Quishing, Phishing via QR code
The transition from the barcode to the QR code powered by GS1 offers enormous possibilities. Unfortunately, with technological advancements comes new security challenges. We hereby inform you about the concept of "quishing"; phishing via QR codes.
What is phishing? And what is quishing?
Phishing is a form of cybercrime in which malicious actors attempt to steal personal information by pretending to be a trustworthy entity. Quishing uses rogue QR codes to direct users to fraudulent websites, where they ask them to enter sensitive information such as login or payment details. Only the way in which the link is presented (via a QR code) differs from classic phishing.
How does quishing work?
Attackers generate a QR code that leads to a falsified website. Often it is designed to look like a legitimate website. Here they ask you to log in or leave personal information, which is then sent to the attacker.
These fake QR codes are distributed in public places or online platforms. Cybercriminals sometimes even replace the QR codes on legitimate sources such as posters or charging stations for electric cars, for example by placing a sticker over them.
How do you protect yourself against phishing and quishing?
We provide some recommendations to prevent phishing and quishing:
- Trusted sources: Make sure you only scan QR codes from reliable and well-known sources. Avoid scanning QR codes you come across in unfamiliar places.
- Check the URL: Use QR code scanners that show the URL before you open it. Carefully check that the URL matches the expected website and look for suspicious elements such as spelling mistakes or unusual domain names.
- Be careful with sensitive information: Never enter sensitive information on a website unless you are absolutely certain of its legitimacy.
- Two-factor authentication (2FA): Use two-factor authentication for extra security for your accounts. Attackers will still be unable to access accounts even if they have received login credentials.
- More tips: Go to https://safeonweb.be/en/tips from the Centre for Cyber Security Belgium (CCB) for even more tips.
- You can report suspicious websites, messages, etc. to suspicious@safeonweb.be
Our commitment to safety
GS1 Belgium & Luxembourg will always communicate from the trusted gs1belu.org domain. Stay alert, and together let's embrace the benefits of QR codes in a responsible way.