Quishing attacks – what are they and how you can stay safe

by | Nov 20, 2024 | data protection, HCPA Services

Have you heard of of quishing attacks? They are cyber-attacks through QR codes and have become a common method for phishing attacks, with a 1400% rise in quishing since 2021.  Clicking on a scam QR code can unleash all kinds of havoc for you or your organisation leading to scammers stealing personal information or infecting your systems and devices with malware.  Make sure you reduce the risk of becoming a victim of this.

What is a QR code?

A QR code, or quick response code, is a square barcode, which mobile phone and tablet cameras can read. When a user scans a QR code, it often opens a webpage, although it can also trigger a phone call, text message or digital payment.

How do I safely use QR codes?

It’s important to consider where you are seeing and scanning a QR code. If you are unsure of the legitimacy of a QR code, it’s best to not scan it. You should only scan QR codes that are from a trusted source.

Here are a few suggestions you can use to stay safe:

  1. Keep your personalised QR codes (e.g. proof of vaccination, boarding pass) in a secure folder on your device.
  2. Download apps from verified app stores instead of getting them through QR codes.
  3. Do not make financial payments through QR codes.
  4. Be suspicious – check for tampered QR codes (stickers) and compromised webpages (requesting unnecessary personal information).
  5. Provide the minimum amount of personal information requested when completing online forms through QR codes.
  6. Check the preview of the QR code’s URL to see if it appears legitimate. Make sure the website uses HTTPS rather than HTTP, doesn’t have obvious misspellings and has a trusted domain.
  7. Only scan QR codes from a trusted source.
  8. Report any incidents of suspected fraud and cybercrime to your local police and Action Fraud UK.
  9. Ensure you have the latest software updates installed on your device.

For further guidance on quishing click here.

If you would like further information or support with cyber security, then you can contact our expert team via dataprotection@hcpa.co.uk or call us on 01707 708018