What is a QR code?
Like barcodes, a QR code is a coded image containing information, such as a link that can redirect the user to a website or allow them to download an application. QR codes have become widespread in recent years because they are extremely practical, helping users avoid manually typing long links on mobile devices.
The quishing is a subcategory of phishing that emerged with the appearance of QR codes. Fake parking fines left on car windshields in several cities in France, fake QR codes stuck on parking meters or on electric vehicle charging stations — fraudulent QR codes, called quishing, began appearing regularly in national phishing-related news in 2023.
There are two ways to distribute malicious QR codes: online (SMS, email, etc.) and physically (fake fine notices left on windshields, or fake QR codes stuck on parking meters).
If sending a malicious QR code by electronic message can reach many people, it still requires a second device to scan it; this method therefore has a low success rate for cybercriminals. In contrast, the physical distribution of QR codes can target a large number of potential victims, making this technique more likely to succeed.
SOURCE: Cybermalveillance.gouv.fr
IMAGE SOURCE: Pixabay
EXAMPLE
A cybercriminal sticks a fake sticker containing a QR code on a parking meter. Drivers, believing they are using a new mobile payment method, scan the code and are redirected to a fraudulent website that imitates the official parking payment service. They enter their personal and banking information, allowing the scammer to steal their data without them realizing it.
IN REAL LIFE
In the United Kingdom, fraudsters stuck fake QR codes on parking machines. When drivers scanned these QR codes, they were redirected to a fraudulent website that imitated the official payment site.
SOURCE: The Guardian