We are going to explain to you what quishing is, a type of scam similar to phishing, but which is based on deceiving you using QR codes. This is a scam in which they pass off a code as legitimate, and take you to a website where they can steal your data.

We are going to explain this article by explaining what exactly quishing is, and its main characteristics. This will make you able to identify it and differentiate it from other types of scam, and knowing its existence is the first step to protect yourself from it. Afterwards, we will tell you some basic tips to try to avoid falling into this type of trap.

What is Quishing and how it works

The term squishing comes from QR phishing, or what is the same, phishing through QR. This is because it is a type of scam based on launching baits such as fishing or phishing, but the bait used in this case is a QR code that victims must scan.

A QR code is a code made up of black and white squares, which form a kind of illegible drawing. It's a kind of shortcut, and if you point at it with your phone's camera or an app to read QR codes, a web link will be generated to the one you're pointing at.

The issue is no longer just spreading a QR code that takes you to a fraudulent page, because if you find one of these codes on the street and it takes you to a website where you must enter the data, it is evident that it is a scam. What cybercriminals do in this case is work a little, just as they usually do with SMS phishing or smishing.

In the case of this scam, it is trying to make the QR code legitimate and make it look like it belongs to a real, well-known company. They can do this with business cards, advertising papers or through Internet images in which they tell you about an offer.

The code will point to a fraudulent website that is a copy of the real page that the code is supposedly pointing to. On this website they will ask you for personal information, such as the access information for one of your Internet accounts or directly for your credit card information.

Imagine for a moment that you find a piece of paper that tells you that you are going to get an Amazon gift card. This paper has a QR code, and this takes you to a website where you must identify yourself with your Amazon information, or directly with your bank card. And in this way, you have been tricked into giving away your data, which in some cases can lead to money being stolen.

How to avoid falling for this type of scam

The first step to avoid these scams is to be wary of QR codes that arrive to you without asking for them or from an unreliable source. Also be wary of those who appear on the street or those who directly promise you things or offers that are too good to be true.

Therefore, before scanning a QR code, you should try to verify the source. Look at the brochure or poster, or the sticker where the QR code is. If it is something you find on the street, you already know that it is not going to be real, but if it is something that has been put in your mailbox, always be suspicious. Come on, you should try to be very clear that it is something legitimate, although if it has a QR to hide the website it takes you to, you should distrust it almost by reflex.

The normal thing is that just by scanning a QR code nothing happens. However, there are times when attackers will play with your curiosity and try to get the website where they take you to make you bite. It is also possible that some dangerous file or virus is downloaded to your device, and you are told to use it for something... when in reality it is to infect you.

When you enter the website to which a QR code points, always check the URL or address of the page. This way, you can check if the page you enter is the real one or another one with a completely different name. Sometimes on the website to which you are taken they may use a word that is the name of the company, so it is advisable to know what the real address is so as not to fall into the trap of entering pages with similar names, but not They are the official one.

Nowadays, almost all native mobile camera applications have a QR scanner. However, it is also advisable to use a special QR scanner app that has security protections. Some have this feature to detect malicious links and warn you before entering the targeted website.

And finally, it is also a good idea to have your mobile security updated. Make sure the operating system is up to date, and if you have any protection that you can activate against malicious websites or harmful downloads, make sure you have everything activated.

https://www.xataka.com/basics/quishing-que-como-funciona-como-evitar-protegerte-este-tipo-ciberestafa