The popularity of the QR code has grown rapidly. These Tetris-like black and white boxes are appearing on merchandise, advertising, and even in television programs. While QR codes provide a lot of ease and efficiency for businesses to advertise their products or services, they also present risks for consumers and a new avenue for scammers.
A QR code in an email can lead to a phishing scam rather than a product website or advertisement. Business owners should educate their employees about QR code phishing scams and how to avoid them.
Quishing: What Is It and How Does It Work?
Quishing is a tactic that online scammers use to get personal data and hack into a private device. The way quishing works is simple. An employee might get an email that looks legitimate. Within that email could be a QR code to scan to purchase a product or learn more about it. When the employee scans it, the link takes them to a malicious landing page that could ask for their login credentials, passwords, or other secure information.
Landing pages are simple one-page sites that give you more information on a product or service. On that page will be links you can click to purchase the product, get more details, or browse related products. With malicious QR codes, however, these links place you on a landing page that scammers created to get your information.
For example, say an employee scans a QR code in an email to sign up for an account on what appears to be a website that relates to their job duties. Scanning the QR code brings them to a landing page to make an account and provide sensitive information, such as an address, email, and password. The reality is that this landing page is fake, and their personal details have just been given to hackers. The hackers can then attempt to enter the employee's email or company accounts to access proprietary information.
Protecting Your Employees From QR Code Phishing Scams
In this age of never-ending online scams, hackers, and more, how can business owners protect themselves and their employees from something like quishing? Email security tools provide a great line of defense for desktop or laptop devices, but they could be more proficient with mobile devices. Cybersecurity researchers at SecurityHQ found significant mobile platform vulnerabilities with these tools.
There are several approaches you can take to protect your employees from quishing.
Do Not Scan QR codes on Mobile Devices
Mobile devices are a point of weakness for email security tools. Employees should not use their mobile devices to scan unfamiliar QR codes or click links on strange landing pages.
Double-Check Email Addresses
Strange email addresses are one of the biggest indicators of phishing emails. Before scanning a QR code or clicking a link, employees should look at the email address to see if it appears odd or fake.
As technology advances, online scams will likely become more prevalent. Staying informed on issues like QR code phishing scams is the best way to keep your business information and personal devices safe.
