By Staff Reports

The Better Business Bureau (BBB) of Central and South Alabama is issuing a warning to consumers about the growing threat of “Quishing,” a type of phishing scam that uses QR codes to trick individuals into visiting malicious websites or downloading harmful content. As QR codes become more commonly used, especially in everyday activities like restaurant menus and payments, cybercriminals have adapted, making quishing attacks a serious and rising danger.

Recent data shows QR code phishing has surged from just 0.8% of all cyberattacks in 2021 to nearly 11% in the first half of 2024. These attacks can target anyone, but they often focus on unsuspecting consumers who are accustomed to scanning QR codes without second thought.

What Is Quishing? 

Quishing is a cyberattack where fraudsters create malicious QR codes and distribute them through phishing emails, social media, printed materials, or even in public places. When the victim scans the code, they are redirected to a website that appears legitimate but is designed to steal personal information or install malware.

Key Examples of Quishing Attacks:

• Parking Meters: Scammers place fake QR codes on parking meters, tricking users into scanning them to pay for parking. Instead of completing a legitimate transaction, users are redirected to malicious websites that steal their payment information.
• Phishing Emails: QR codes embedded in emails, disguised as messages from trusted sources like banks or companies, trick recipients into scanning the code to verify accounts or access documents.
• Public Locations: QR codes are placed in everyday environments like restaurants, public transit ads, or posters. Unsuspecting individuals scan them, expecting to see a menu or advertisement, but are redirected to harmful websites.
• Fake Promotions: Scammers create QR codes promoting “free gifts” or discounts. When scanned, victims are directed to malicious sites designed to collect personal information or install harmful software.

Tips to Protect Against Quishing:

• Verify the Source: Always confirm that a QR code comes from a legitimate source before scanning, especially in emails or public places.
• Inspect URLs: Use a QR scanner app that allows you to preview the URL before visiting a site. If the URL seems suspicious, do not proceed.
• Update Security Tools: Many security tools are not equipped to scan QR codes. Ensure you use advanced software that can detect these threats.
• Stay informed and vigilant against quishing scams. Visit BBB.org for additional resources on how to protect yourself and your organization from cyber threats, and to report any suspicious activity.

To learn more about phishing scams or to find a trusted business, visit www.bbb.org.