“Initially it started in the United States, but in Mexico it has been increasing, where one of the ways they are used is to glue another code inside parking meters where users come to pay and at that moment they see the code, they scan it and many times from there they scan the users’ bank details,” Iskander Sanchez-Rola, Director of Innovation for Norton, tells Expansión.
One of the problems that Sanchez-Rola points out that is also recurring is the use of this type of false codes in electric vehicle charging stations or even in online stores and physical stores with discount coupons.
What is Quishing?
This phenomenon consists of redirection to false pages that often steal user data or even their banking details, to later carry out other types of fraud, such as digital identity theft or cloning of their credentials.
According to the Norton executive, these types of QR codes can be embedded in emails, social media posts, printed materials, websites or physical locations.
This is a problem that may grow, as more than a third of smartphone users scan at least one QR code per week and almost 90% of all consumers have scanned a QR code at least once in their lives. according to HBS data.
“More than half of people trust QR codes on parking meters or charging stations, because they are sites that can use this mechanism to direct to applications, however, users must be aware when wanting to use this tool and verify that an external payment app is actually used,” says Sánchez-Rola.
And in the case of companies, there is also a risk. For example, a company or collaborator may receive an email announcing an important update about the company’s benefits program. Once scanned, the email’s QR code redirects the employee to a fake login page that looks exactly like the company’s HR portal. The employee, thinking this is a legitimate request, enters their credentials, which are then collected by the attackers.
From an organizational standpoint, every employee is a potential phishing target. However, members of senior management are 42 times more likely to receive a QR code phishing attack than a non-executive employee.
“The ideal is to use this type of tool only if necessary and thus prevent collaborators from falling. In the case of businesses, it is difficult to control the sticking of stickers on their menus, so if they can use traditional menus and safeguard their codes in a safe place, it will reduce the risks to their customers,” recommends the executive.
Add Comment