Just like Christmas is now all around us, so too are scams. One scam in particular is on the rise and could see many people fall victim to this festive season.
Quishing is when scammers use QR codes to try and trick people out of their money. According to Keepnet in the UK, quishing attacks are jumping by 270% monthly and they say it is becoming increasingly prevalent and hazardous. They also say that quishing attacks have exceeded 100 million incidents and affect every sector.
The scammers target their victims using a QR code which people use to access information on a website. People scan the QR code and it directs them to the information. QR codes are a handy way for companies to reach their customers. However quishing is when a fraudster creates a fake QR code that directs you to a fake website which will look real but will ask you for personal information. The fraudster then uses this information to rob you of your money.
According to Bank of Ireland people should not scan a QR code that they do not trust. They say that instead of scanning the QR code you should search for the company on your browser and never download software that you don’t understand. They say that if something doesn’t feel right, trust your instincts and do not provide your information. Also if you do find yourself in difficulty contact your bank straight away.
The Technological University in Dublin says that by being extra vigilant, you can avoid getting drawn in by malicious codes if you know what to look for. One scenario is that the scammer will send an email that contains a QR code and they request you to scan the QR code with your mobile phone. However once it is scanned you would be taken to a fake website and asked to upload additional personal information. People are falling victim to these scans as the QR will look genuine so they believe the website is also.
One area that criminals are increasingly targeting with quishing is car parks. They are placing fake QR codes on payment machines at car parks and drivers have been urged to be extra vigilant this Christmas when using these machines.
The RAC in the UK said recently they have seen a spate of these attacks in carparks.
RAC head of policy Simon Williams said: “A car park is one of the last places where you’d expect to be caught out by online fraud. Unfortunately, the increasing popularity and ease of using QR codes appears to have made drivers more vulnerable to malicious scammers. For some, this sadly means a Quick Response code could in fact be a ‘quick route’ to losing money.
As if this quishing scam isn’t nasty enough, it can also lead to drivers being caught out twice if they don’t realise they haven’t paid for parking and end up getting a hefty fine from the council.
“The safest course of action when paying for parking at a council-owned car park is to avoid using QR codes altogether. Most of these councils don’t even operate a QR code payment system, so if you’re in any doubt, steer well clear and only pay with cash, card or via an official app downloaded from your smartphone’s app store. This advice should also be applied wherever a QR code is offered as a method of payment on a public sign, including electric vehicle charge points and private car parks.
Another area where scammers are targeting victims is in the area of concert ticket sales. Often for popular concerts or shows people may be so desperate to secure tickets they will take a chance using a website they don't recognise.
The Garda National Cyber Crime Bureau (GNCCB) says that people should alway use multi-factor authentication (MFA) on their accounts for extra security when making a purchase. They say you should only scan a QR code from sources you trust and recognise and keep your computer and phone software updated regularly to protect against security threats.
The Gardaí also say that if you think that you have been a victim of fraud and your bank account has been used or compromised in any way you should report the matter immediately to your bank or financial institution to minimise any financial loss to you.
They say that if fraudsters do get access to your bank card then you should immediately inform your bank to close or freeze your card and inform your local Garda station. Also try to retrace your steps if you recently used the card somewhere you don’t normally and try to remember if there was any time when you were not in control of your card or if it was taken out of your sight in order for a payment to be processed.
The Gardaí say that to also remember that card skimming may not necessarily have occurred in the very recent past and weeks and months may pass before any unlawful transactions are carried out.