Mumbai: The Indian Computer Emergency Response Team (CERT-In) has issued an alert warning citizens about the trending QR Code phishing, or ‘Quishing’, fraud. Quishing is a form of phishing where attackers embed URLs in a QR code to redirect victims to a malicious website or download a malicious app designed to steal sensitive information, such as login credentials, personal data and financial details.
The alert states, “Examine the URLs before opening them by scanning QR codes and always check for spelling mistakes and verify the domain names in URLs. Do not click on shortened URLs without validating the original URL and use strong passwords and enable multi-factor authentication.”
“Keep your operating system updated and exercise caution while scanning QR code received from strangers through chats or emails,” it said.
Police officials said that with modes of payments going digital and extensive use of QR codes for even the smallest of transactions, cyber-attackers may use quishing even more.
Earlier, the police had warned people about other types of cyber-attacks such as vishing, which is a form of voice phishing wherein fraudsters falsely claim to represent banks, income tax, gas agency officials, etc, and attempt to trick the victim into providing their personal and financial details over the phone; and smishing, a technique used by fraudsters to trick users by sending text messages to gather personal or financial information of users or for committing financial frauds. More often the text messages are spoofed and appear to be from authentic sources.