed some pointers to help you recognize a safe QR code:

  1. Use a good QR code scanner
    Most modern phones have a built-in scanner in the camera. When the camera scans a QR code, the link to which the code refers is first displayed. You can then choose whether you want to click on the link. Unfortunately, there are also fraudulent QR scanner apps available in the app stores, so pay close attention before you download an app.
  2. Check the links
    Because QR codes work faster and can store more information, there is little point in shortening a link. If you see a shortened link such as a bit.ly displayed, be extra suspicious because these types of links are often used to hide the real URL. On websites such as checkjelinkje.nl or drlinkcheck.com, you can always check a link to be sure.
  3. Placement of the QR code
    Be extra careful with QR codes that are displayed in public, for example on lampposts or posters. They can be unreliable and there is a good chance that the code cannot be trusted. In addition, check a QR code carefully for damage and check whether the code has been printed over something like a sticker. In many cases, a bad code is stuck over a legitimate code and scanned without people realizing it.
  4. Data
    Finally, keep in mind that many websites will not immediately ask for personal or financial data. Never just fill this in if you are not sure whether the website is legitimate.

What should you do if you have scanned or received a phishing QR code?

If you suspect that you have scanned or received a phishing QR code, take the following steps:

  1. Contact a fraud helpdesk or the police to report it.
  2. If the qishing took place via a specific app or website, report this to the organization in question so that they can take action.