Millions hit in quishing attacks as malicious QR codes surge — how to stay safe
As reported by CNBC, millions of people have been victimized by quishing as more and more bad QR codes have appeared in public places.
According to security researchers at NordVPN, more than 26 million people have been directed to malicious websites through illegitimate QR codes. Likewise, earlier this year the FTC issued a warning about QR codes appearing on unexpected or unwanted packages that – when scanned – would lead the recipients to phishing websites that steal personal information like usernames and passwords and even credit card numbers. These websites could also potentially download malware onto your phone or give cybercriminals control over your device.
Other places have issued similar warnings: The New York City Department of Transportation warned against QR codes appearing on parking meters that had fake payment links, and Hawaii Electric also warned customers about scammers that were trying to steal payments through QR codes.
A study done by the cybersecurity platform KeepNet Labs found that 26% of all malicious links are now sent via QR code; this may be because the use of QR codes is now more widespread as they're accepted in more places and because there are better protections in place for traditional email phishing campaigns.
Posters, billboards, flyers and official documents that contain legitimate QR codes can very easily be compromised by threat actors and switched to malicious ones by being pasted over. Think of this like scammers putting a fake keypad over an ATM or gas pump using credit card skimmers.
It can also be quite difficult for most people to determine if a QR code has been tampered with in this manner. Since QR codes were designed for convenience and not security, they're ideal targets for hackers and scammers. In fact, their creator, who originally designed them to keep track of auto parts, never meant for them to be used the way they are today.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
More dangerous than a traditional phishing email, QR codes make it difficult for users to read the encoded web address – indeed the human readable text can often be modified. This is why QR codes have been used more frequently by threat actors to infiltrate critical networks and accounts of military personnel as well as to distribute RATs (remote access trojans) which can give hackers access to targeted devices and networks.
As with all phishing-style scams, the aim is to rely on victims being in a hurry or rushing to correct a problem which means that the best way to protect yourself is to remain calm, aware and vigilant.
Just like you wouldn't click on an unexpected link or attachment in an email or text, you shouldn't scan on any QR code you see pasted on a street sign, poster or advertisement. For instance, if the QR code is on the bottom of a poster or advertisement, search for that instead and then go to a company or an event's website directly.
If you do scan a QR code and get taken to a page, you wan to avoid filling out any forms asking for your persona information.
Likewise, you also want to inspect that site's URL for any suspicious signs. Does the website use a top-level domain like ".com" that you're familiar with? Or is it using one like ".TV" or one you haven't heard of before? This could be a sign that you're on a phishing page and not a legitimate website.
If you have an Android device, you can add an extra layer of protection with one of the best Android antivirus apps that can help provide protection against both malware and phishing attacks.
At the same time, if you're really worried about getting scammed or hacked, you might want to invest in one of the best identity theft protection services as not only can they help you get your identity back but they can also aid you in recovering any funds lost to fraud.
Now that QR codes and scanning them to access menus and other info has become commonplace, this threat likely isn't going away anytime soon In fact, it might actually get worse as cybercriminals devise new ways to use QR codes in their attacks. That's why it's up to you to be extra cautious whenever you interact with a QR code as failing to do so could have serious implications.
Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
CNBC
37 minutes ago
- CNBC
AI is 'bailing out' most of the U.S. stock market, Josh Brown says
Concentrated tech strength is powering a market that is otherwise flashing signs of falling consumer health, according to Josh Brown, CEO of Ritholtz Wealth Management. Concerns around the market are mounting as artificial intelligence-related capex spending and strong corporate earnings — notably from Meta and Microsoft reports this week — fuel record gains for just a few mega-cap tech companies, while the rest of the S & P 500 is posting lackluster returns. "The top five market cap stocks now, all AI, spoiler alert, I think they're equal to the market cap of the bottom 430 S & P 500 names. That's absurd — and the problem is it was absurd when they were equal to the bottom half of the S & P 500," Brown said Thursday on CNBC's " Halftime Report ." By market cap, Nvidia is the largest company in the broad-market index worth about $4.37 trillion. Microsoft earlier Thursday joined the exclusive $4 trillion club on the back of its better-than-expected earnings report, but later climbed down to roughly $3.97 trillion. Apple, Amazon and Google parent Alphabet are the following largest names in the S & P 500, according to their respective market cap sizes. As these stocks continue to get a pop, Brown called out a dangerous shift in investor focus toward AI and away from stocks considered as "bellwether" indicators of U.S. economic and consumer health. "Nobody seems to care. Chipotle is a falling knife. Nike's been horrible. Starbucks, horrible. And these are companies where when they used to report, we would be like, ooh, the health of the consumer. Forget it. No cares," Brown said. "They keep going lower, and AI keeps bailing out the rest of the stock market." "Some of the other companies that we used to see as bellwethers are doing very poorly ... we're not paying attention to that because we're so focused on this," he said, referring to AI. He recalled the dotcom bubble in the late 1990s when traders overlooked bright spots in the market that were not related to the Internet. "It's not that there aren't opportunities. It's a game where you say to yourself, but other investors aren't going to come and buy this stock for me higher 'cause they only want to buy one thing. It's not healthy. We get to that point," Brown said. DISCLOSURES: None. All opinions expressed by the CNBC Pro contributors are solely their opinions and do not reflect the opinions of CNBC, NBC UNIVERSAL, their parent company or affiliates, and may have been previously disseminated by them on television, radio, internet or another medium. THE ABOVE CONTENT IS SUBJECT TO OUR TERMS AND CONDITIONS AND PRIVACY POLICY . THIS CONTENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY AND DOES NOT CONSITUTE FINANCIAL, INVESTMENT, TAX OR LEGAL ADVICE OR A RECOMMENDATION TO BUY ANY SECURITY OR OTHER FINANCIAL ASSET. THE CONTENT IS GENERAL IN NATURE AND DOES NOT REFLECT ANY INDIVIDUAL'S UNIQUE PERSONAL CIRCUMSTANCES. THE ABOVE CONTENT MIGHT NOT BE SUITABLE FOR YOUR PARTICULAR CIRCUMSTANCES. BEFORE MAKING ANY FINANCIAL DECISIONS, YOU SHOULD STRONGLY CONSIDER SEEKING ADVICE FROM YOUR OWN FINANCIAL OR INVESTMENT ADVISOR. INVESTING INVOLVES RISK. EXAMPLES OF ANALYSIS CONTAINED IN THIS ARTICLE ARE ONLY EXAMPLES. THE VIEWS AND OPINIONS EXPRESSED ARE THOSE OF THE CONTRIBUTORS AND DO NOT NECESSARILY REFLECT THE OFFICIAL POLICY OR POSITION OF RITHOLTZ WEALTH MANAGEMENT, LLC. JOSH BROWN IS THE CEO OF RITHOLTZ WEALTH MANAGEMENT AND MAY MAINTAIN A SECURITY POSITION IN THE SECURITIES DISCUSSED. ASSUMPTIONS MADE WITHIN THE ANALYSIS ARE NOT REFLECTIVE OF THE POSITION OF RITHOLTZ WEALTH MANAGEMENT, LLC" TO THE END OF OR OUR DISCLOSURE. Click here for the full disclaimer.
CNBC
37 minutes ago
- CNBC
Amazon's AI spending spree in focus ahead of earnings
CNBC's MacKenzie Sigalos joins 'The Exchange' to discuss Amazon's AI spending spree as the Big Tech name is set to report earnings after the bell.
CNBC
37 minutes ago
- CNBC
Figma more than triples in NYSE debut after selling shares at $33
Figma's stock more than tripled in its New York Stock Exchange debut on Thursday, a day after the design software company sold shares at $33 in its IPO. The big opening pop is the latest indication that the tech IPO market has reopened following a multi-year lull that began in early 2022, when inflation was soaring and interest rates were on the rise. So far this year, online bank Chime, stablecoin issuer Circle and artificial intelligence infrastructure provider CoreWeave have hit the market, along with health-tech companies Hinge Health and Omada Health. Figma's first trade at $85 valued the company at about $50 billion. The stock, trading under ticker symbol FIG, was halted after it soared past $112. In 2022 Adobe agreed to acquire Figma for $20 billion, but the deal fell apart in 2023 after U.K. regulators said the tie-up would likely harm competiiton. Led by 33-year-old CEO Dylan Field, Figma makes web-based software that allows people to collaborate on slide decks, digital whiteboards and designs for apps and websites. Field told CNBC's "Squawk Box" on Thursday that regardless of what happens with the market debut, the company has to "stay focused, stay on mission, listen to our customers and really keep our priorities in mind." "The most important thing to remind myself of, the team of, is share price is a moment in time," said Field, whose stake in the company is worth over $4.5 billion based on the opening price. "We're going to see all sorts of behavior probably today, over the weeks ahead." Figma boasts more than 13 million monthly users, two-thirds of whom are not designers. As of March 31, more than 1,000 clients were paying Figma over $100,000 annually, according to the prospectus. Google, Microsoft, Netflix and Uber are all customers. In its filing of preliminary results for the second quarter, Figma said it generated $9 million to $12 million in operating income on $247 million to $250 million in revenue, with sales growing about 40% year over year. Last week Figma said in a filing that it would price shares at $25 to $28 each. On Monday it issued another update, calling for a range between $30 and $32, before ultimately pricing $1 above that range. The offering raised $1.2 billion, with most of the proceeds going to existing shareholders, including venture capital firms Greylock Partners, Index Ventures, Kleiner Perkins and Sequoia Capital. Founded in 2012 and based in San Francisco, Figma ranked 45th on CNBC's 2025 Disruptor 50 list of private companies. Lynn Martin, president of the NYSE, told CNBC's "Squawk on the Street" on Thursday that plenty more deals should be on the way. "I think given that Figma did so well with their pricing last night, and there is so much demand that has persisted still in the order book this morning for this company, I think this will open the floodgates," Martin said.
