Quishing is a variation of phishing where cyber criminals use QR codes to target mobile banking customers into scanning a QR code and sending the criminal private information or downloading malicious programs to their smartphone. As mobile banking becomes more and more common, it has become an efficient way for criminals to steal your private information. Additional information on quishing can be found at International Association of Financial Crimes Investigators.
HOW DOES QUISHING WORK?
Quishing may be combined with a phishing scam or pop-up scam and try to entice you to scan a QR code. Quishing can also be a standalone attack facilitated by QR codes put in public places like on the sides of ATMs or on bulletin boards or in restaurants that use pay-at-the-table services.
TIPS TO AVOID QUISHING
• Before scanning a QR code, do a bit of inspection and research. Do you see another QR code underneath the visible code? Is the QR code located somewhere you would expect to find one?
• Before clicking the link presented by the QR code after scanning it with your mobile device, check for misspelled words and letter substitutions in the link.
• Avoid scanning QR codes that arrive from sources you do not recognize.
• Avoid storing private information on your mobile device. Should a criminal install malware on your smartphone, your private information could be compromised.