Mass quishing attacks linked to organized crime gangs across the UK

• QR code phishing is on the rise, report warns
• These attacks claimed over 1,300 victims in 2024
• Cybercriminals are disguising their QR codes as legitimate payment methods

“Quishing”, or QR code phishing is claiming more victims in the UK than ever, with Action Fraud receiving 1,386 reports of incidents last year, a serious increase from 2019 where 100 attacks were recorded.

These are especially prevalent in “contactless payment hotspots” like parking meters and restaurant menus, where criminals will stick their own malicious QR code over an existing legitimate QR code.

Victims of these scams are urged to scan a malicious QR code using their phones, and then redirected to websites controlled by criminals, and are prompted to hand over their financial information by a fake payment page, or malware is deployed to their device.

Monitor your credit score with TransUnion starting at $29.95/month

TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.

Preferred partner (What does this mean?)

View Deal

Caution is key

These attacks are difficult to spot even after the fact, as criminals often take smaller amounts but more frequently, disguising the payments as legitimate-looking subscriptions or parking charges for example - which fly under the radar and aren’t always reported.

“QR codes were designed to make things more convenient but threat actors have taken advantage of this and cleverly made cloned and fake sites that look authentic at the end of a click,” comments Jake Moore, Global Cybersecurity advisor at ESET.

“QR scams can often be difficult to protect against as there is very little that immediately meets the eye to make the user aware of anything fraudulent. It can be difficult to tell these codes apart especially when the link that the QR code generates doesn’t look any different to what you may expect such as a parking payment website.”

As with all social engineering attacks, the key to staying safe is staying vigilant. Only scan QR codes you are 100% certain are safe, and never hand out your payment information to an unverified source.

Via BBC

You might also like

• Take a look at our picks for the best endpoint protection
• Check out our choice for best antivirus software
• This new phishing campaign can tailor its messages to target you with your favorite businesses