Fake QR Codes in Texts and Emails Steal Personal Information
Qusing Crimes Using QR Codes for Phishing on the Rise
Since the COVID-19 pandemic, one thing that has become familiar to us is the QR (Quick Response) code. QR codes are used in various ways in daily life, sometimes as identification cards and sometimes as tickets. However, there is a growing need for caution as Qshing crimes?phishing attempts using QR codes?are on the rise.
According to CNBC on the 7th (local time), the U.S. Federal Trade Commission (FTC) warned that scanning incorrect QR codes or leaking personal information through phishing websites linked via QR codes can lead to financial losses.
As various restaurant menus and general QR codes used in different shopping districts are commonly used in the United States, there have been incidents of personal information leakage during the process of scanning QR codes. [Photo by Pixabay]
As general QR codes used in various restaurant menus and shopping districts are commonly used in the U.S., damages caused by personal information leaks during the process of scanning QR codes are occurring.
The FTC warned, "Some criminals replace QR codes posted in paid parking lots with their own QR codes containing hacking codes, while others attach QR codes to text messages or emails to induce scanning."
In particular, scammers often send texts and emails that create a sense of urgency, such as claiming that a delivery was not made and that the delivery schedule or address must be changed, or demanding a password change due to suspicious activity, to induce victims to scan QR codes, the FTC pointed out.
If you scan such QR codes and open phishing internet addresses (URLs), you may be directed to fake websites that meticulously imitate financial institutions such as banks and credit card companies, where you are asked to enter passwords and other personal information, or you may be infected with malware that steals personal information.
The FTC added that if victims mistakenly scan QR codes used in fraud crimes, they may suffer not only personal information leaks but also financial losses such as scammers withdrawing money from bank accounts without permission or making credit card payments.
Meanwhile, according to market research firm eMarketer, more than 94 million U.S. consumers are using QR scanners on smartphones this year alone, and the number of Americans using QR codes is expected to increase to 106 million by 2026.
Qshing Crimes Spreading Worldwide
QR code-based quishing crimes are rampant not only in the United States but also worldwide. [Photo source=Pixabay]
Qshing crimes using QR codes are rampant not only in the U.S. but also worldwide. Previously, fake QR codes were found on parking violation tickets in China. These tickets, placed under windshield wipers, exploit the psychology that most people, when discovering such tickets, scan the QR code out of confusion.
In Madrid, Spain, fraudulent QR codes attached to public bicycles caused controversy. Users scanned the QR codes thinking they were for payment to use the bicycles, but these were confirmed to be phishing scam QR codes.
In Korea, cases of phishing crimes where money was withdrawn unknowingly through fraudulent QR codes have also emerged, prompting financial authorities to issue warnings.
The domestic security industry advises that to avoid falling victim to Qshing crimes, one should be cautious when scanning QR codes of unclear origin exposed in public places or on websites with weak security.
Additionally, it is recommended to avoid accessing QR codes included in emails as much as possible, since it is uncommon to require QR code authentication via email.
On the 6th, the Financial Informatization Promotion Council, the Korea Financial Telecommunications and Clearings Institute, and 17 domestic banks launched the 'QR Code-based ATM Deposit and Withdrawal Service.' A QR code recognizable by the mobile cash card application is displayed on an ATM in Seoul, and special attention must be paid to security. [Photo by Yonhap News]
Even if you accidentally scan a QR code, it is important to install and keep updated mobile security apps or smishing detection apps to prevent malicious apps from being installed.
If a malicious app is installed, you can delete it by booting your smartphone into safe mode and disabling device administrator permissions.
To prepare for cases where personal information is accidentally entered, setting different passwords for each website can prevent secondary damage such as chain personal information leaks and financial losses.
Above all, experts say that to prevent damage caused by QR codes, it is best not to scan QR codes of uncertain origin, and since dangerous apps can be distributed even on official app markets, it is advisable to check user reviews before downloading apps.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
