DON’T SCAN Android users warned over 2200% rise in ‘quishing scam’ that targets your phone camera and drains the bank

ANDROID owners have been urged to avoid scanning malicious QR codes that can steal your money.

After the COVID-19 pandemic hit, threat actors increasingly began using QR codes to scam people.

A new report by cybersecurity firm Perception Point found that 1 out of 11 of all phishing attempts are carried out through a QR code.

This represents a 2200% increase from 1 out of 250 phishing attempts that were previously reported.

The rise in QR code phishing, also known as quishing, is no coincidence, experts said.

Cybercriminals know that most smartphone owners have no idea what quishing is and they’re looking to exploit this.

HOW DOES QUISHING WORK?

QR codes work by embedding instructions into a black-and-white dot-based image.

So when a smartphone camera, app, or QR code scanning device scans the QR code, the scan then translates the data into human-readable information.

However, in a scam, the fraudsters will embed a malicious QR code into a legitimate-looking email or stick it somewhere in public.

In turn, malicious QR codes (also known as malware) can infiltrate your device and steal sensitive information, such as banking account logins.

“Through quishing, attackers have managed to bypass most email security vendors, compounding the new tactic with deceptive social engineering,” Perception Point writes in its report.

“What makes the use of QR codes in emails difficult to detect is that the content and intent of QR codes are not immediately apparent,” it continued.

This, when coupled with convincing language, impersonation of trusted companies, and a sense of urgency, can easily manipulate users into falling for a quishing scam.

HOW TO PROTECT YOURSELF

There are several ways to mitigate your risk of QR phishing. Perception Point recommends first and foremost, knowing your stuff. 

Second, you will want to use a DNS filter that can break the phishing cycle.

DNS filters do this by stopping users from navigating to a malware-laden website.

Third, it helps to apply email filters, which use multiple avenues to catch difficult-to-detect phishing messages.

Having an anti-malware or anti-virus enabled on your device can also greatly help.

This article first appeared in The Sun, written by Jona Jaupi on November 1, 2023.