Tag: quishing

Over 20 million people have been tricked by fake QR code scams, research shows – Tech Digest
[ad_1]
Share

A new wave of cybercrime is turning physical mail into a digital trap, with research indicating that over 26 million people may have been lured onto malicious websites through deceptive QR codes.

Cybersecurity firm NordVPN has warned that scammers are increasingly moving away from traditional email phishing towards “quishing”- or QR code phishing – to steal personal data and financial information.

The rise in these incidents is often linked to a technique known as “brushing.” In these scenarios, individuals receive unexpected packages from anonymous senders. These deliveries often contain a cryptic note encouraging the recipient to scan an included QR code to “verify” a gift or discover the sender’s identity.

While the package may seem like a harmless mistake, experts warn it is a calculated entry point for data theft. “QR codes have become a silent gateway for cybercriminals,” explains Marijus Briedis, chief technology officer at NordVPN.

He notes that while many users have learned to spot red flags in emails, a physical QR code often feels “inherently trustworthy.”

The effectiveness of this method is bolstered by a lack of public caution. Data shows that 73% of Americans admit to scanning QR codes without verifying their legitimacy.

This is particularly concerning given that nearly 26% of malicious links are now delivered via QR codes. Once scanned, these codes can direct victims to phishing sites designed to capture login credentials, steal personal details, or even download malware directly onto a smartphone.

Marijus Briedis shares essential tips to help people protect themselves from brushing scams and malicious QR codes:

Before you scan a QR code, make sure you know where it has come from. Is it from a business you trust or someone you don’t recognize? If you’re unsure, don’t scan it. Reach out to the sender through their official contact information.

Most smartphones let you see a link to a website before you open it. Take advantage of this feature. If the link looks odd or isn’t what you expected, don’t continue.

Make sure your phone’s security software is always up to date. Use a VPN when browsing the internet. These steps help protect you from dangerous websites and data theft, even if you accidentally open a harmful site.

Help your friends and family stay safe by sharing these tips, especially with anyone who isn’t very comfortable with technology. Scammers often go after people who don’t know about these tricks.

Nord VPN

For latest tech stories go to TechDigest.tv

Like this:

Like Loading…

Related Posts

Discover more from Tech Digest

Subscribe to get the latest posts sent to your email.
[ad_2]

Chris Price

Source link
January 21, 2026
QR code scams: How to avoid falling victim to ‘Quishing’

[ad_1]

Cybersecurity experts are warning about scammers using QR codes to take advantage of unsuspecting victims.What is a QR code?Short for “quick response” code, the small barcodes are ubiquitous, getting scanned using a phone’s camera to link to restaurant menus, online payment systems or any other digital task.”We’re all familiar with these things,” said Jean-Paul Bergeaux, the federal chief technology officer for GuidePoint Security. “The concept is, ‘How do we give people a way to get to a link, where they don’t have to enter it, to simplify our life,’ which it does very well.”How does ‘Quishing’ work?Unfortunately, like most things, scammers are finding ways to use QR codes as part of a scam that’s known as “Quishing.””You’re just scanning it and hitting it and saying go, and so you can go anywhere, and the bad guys can send you anywhere,” Bergeaux said. “That’s the hook for them, right? It’s not only just ubiquitous and everywhere, but there’s a bit of (anonymity) to it.” Bergeaux said scammers most commonly use QR codes to send you to a dummy website to get your information — and money.”They’re going to steal things from your phone. They’re going to steal your information. They’re going to steal your accounts just by scanning it,” Bergeaux said.It happened in BaltimoreSo, say you’re trying to park your car. A fake QR code posted on a parking meter could take you to a website that looks like you’re paying for parking, when in reality, a scammer just stole your credit card information.It’s a problem that was reported in Baltimore earlier this year, when the Parking Authority of Baltimore City warned drivers not to scan QR codes on its meters.How do I avoid QR code scams?There are ways to protect yourself. For one, check whether the QR code has been tampered with, or whether it’s just covered up by a sticker or piece of paper. You could also avoid using them altogether.”You can simply just go to the app store, download the ParkMobile app — or whatever the app is —yourself, and don’t take the risk of being sent somewhere you potentially don’t want to go,” Bergeaux said.It’s also good practice to not reuse passwords and to turn on multi-factor authentication to keep information safe in your most important accounts.What do I do if I fell victim to a QR code scam?If hackers do access your phone, don’t wait to act.”The first thing is, what did they get? If they got an account, reset the account, retake control over that account, whatever that account is,” Bergeaux said.Bergeaux warned that even if a QR code is made with good intentions, the websites used to create the QR codes can sometimes do so maliciously. So, if something seems off or doesn’t seem right, check with the company or organization before scanning a QR code or clicking any links.

Cybersecurity experts are warning about scammers using QR codes to take advantage of unsuspecting victims.

What is a QR code?

Short for “quick response” code, the small barcodes are ubiquitous, getting scanned using a phone’s camera to link to restaurant menus, online payment systems or any other digital task.

“We’re all familiar with these things,” said Jean-Paul Bergeaux, the federal chief technology officer for GuidePoint Security. “The concept is, ‘How do we give people a way to get to a link, where they don’t have to enter it, to simplify our life,’ which it does very well.”

How does ‘Quishing’ work?

Unfortunately, like most things, scammers are finding ways to use QR codes as part of a scam that’s known as “Quishing.”

“You’re just scanning it and hitting it and saying go, and so you can go anywhere, and the bad guys can send you anywhere,” Bergeaux said. “That’s the hook for them, right? It’s not only just ubiquitous and everywhere, but there’s a bit of (anonymity) to it.”

Bergeaux said scammers most commonly use QR codes to send you to a dummy website to get your information — and money.

“They’re going to steal things from your phone. They’re going to steal your information. They’re going to steal your accounts just by scanning it,” Bergeaux said.

It happened in Baltimore

So, say you’re trying to park your car. A fake QR code posted on a parking meter could take you to a website that looks like you’re paying for parking, when in reality, a scammer just stole your credit card information.

It’s a problem that was reported in Baltimore earlier this year, when the Parking Authority of Baltimore City warned drivers not to scan QR codes on its meters.

How do I avoid QR code scams?

There are ways to protect yourself. For one, check whether the QR code has been tampered with, or whether it’s just covered up by a sticker or piece of paper. You could also avoid using them altogether.

“You can simply just go to the app store, download the ParkMobile app — or whatever the app is —yourself, and don’t take the risk of being sent somewhere you potentially don’t want to go,” Bergeaux said.

It’s also good practice to not reuse passwords and to turn on multi-factor authentication to keep information safe in your most important accounts.

What do I do if I fell victim to a QR code scam?

If hackers do access your phone, don’t wait to act.

“The first thing is, what did they get? If they got an account, reset the account, retake control over that account, whatever that account is,” Bergeaux said.

Bergeaux warned that even if a QR code is made with good intentions, the websites used to create the QR codes can sometimes do so maliciously. So, if something seems off or doesn’t seem right, check with the company or organization before scanning a QR code or clicking any links.

[ad_2]

Source link

November 27, 2025
How scammers use the holiday season to steal your money, information

[ad_1]

Scammers particularly use the holiday season to steal your money and information.Hoping consumers will let down their guard, or just trying to spoof legitimate businesses, scammers will do everything they can to take advantage of your vulnerability or generosity.Chase and the Baltimore Police Department recently hosted a scam education event to show consumers how to protect themselves. Some of their tips are listed below.Holiday shopping: What to knowShop with trusted retailers: Stick to reputable websites when shopping online. If you’re unfamiliar with a store, search for its name along with terms like “scam,” “complaints” or “reviews” to uncover any red flags.Verify website URLs: Scammers can create fake websites that look like legitimate retailers. Ensure the URL starts with “https://” as the “s” stands for secure. Avoid clicking links from unsolicited emails or texts.Beware of unrealistic deals: Scammers lure buyers by offering massive discounts on popular or sold-out items. If a deal seems too good to be true, it’s likely a scam.How you pay matters: Credit cards and debit cards offer different protections than cash or payment transfer apps, like Zelle and Venmo. Remember, only use apps like Zelle to pay others you know and trust.Shopping on public Wi-Fi: Avoid connecting to public Wi-Fi when making an online purchase. Scammers can intercept your personal information on unsecured networks.Use digital tools: Trusted financial institutions offer credit and identity monitoring, including alerts to inform you when your data is exposed in a data breach or on the dark web.Online deals that are too good to be trueWhen shopping online or on social media, buy only from trusted websites and vendors. If purchasing on a marketplace, stay on the platform to complete transactions and communicate with sellers, as protections often only apply when you use the platform.Use payment methods that offer buyer protection. Never send money to strangers, particularly via payment-transfer apps like Zelle or Venmo, for purchases, especially when you can’t confirm the goods exist. Missed packages or problems with deliveryExpecting a package? Be cautious of phishing messages through email or text message that impersonate delivery services, like the U.S. Postal Service, UPS or FedEx, with links to view “missed deliveries.” These links may lead to fake sign-in pages to capture your actual password or to malware-infected sites.Do not respond to messages requesting personal or financial information, including money or cryptocurrency. Be wary of unexpected packages and avoid scanning QR codes, as they may be attempts to steal your information.Scams: Fake refunds, quishing, phishing/smishing, whalingRefund scams: Another scam doesn’t demand payment. Instead, it dangles a refund, sometimes via text messages posing as official messages from “Department of Taxation,” urging recipients to “click here to claim your refund.” The texts look legitimate at a glance, but they are designed to lure you into tapping a fraudulent link and handing over personal information. Cybersecurity experts are warning about scammers using QR codes to take advantage of unsuspecting victims. The practice called “quishing” uses a QR code that sends you to a dummy website to get your information — and money.When it comes to phishing, the term is more widely known, but people are still falling for it. Phishing emails or texts (known as “smishing”) attempt to trick a recipient into clicking a suspicious link, filling out information or downloading a malware file.Whaling attacks generally target leaders or other executives with access to large amounts of information at an organization or business. Whaling attacks can target people in payroll offices, human resources and financial offices as well as leadership. Video below: An expert’s tips to avoid falling for QR code scamsGift card scamsBe cautious about buying gift cards from third-party sites. Scammers will pre-save card details or sell expired cards.Don’t respond to an unsolicited email or text message offering you a gift card because it’s often a way to track your online activity.Don’t fall for scammers asking you to pay for services or goods using gift cards.Video below: Guide to selling gift cards securely onlinePhony charitiesThe holidays are also a season of giving, but before you donate money, double-check the contact and payment information for a charity.Beware of text, email or phone call solicitations. Like any other unsolicited message, don’t click on links or open attachments because they may contain malware or try to steal your information.Travel scamsScammers try to mimic or impersonate popular travel websites by recreating familiar branding, logos or company verbiage.As part of your travel research, do scam checks by looking up unfamiliar retail, travel and services websites by searching online for their names along with terms like “scam,” “complaints” or “reviews.”Chase advises using a credit card to book travel so that if an issue arises, you can dispute it.What to do if you fall victim to a scamVideo below: Steps to take immediately after falling for a scamStop communication: Discontinue all contact with the scammer immediately to prevent further damage.Document everything: Take note of all relevant information, including the scammer’s contact details and any information that may be useful when reporting the incident.Contact your bank: Report the incident and verify recent transactions to ensure there is no fraudulent activity on your account.Report the incident: File a police report or an inquiry to the Federal Trade Commission for official documentation.Monitor for identity theft: Sign up for credit and identity monitoring to receive alerts when your personal information has been leaked in a data breach or shows up on the dark web.Change your passwords: Update your online accounts by creating strong passwords, particularly if the scam involved accessing your personal information.Share your experience: Let friends and family know what happened to raise awareness about the signs of scams and help others avoid falling victim. Remember that financial scams can, and do, happen to anyone, so don’t feel embarrassed.Remain on high alert for follow-up scams: Scammers might attempt to target you again, especially if they know you’ve fallen victim before. Be cautious of unsolicited communications.

Scammers particularly use the holiday season to steal your money and information.

Hoping consumers will let down their guard, or just trying to spoof legitimate businesses, scammers will do everything they can to take advantage of your vulnerability or generosity.

Chase and the Baltimore Police Department recently hosted a scam education event to show consumers how to protect themselves. Some of their tips are listed below.

Holiday shopping: What to know

Shop with trusted retailers: Stick to reputable websites when shopping online. If you’re unfamiliar with a store, search for its name along with terms like “scam,” “complaints” or “reviews” to uncover any red flags.

Verify website URLs: Scammers can create fake websites that look like legitimate retailers. Ensure the URL starts with “https://” as the “s” stands for secure. Avoid clicking links from unsolicited emails or texts.

Beware of unrealistic deals: Scammers lure buyers by offering massive discounts on popular or sold-out items. If a deal seems too good to be true, it’s likely a scam.

How you pay matters: Credit cards and debit cards offer different protections than cash or payment transfer apps, like Zelle and Venmo. Remember, only use apps like Zelle to pay others you know and trust.

Shopping on public Wi-Fi: Avoid connecting to public Wi-Fi when making an online purchase. Scammers can intercept your personal information on unsecured networks.

Use digital tools: Trusted financial institutions offer credit and identity monitoring, including alerts to inform you when your data is exposed in a data breach or on the dark web.

Online deals that are too good to be true

When shopping online or on social media, buy only from trusted websites and vendors. If purchasing on a marketplace, stay on the platform to complete transactions and communicate with sellers, as protections often only apply when you use the platform.

Use payment methods that offer buyer protection. Never send money to strangers, particularly via payment-transfer apps like Zelle or Venmo, for purchases, especially when you can’t confirm the goods exist.

Missed packages or problems with delivery

Expecting a package? Be cautious of phishing messages through email or text message that impersonate delivery services, like the U.S. Postal Service, UPS or FedEx, with links to view “missed deliveries.”

These links may lead to fake sign-in pages to capture your actual password or to malware-infected sites.

Do not respond to messages requesting personal or financial information, including money or cryptocurrency. Be wary of unexpected packages and avoid scanning QR codes, as they may be attempts to steal your information.

Scams: Fake refunds, quishing, phishing/smishing, whaling

Refund scams: Another scam doesn’t demand payment. Instead, it dangles a refund, sometimes via text messages posing as official messages from “Department of Taxation,” urging recipients to “click here to claim your refund.” The texts look legitimate at a glance, but they are designed to lure you into tapping a fraudulent link and handing over personal information.

Cybersecurity experts are warning about scammers using QR codes to take advantage of unsuspecting victims. The practice called “quishing” uses a QR code that sends you to a dummy website to get your information — and money.

When it comes to phishing, the term is more widely known, but people are still falling for it. Phishing emails or texts (known as “smishing”) attempt to trick a recipient into clicking a suspicious link, filling out information or downloading a malware file.

Whaling attacks generally target leaders or other executives with access to large amounts of information at an organization or business. Whaling attacks can target people in payroll offices, human resources and financial offices as well as leadership.

Video below: An expert’s tips to avoid falling for QR code scams

Gift card scams

Be cautious about buying gift cards from third-party sites. Scammers will pre-save card details or sell expired cards.

Don’t respond to an unsolicited email or text message offering you a gift card because it’s often a way to track your online activity.

Don’t fall for scammers asking you to pay for services or goods using gift cards.

Video below: Guide to selling gift cards securely online

Phony charities

The holidays are also a season of giving, but before you donate money, double-check the contact and payment information for a charity.

Beware of text, email or phone call solicitations. Like any other unsolicited message, don’t click on links or open attachments because they may contain malware or try to steal your information.

Travel scams

Scammers try to mimic or impersonate popular travel websites by recreating familiar branding, logos or company verbiage.

As part of your travel research, do scam checks by looking up unfamiliar retail, travel and services websites by searching online for their names along with terms like “scam,” “complaints” or “reviews.”

Chase advises using a credit card to book travel so that if an issue arises, you can dispute it.

What to do if you fall victim to a scam

Video below: Steps to take immediately after falling for a scam

Stop communication: Discontinue all contact with the scammer immediately to prevent further damage.

Document everything: Take note of all relevant information, including the scammer’s contact details and any information that may be useful when reporting the incident.

Contact your bank: Report the incident and verify recent transactions to ensure there is no fraudulent activity on your account.

Report the incident: File a police report or an inquiry to the Federal Trade Commission for official documentation.

Monitor for identity theft: Sign up for credit and identity monitoring to receive alerts when your personal information has been leaked in a data breach or shows up on the dark web.

Change your passwords: Update your online accounts by creating strong passwords, particularly if the scam involved accessing your personal information.

Share your experience: Let friends and family know what happened to raise awareness about the signs of scams and help others avoid falling victim. Remember that financial scams can, and do, happen to anyone, so don’t feel embarrassed.

Remain on high alert for follow-up scams: Scammers might attempt to target you again, especially if they know you’ve fallen victim before. Be cautious of unsolicited communications.

[ad_2]

Source link

November 25, 2025