QR codes have become a regular part of daily life, offering convenience, but they’re also attracting attention from cybercriminals targeting millions of Americans.
QR codes now serve a range of functions, from accessing restaurant menus to managing boarding passes and parking payments. However, as their usage increases, so does the potential for scams, particularly a technique known as “quishing,” which merges “QR” with “phishing.” Dustin Brewer, senior director at Bluevoyant’s Proactive Cybersecurity Services, explains that attackers often use these codes to mislead users into visiting harmful websites or unintentionally sharing private information. The FTC has issued warnings about unexpected packages associated with QR codes that can compromise personal data or direct users to phishing sites that install malware on devices.
The simplicity of QR code scams makes them particularly appealing to cybercriminals. By placing fake stickers on parking meters or utility bills, they exploit urgency to trick unsuspecting individuals. Gaurav Sharma, a professor at the University of Rochester, anticipates an increase in QR-related fraud as these codes become more ubiquitous and conventional email phishing efforts become less persuasive due to advancing security measures.
A survey by KeepNet Labs indicates that 26% of malicious links are distributed via QR codes. Additionally, research from Nordvpn reveals that a staggering 73% of Americans scan QR codes without proper verification, leading over 26 million people to potentially visit harmful sites. To combat this rising issue, Sharma is working on a secure version of QR codes, known as SDMQR, which would require cooperation from tech giants like Google and Microsoft.
Institutions like the Indianapolis Children’s Museum are proactively enhancing QR code security by utilizing customized designs and regularly checking for tampering. However, these scams can still affect both Apple and Android users, with iPhone users sometimes being at a higher risk due to a misplaced trust in their devices.
To protect against quishing, individuals are advised to only scan codes from reputable sources. It’s best to avoid scanning QR codes in public settings, where they can be easily altered. If there’s any doubt, it’s wise to request a new copy of the code from the relevant service provider or employee.
