From the creators of phishing, smishing and vishing, comes QRishing: the new variant of phishing.

We warned you a few months ago in this article about the threat posed to cybersecurity by the mass scanning of QR codes.

So much so that cyber experts have already given this variant of phishing a name: QRishing or quishing.

How are we fooled?

  • They create an apparently reliable brochure, such as that of an institution or company, and change the QR code. They go to great lengths to maintain all sorts of details and design to pass themselves off as the original brand.
  • They distribute advertisements, impersonating Amazon or other well-known companies, urging people to scan the QR codes provided in exchange for huge discounts.
  • They substitute QR codes of reputable companies by placing a sticker on top of their posters.

What is the aim of this scam?

  • Theft of private information.
  • Installing malicious software on your device.
  • Directing a person to an unsafe website with malicious intent.

How can we avoid this?

  • Verify that the place where the QR code is inserted is trustworthy.
  • Avoid opening a URL that is shortened.
  • If it is not shortened, make sure it starts with https://.
  • Always keep your device software up to date to avoid vulnerabilities.
  • Do not enter your credentials on any page that asks you to do so.

If you want to know more about phishing attacks and how to avoid them, we recommend this post.