Quishing on the rise – Be alert while scanning payment QR codes
Jan 18, 2024, 14:03 IST
- Quishing or the use of QR codes to steal money and personal information has been on a rise in India.
- Nearly half of UPI-related frauds in 2023 reportedly involved the use of QR codes.
- Here’s everything you need to know about quishing and how to protect yourself from such scams.
Advertisement
Digital payments have grown by leaps and bounds in India over the past few years, with unified payments interface (UPI) making it easier to pay on the go. While UPI has made payments easier, scammers have also kept abreast with technology to come up with new ways to defraud people.The latest deceit has scammers resorting to quishing to steal money, personal information and committing identity theft.
What is quishing?
You may have heard about terms such as phishing, card skimming, email spoofing and more. But quishing is a rising scam that involves the use of fake QR codes to redirect the user to a fake website or to steal information.
According to a report, complaints related to UPI frauds have increased from 15,000 cases in 2022 to over 30,000 in 2023. Of this, nearly half of the cases reportedly involved QR codes
Advertisement
QR code frauds have also risen in countries like the US, with the Federal Trade Commission (FTC) issuing an alert, cautioning users about harmful links in QR codes.
Here’s how quishing works
In quishing, the scammer generally asks the victim to scan a QR code using the camera, which then redirects the user to a website created by the scammer. This website is generally an imitation of a genuine website, be it an e-commerce platform, a bank or other platforms that deal with important personal and financial information.
Then, the website asks the user to enter their personal information or account details. When the user enters this information, the information is sent to the scammer, who can use this information to steal money or commit identity theft.
Advertisement
In some instances, these QR codes also prompt the victim to enter their UPI PIN to send money. When the user enters their UPI PIN, the scammer receives it and can use it to steal money.Not just this, QR codes may also include malicious files, which are automatically downloaded when the user scans the code. This may infect the user’s smartphone and steal their personal information without them even knowing.
How to protect yourself from quishing?
Here are some steps you can take to protect yourself:
- Avoid scanning QR codes when you are not aware about who has placed it, especially in public areas which can be accessed by anyone.
- Do not scan QR codes if you receive them from unknown people in a message or email.
- Avoid scanning QR codes shared on social media, as they may contain malicious files.
- When scanning a QR code that includes a link, inspect the URL before clicking on it.
- If the QR code includes a shortened URL, avoid clicking on it unless you trust the source.
- If a QR code leads you to a website, ensure that it is authentic and ensure it is not a phishing attempt.
- Do not share personal information after you visit a website by following a QR code if you are not certain about its authenticity.
Advertisement
Scam | How it works |
Phishing | Involves creation of fake websites to obtain personal and financial information. |
Vishing | Involves the use of fraudulent phone numbers to obtain personal and financial information. |
Pharming | This involves redirection of users from a genuine website to a fake website. |
Smishing | Involves use of text messages to obtain personal and financial information. |
Skimming | Involves duplication of debit or credit card, allowing the scammer to steal money. |
SEE ALSO:
Samsung Galaxy S24 series with Galaxy AI debuts starting ₹79,999
Apple beats Samsung for the first time since 2010, tops global smartphone shipments
OnePlus 12 with the Snapdragon 8 Gen 3 launch in India on Jan 23 – everything we know so far