-

Quishing: beware of QR code scams

2 min

With the increasing presence of QR codes in our daily lives, a new form of scam called "Quishing" has emerged. This malicious method exploits QR codes to access your data or infect your devices.

Find out how these scammers operate and how to protect yourself effectively. 

Quishing: when QR codes become scam tools 

QR codes are everywhere: to access menus in restaurants, to share Wi-Fi codes, or to make payments. Unfortunately, their ease of use makes them a perfect target for cybercriminals. 

"Quishing", a combination of "QR code" and "phishing", uses QR codes to direct victims to fraudulent websites or execute malicious programs on their devices. 

How does a Quishing attack work? 

The attack relies on a simple and frighteningly effective process:

1. A malicious QR code is created: scammers generate a QR code that redirects to a phishing website or allows the download of malicious software. 
2. The QR code is shared: they place these codes in public places, send them by email, messaging, or publish them on social media. They often disguise them as promotional offers or necessary downloads (discounts, updates, etc.). 
3. The victim is tricked: a person scans the QR code without being suspicious, thinking they are accessing a legitimate resource. 
4. The data is exploited: the victim is redirected to a fraudulent website or their device is infected.

How to protect yourself against Quishing? 

Adopt these simple reflexes to avoid falling into the trap:

• Be cautious: treat QR codes with the same caution as unknown links in an email or SMS. 
• Check the URL: before clicking, check the web address displayed if your scanning app allows it. A non-official or misspelled URL is suspicious. 
• Verify the source: make sure the QR code comes from a reliable source before scanning it. Use secure scanners: some apps analyse QR codes before opening them. 
• Use secure scanners: some apps analyse QR codes before opening them. 
• Search directly online: if you have doubts, perform a search on an official search engine instead of scanning the code. 
• Keep your devices up to date: updates fix vulnerabilities that cybercriminals can exploit. 
• Report suspicious codes: send suspicious QR codes to suspect@safeonweb.be for analysis.

 What to do if you are a victim of Quishing? 

 Do you think you have disclosed confidential data?

• Check your recent transactions to identify suspicious transactions.
• Always contact the Easy Banking Centre via 02 762 20 00 (Monday to Friday from 7am to 10pm and Saturday from 9am to 5pm). Outside the Easy Banking Centre's opening hours and only in case of suspected fraud, contact 02 433 43 75. To easily contact the Easy Banking Centre or the dedicated fraud number, go through the Easy Banking App by clicking on "Help and contact".
• Immediately block all your bank cards via Card Stop at 078 170 170 or block your debit card(s) via the Easy Banking App.
• Make a statement to the police and send a copy of your statement to your BNP Paribas Fortis advisor. 
• Check, via Easy Banking Web (Settings > Access to our apps) or Easy Banking App (Settings > Security > Devices with our apps), the devices on which your banking app has been installed and remove any suspicious or unknown devices.

You can find more information on Safeonweb.be and on the website of the Belgian Financial Sector Federation. 

Prevention is your best defence against Quishing and other forms of phishing. For practical tips and advice on online security, click on the link below. 

Protect yourself from fraud and phishing