The Better Business Bureau (BBB) of Central and South Alabama is alerting consumers to a fast-growing cyber threat known as "quishing," a type of phishing scam that uses QR codes to deceive people into visiting malicious websites or downloading harmful content.

As QR codes have become a routine part of everyday life — commonly used for tasks like viewing restaurant menus or making payments — scammers have adapted, making quishing attacks a rising concern.

Recent data reveal an increase in quishing attacks, which made up just 0.8% of all cyberattacks in 2021. However, by the first half of 2024, that number had surged to nearly 11%. These attacks often target unsuspecting consumers who scan QR codes without hesitation, unaware of the potential risks.

WHAT IS QUISHING?

Quishing is a phishing tactic where scammers generate fake QR codes and distribute them through emails, social media, printed materials, or even in public spaces. When individuals scan these codes, they are directed to websites designed to steal personal information or install malware under the guise of legitimate pages.

Cybercriminals have exploited several common situations to deploy quishing scams, such as:

• Parking meters: Scammers affix fake QR codes to parking meters, directing users to malicious sites that steal their payment information instead of processing a parking transaction.
• Phishing emails: Fraudsters embed QR codes in emails, posing as trusted organizations like banks. When recipients scan the code, they’re led to a counterfeit site aimed at stealing personal data.
• Public spaces: QR codes placed in public locations, like on restaurant menus or transit ads, trick individuals into visiting dangerous websites under the pretense of accessing a menu or promotional content.
• Fake promotions: Fraudulent QR codes promoting discounts or free gifts lure victims into providing personal information or downloading harmful software.

HOW TO PROTECT YOURSELF FROM QUISHING

The BBB offers several tips to help consumers safeguard against this growing threat:

Verify the source: Always confirm the legitimacy of a QR code before scanning it, particularly in emails or public places.

Inspect URLs: Use QR scanner apps that preview the URL before opening it. If the URL seems suspicious, do not proceed.

Update security tools: Ensure your security software is equipped to detect and block threats associated with QR codes, as many standard tools may not be capable of doing so.

To stay informed and learn more about protecting yourself from quishing scams, visit www.bbb.org. Consumers are encouraged to report any suspicious activity and access additional resources on cyber protection.