What is quishing and how to avoid this scam

What is quishing and how to avoid this scam

Cybercriminals do not stop devising new strategies with which to obtain our personal data. As some of their scams become known, they develop others to achieve their goals. The last one we have known is the quishing.

Let's see what it is and how we can avoid falling into it. Because when we use the Internet, the best way to stay safe is to exercise caution and be aware of the most common scams.

What is quishing?

What is quishing?

This is an evolution of phishing. In case you don't know what this technique consists of, we will explain it to you.

It is a scam that tries to trick people into obtain your confidential information, especially the passwords that allow access to your bank accounts.

Typically, it is carried out via email or text messages, in which the criminal poses as a trusted entity: a bank, a large company, or even the Tax Agency.

Through this communication, they try to convince the victim to give their personal information, such as the passwords for their access to online banking.

The problem is that these types of attacks are very persuasive and are increasingly refined. They make the victim feel a sense of fear or urgency, which leads them to act without stopping to think about the authenticity of the message.

A typical example is the message that appears to come from a bank and says that it will immediately block the account if the user does not access the website through an attached link and indicates your password.

As we said before, quishing is an evolution of phishing, because in this case the scam is carried out through a QR code.

When we scan one of these codes, it takes us directly to a web page. What criminals do is create a website through which they can infect the device from which visitors are accessing and thus then access your personal information. Or use that page to generate a hoax and obtain personal data.

To achieve this goal, they are modifying the QR codes that we usually find on the street. For example, those that are stuck on the tables on the terraces of bars and are supposed to give us access to the menu of that establishment. We can also find these codes on business cards, advertising brochures, and even directly on the Internet.

By using the code we are redirected to a copy of the real website where we will be asked for personal data. Once we provide this information, we can be sure that It won't be long before money disappears from our bank account or purchases are made on our behalf.

How to avoid falling into quishing

Users are increasingly informed about the scams that are committed in the online world. That's why, If we receive a strange message on our mobile, Most of us will be suspicious and it is very likely that we will not fall into the trap.

But staying safe from quishing is a little more complicated, because this fraud uses QR codes that appear to be real.

To start preventing, let's ignore all those QR codes that arrive to us without us having asked for them, or through an unreliable source. For example, if you receive a message from a store in your email offering you a discount code that you can access by scanning a QR.

Another good idea to protect ourselves is not to access QR codes that we find on the street. If you look closely, you'll see some on public notice boards, streetlights, and even bus stop shelters.

Of course, we shouldn't even pay attention to the QR if it appears next to a message with an offer that seems too good to be true. Inside and outside the online world, everything that seems very good and easy to obtain is usually a fraud.

In the case of QR codes in bars and restaurants, cases have already been detected in which these have been changed by fake ones without the business owners realizing it. Yes you can, Better ask for the letter to be brought to you in physical format. In any case, if you access the website with the menu, they should not ask you for any personal information, so never give this type of information.

Normally, nothing will happen if you only access the fraudulent website, but do not provide any personal data. However, just by accessing it, your device could become infected. So it never hurts to have antivirus software installed on your mobile and keep it updated to the latest version.

To be even more protected against malware, make sure that your operating system is also updated to the latest version.

Other common Internet frauds

We must be careful not to fall victim to quishing, but remember that there are other very common frauds in the online world that we must remain vigilant against:

  • Online commerce fraud. Are those in which sellers use marketplaces or second-hand sales platforms to sell counterfeit products or to simulate sales and never send the product for which they have charged.
  • Tech support fraud. Scammers pose as technical service personnel from legitimate companies and contact you through phone calls or pop-up messages warning that there is a problem in the browser and offering a remote repair.
  • Investment fraud. They are complex networks that offer investment opportunities with great returns, and which turn out to be fraudulent or a pyramid scheme.

We cannot 100% avoid falling into quishing or other online scams, especially when they are as sophisticated as they are today. But yes we can We can greatly reduce the risk if we always act with caution. Therefore, try to access the websites by directly typing the address in the navigation bar rather than using a link, and make sure not to provide sensitive personal data if you are not completely sure of the identity of the person behind the message or the website.