The QRishing, a variant of phishing that uses malicious QR codes, is rapidly growing as a significant threat. This method tricks victims into scanning QR codes that redirect them to scam websites, where personal or financial information is stolen. Cybercriminals exploit users' trust by using QR in everyday activities such as accessing restaurant menus or paying for products and services. The ease of placing a fake code on top of a legitimate one, as has been seen in cases in Madrid and Amsterdam, Amplify risk.
One of the main problems with QRishing is that it can evade security mechanisms such as two-step authentication. When scanning the code, The victim may be directed to forms that already have pre-filled information, which increases the probability of falling for the deception. Recent reports have pointed to an increase in the 51% in these attacks in one year, with thousands of daily cases reported.
To protect yourself, it is recommended not to scan QR codes from unverified sources, enable URL preview on mobile devices and use official apps for services such as public transport. It is important to verify that the codes are not stickers placed on top of others and avoid providing personal data or downloading suspicious files, especially those who request permissions to install software.
As the use of QR codes becomes more popular, QRishing could become a common form of attack. Maintaining caution and using up-to-date security tools are key steps to avoid falling victim to this growing threat. Education about these scams also plays a crucial role in combating their impact.