Heard of phishing scams? Now ‘quishing’ is the new scam to watch out for

Alipay’s app (QR code L) currently allows users to pay with a traditional credit card linked to their bank or offers small unsecured loans to buy anything from toilet paper to laptops – Copyright AFP/File GREG BAKER

A new cybercrime threat has emerged, and it has been dubbed “quishing.” Many are familiar with the term “phishing,” which involves scammers attempting to obtain sensitive information through fraudulent emails or websites.

Quishing takes a different approach, exploiting the convenience and ubiquity of quick-response (QR) codes. In recent months, quishing has risen from making up a mere 0.8 percent of all email phishing attacks in 2021, to accounting for a staggering 11 percent so far into 2024.

Trevor Cooke, Privacy Expert at EarthWeb has told Digital Journal that: “Quishing is a relatively unknown but rapidly growing problem that preys on our trust in QR codes and our reliance on mobile devices.” 

As QR codes have become increasingly prevalent in various aspects of our lives, from contactless payments to accessing information, cybercriminals have found a new avenue to exploit.

The data on the rise of quishing was sourced from Intelligent CIO. The data on quishing incidents in June to August 2023 and the scam threat in 2024 came from Keepnet.

What is Quishing?

Quishing, a portmanteau of “QR code” and “phishing,” is a form of social engineering attack that involves the use of malicious QR codes. 

These codes, when scanned, can redirect unsuspecting victims to fraudulent websites designed to steal personal information, install malware, or initiate unauthorised transactions.

While phishing scams typically rely on emails or fake websites, quishing takes advantage of the convenience and perceived trustworthiness of QR codes. Cybercriminals can create malicious QR codes and place them in public spaces, such as restaurants, airports, or even on product packaging, luring victims into scanning them.

The Dangers of Quishing

The prevalence of quishing is a cause for concern for several reasons:

1. We have become increasingly reliant on our mobile devices for various tasks, making us more susceptible to falling victim to such scams.
2. QR codes tend to be perceived as trustworthy and convenient, leading many individuals to scan them without hesitation.
3. Quishing can occur in a wide range of scenarios, making it challenging to detect and prevent. Cybercriminals can exploit our curiosity or sense of urgency by creating QR codes that promise exclusive offers, discounts, or important information.

As the world becomes increasingly reliant on QR code technology, experts fear that quishing incidents may rise even further in 2024. The projected growth in QR code payment systems, with global expenditures expected to exceed $3 trillion by 2025, presents vast opportunities for fraudulent QR code schemes such as quishing.