- The phishing of the QR code is increasing, warns the report
- These attacks claimed more than 1,300 victims in 2024
- Cybercriminals disguise their QR codes as legitimate payment methods
“Quisling”, or QR Code Phishing claims more victims in the United Kingdom than ever, the action-acting receiving 1,386 incident reports last year, a serious increase compared to 2019 where 100 attacks were recorded.
These are particularly widespread in the “hotties of contactless payment” such as parking meters and restaurant menus, where criminals will stick their own malicious QR code on an existing legitimate QR code.
The victims of these scams are asked to scan a malicious QR code using their phones, then redirected to websites controlled by criminals, and are invited to hand over their financial information by a false payment page, or malicious software is deployed on their aircraft.
Caution is the key
These attacks are difficult to spot even after the fact, because criminals often take smaller amounts, but more frequently, to disguise payments as legitimate subscriptions or parking costs for example – which fly under the radar and are not always reported.
“The QR codes were designed to make things more practical, but threat actors took advantage of it and have intelligently made cloned and false sites that seem authentic at the end of a click,” comments Jake Moore, global cybersecurity advisor to ESET.
“QR scams can often be difficult to protect, because there are very few things that immediately respond to the eye to make the user aware of everything that is fraudulent. It may be difficult to distinguish these codes, especially when the link managed by the QR code does not seem different from what you can expect, such as a parking payment website. ”
As with all social engineering attacks, the key to staying safe is to remain vigilant. Scan the QR codes that you are 100% some are safe and never put your payment information back to an unconcetic source.
Via the BBC
