Quishing

Full Title or Meme

Attackers post QR Codes on public places were users are expecting to find codes. In some case on top of otherwise legitimately posted codes from business you trust.

Context

The context where QR Codes can by used in on the wiki page of that name. Click in the name for more information.

Problems

QR codes have become increasingly popular in recent years, and unfortunately, scammers have found ways to exploit them. According to the Federal Trade Commission (FTC), scammers have been known to hide harmful links in QR codes to steal personal information 1. The Federal Bureau of Investigation (FBI) has also warned that cybercriminals have been tampering with legitimate QR codes to trick unsuspecting users into loading up scam websites.^[1]

It’s important to be cautious when scanning QR codes, especially if they are in unexpected places or sent by unknown sources. If you see a QR code in an email or text message you weren’t expecting, it’s best to avoid scanning it. If you think the message is legitimate, use a phone number or website you know is real to contact the company. If you do scan a QR code, inspect the URL before opening it and make sure it’s not spoofed. Protect your phone and accounts by updating your phone’s OS to protect against hackers and using strong passwords and multi-factor authentication.^[2]

Other attacks are listed on the wiki page Wallet#QR Codes.

Solutions

This is a Vulnerability that can and must be addressed by better User Education. We need to teach people that QR Codes can be dangerous, at least as dangerous as cliking on a random URL that you to not know well.^[3]

References

↑ ABC News, FBI warns criminals are using fake QR codes to scam users 2022-01-20 https://abcnews.go.com/Politics/fbi-warns-criminals-fake-qr-codes-scam-users/story?id=82371866
↑ Federal Trade Commission, Scammers hide harmful links in QR codes to steal your information https://consumer.ftc.gov/consumer-alerts/2023/12/scammers-hide-harmful-links-qr-codes-steal-your-information
↑ Identity Teeft Resource Center, QR Code Scams Grow as Digital Barcode Popularity Rises (2024-01-03) https://www.idtheftcenter.org/post/qr-code-security-threats-begin-to-grow-as-digital-barcode-popularity-rises/

Other Material

See also the wiki page on Phishing which addresses the full range of ways that attackers can try to convince users to perform insecure actions on their computer.

[1] ABC News, FBI warns criminals are using fake QR codes to scam users 2022-01-20 https://abcnews.go.com/Politics/fbi-warns-criminals-fake-qr-codes-scam-users/story?id=82371866

[2] Federal Trade Commission, Scammers hide harmful links in QR codes to steal your information https://consumer.ftc.gov/consumer-alerts/2023/12/scammers-hide-harmful-links-qr-codes-steal-your-information

[3] Identity Teeft Resource Center, QR Code Scams Grow as Digital Barcode Popularity Rises (2024-01-03) https://www.idtheftcenter.org/post/qr-code-security-threats-begin-to-grow-as-digital-barcode-popularity-rises/

[1]

[2]

[3]

Quishing

Contents

Full Title or Meme

Context

Problems

Solutions

References

Other Material

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools

Sidebar Links