There is a new addition to the raft of phishing methods – QR Code Phishing, or Quishing. QR codes are being used everywhere, from shopping malls (“scan for a discount code”), coffee shops (“scan to connect to free WiFi”), retailers, banks (“scan to enter a competition to win $£€”), sports venues, and direct mailers, etc. QR codes are also sent via email so can be used to supplement more traditional phishing techniques.
The problem with QR codes, as with other link-shortening services such as Bit.ly, you cannot check the web address of what you’re connecting to before you click on it. And because QR codes are generally smartphone specific, they can also bypass any protections built into any personal or corporate email services.
Before scanning a QR code, verify, if you can, its authenticity. Check with a member of staff in a retail store, coffee shop or bank. If received via email, check the usual tell-tale signs of a phishing email.
