QR Code Scams Escalate as Cybercriminals Exploit 73% of Americans’ Unchecked Scanning Habits
A surge in ‘quishing’ attacks, where QR codes are used to trick users into visiting malicious websites, has raised significant concerns among cybersecurity experts. According to a recent report, over 26 million people have already been affected by these scams, with 73% of Americans admitting to scanning QR codes without verifying their legitimacy. This growing trend has alarmed both private and public sectors, as cybercriminals are using the convenience of QR codes to bypass traditional phishing defenses.
Quishing, a term coined to describe these attacks, has proven to be highly effective. In one instance, scammers placed fraudulent QR codes over legitimate payment portals, leading users to sites designed to steal their personal and financial information. Cybercriminals are taking advantage of the widespread use of QR codes, often found on public signage, restaurant tables, packages, and payment terminals. These codes are hidden in plain sight, making it difficult for users to detect the malicious intent until they scan them.
The Federal Trade Commission (FTC) has already issued warnings to the public, advising them to be cautious of QR codes, especially those attached to packages. Even government agencies like the New York City Department of Transportation and Hawaii Electric have issued warnings about the use of fake QR codes. These scammers are mirroring classic ATM skimmer scams but with a more subtle and hidden approach.
Experts point out that the widespread use of QR codes has made them particularly appealing to cybercriminals. Unlike traditional phishing methods, QR codes make it easier for scammers to hide their destination until they are scanned, removing an important layer of scrutiny that users might apply to emails or texts. This ambiguity allows hackers to deploy Remote Access Trojans (RATs) and infiltrate personal and military networks alike.
According to KeepNet Labs, a cybersecurity firm specializing in AI-driven phishing simulations, over 26% of malicious links now come via QR codes. Cybersecurity experts warn that if current trends continue, quishing will soon become more prevalent than conventional phishing methods. This development is alarming because QR codes are becoming an increasingly popular method for scammers to spread malware and steal personal data.
Despite the growing threat, there are steps users can take to protect themselves. Experts recommend that users pause and consider the origin of every QR code before scanning it. Additionally, they warn against scanning codes found on public signage, restaurant tables, packages, or payment terminals without questioning their authenticity. If in doubt, users should avoid scanning entirely.
Moreover, users are encouraged to install strong antivirus software and ensure their devices are up to date with the latest security patches. Cybersecurity professionals also recommend enabling two-factor authentication (2FA) for sensitive accounts, such as email, banking, and other personal services. This additional layer of security can create a barrier for attackers who might have gained access to user credentials or devices.
For users who are frequently exposed to QR codes, experts suggest using reputable personal data removal services to monitor and remove personal information from public databases. These services can help users to constantly monitor and automate the removal process from hundreds of sites over a longer period. This proactive measure can help reduce the risk of personal information being used by scammers to personalize their attacks.
Finally, users should remain vigilant and report any suspicious QR codes or incidents to the relevant authorities. By taking these precautionary steps, users can significantly reduce their risk of falling victim to quishing attacks. In a world where 73% of Americans scan QR codes without checking the source, increased caution is essential to mitigate the growing threat of these scam tactics.