QR Code Phishing: What to Know About Quishing Attacks

In today's digital world, scams are becoming increasingly sophisticated and common. One such scam that has been gaining popularity is QR code phishing, also known as “Quishing”. QR codes, widely used for their quick and easy access to information, can unfortunately be manipulated by scammers to trick unsuspecting individuals. 

What is Quishing?

QR codes have become increasingly popular in recent years due to their convenience and simplicity. However, just like any other technology, they can be misused by criminals with malicious intentions. Scammers trick users into scanning a QR code that directs them to a fraudulent website or downloads malware onto their devices. These QR codes are often designed to look like legitimate codes that users encounter in their daily lives, such as on product packaging or in promotional materials.

Scanning a malicious QR code may unknowingly provide sensitive information, such as your login credentials or financial details, to attackers. This information can then be used for identity theft, financial fraud, or other illegal activities. Additionally, downloading malware through QR codes can compromise the security and privacy of your devices, leading to data breaches or unauthorized access.

Popular Types of QR Code Scams

QR codes are commonly used to make payments for services like parking or meals, but you should be cautious of any QR code that you come across in public. Scammers will replace legitimate QR codes with their own codes that redirect you to a phishing website, which can steal your personal information.

Here are popular ways fraudulent QR codes are being used:

1. Phishing emails - If you receive an unsolicited email containing a QR code, be wary. While email services can detect and warn you of malicious links and attachments, they may not be able to do the same for malicious QR codes.
2. Restaurants and stores - Many restaurants and bars use QR codes for customers to view menus or order meals. However, scammers can replace these codes with fraudulent ones that redirect you to a phishing website to steal your personal information.
3. Mail - Scammers may send physical mail containing QR codes that claim to offer giveaways, prizes, or instant coupons. Be careful, as these are often scams.
4. Unexpected packages - If you receive a package with an unexpected QR code, be cautious. Scammers may send you a product in the mail to create a sense of curiosity and bypass your suspicions.
5. Social media - If you receive a message containing a QR code from a social media account you follow, be sure to contact the person directly outside of the platform to confirm that their account has not been hacked.

The 3 "U"s of QR Codes

1. Unusual - If the URL revealed after scanning the QR code seems suspicious or unfamiliar, it's a red flag. Always verify the legitimacy of the website before entering any personal information.
2. Ungrammatical - Poor grammar or misspellings on the landing page can indicate a phishing attempt. Legitimate businesses typically maintain a high standard of professionalism.
3. Unsolicited - Be cautious of unsolicited QR codes received via email, text message, or social media. It's best to only scan codes from trusted sources or reputable establishments. 

All TowneBank members should know that TowneBank does NOT email QR codes of any kind. Remember, emails from TowneBank will come from @TowneBank.com or @TowneBank.net and never @Towne-Bank.com, @Townbank, etc. 

What to Do If You Fall Victim to Quishing

So, what happens if you accidentally scan a malicious QR code? Unfortunately, the consequences can be severe. Cybercriminals can gain access to your personal information, such as login credentials, banking details, or even install malware on your device. This can lead to identity theft, financial loss, or unauthorized access to your sensitive data.

If you scan a fraudulent QR code, take these steps immediately:

1. Secure your device - If you accidentally used a suspicious QR code, disconnect from the internet immediately by turning on airplane mode on your phone. This will help minimize any potential damage or unauthorized access to your personal information.
2. Report the incident - Notify the appropriate authorities about the QR phishing incident. Contact your local law enforcement agency and provide them with all the relevant details. They can investigate the matter and take appropriate action against the criminals. You can also report the incident to the Federal Trade Commission here.
3. Preserve evidence - It's essential to keep any evidence related to the QR phishing scam. Take screenshots or photos of the phishing QR code, any suspicious messages or emails, and any other relevant information that may assist in the investigation.
4. Monitor your accounts - Keep a close eye on your financial accounts, credit cards, and any other sensitive accounts. If you notice any unauthorized transactions or suspicious activity, report it immediately to our Fraud Department.

What Does TowneBank Do When Quishing Attempts are Reported?

If you believe you've received a fraudulent QR code from TowneBank, please get in touch with your banker to report the incident. Our security team uses services to report these scenarios to have them taken down by the Federal Communications Commission (FCC). We take these attacks very seriously, and your security is our priority. Your banker can also help you to set up alerts on your accounts and if need be, change your account information.

By staying informed and adopting these preventive measures, you can significantly reduce the likelihood of becoming a victim of QR code phishing.