Topic: Beware of QUISHING (Read 256 times)

Seriously the Malwares threats in the internet has been too much and when we are being compromised of your Privacies and looses our digital valuables, we either don't know how in earth it happened, sometimes we think it could be the one person who we handed out device that is responsible for it while it is not. Could literally be that we are blindly responsible of it.

Let us appreciate the educational systems of todays that tends to highlight and exposes these varieties to how these malicious occurances could happen unknowingly to us and revealing how we can avoid them.

Actually this QR Scanning Code system is sometimes as a result of users just being lazy to personally go through the web link addresses by themselves probably because the alphabetical and numerical data of the file seems too lengthy to be inputted one after the other meanwhile the QR code help to log on faster.
This is as a case of being greedy and the eagerness to quick riches which leads to the hands of scammers.

The QR code actually works in a malware that when used the deceptive QR code, it compromises your device Privacies according to how vulnerable your device security features are.
There are certain protective security features that detects malicious domains which prevents the scammers project to intercept on your privacy.
If if your device security is vulnerable and you get on this stuff. Your data's would be liable to invade on and would automatically redirect your your operating system towards their malicious domains where they harvests your funds, collects data's or even redirect you to install their own corrupted apps and as much your device has the malicious app is how much they takes control of your device software.

It has been advisable to verify a source to the QR code before proceeding to use it and to be careful of access granting permission from our devices. This is relatively to when we uses the public WiFi, we also standout to stake our device privacies while scamming invasion remains the watchwords.

That's a new word I learnt today. I was aware of phishing and I was aware of people manipulating QR codes but didn't know that a term exists for this.
In my country, I have read in news that some people were quishing such that they sticked their own QR codes on top of QR codes in public places, local shops etc...
Thus, there were earning in thousands every day and so people are adviced to double check whom they are paying to avoid such fraudlent transactions.
The same goes with everything and we should double check everything we scan from our phones.

As we enter the new year, we need to be cautious of these new scams. I know one way I can QR codes is when it's gateway to join a  group chat for investment opportunities or something I like. It's easy to get carried away by the promise of quick gains or the latest crypto coin trends.

However, we must be careful not to innocently join harmful groups. Even if a friend shares something that seems harmless but require scanning with the knowledge of quishing, I'm going to double-check the authenticity of the QR code and the person who sent it. Anyone can be a victim of scams, and it's better to be safe than sorry.

Let's be watchful of the group chats we join through scanning QR codes we scan. A little caution can go a long way in protecting ourselves from these latest scans this year.

This is a new term with me too.

What is quishing?
According to Wikipedia, it is a relatively new trend in online scam.
It is a new trend in 2023 and 2024 according to this report,l and others from [34-38] references cited by Wikipedia.

This is the first time I heard of Quishing. So, here's another newborn word.

I don't know if this is available to all phones, but when I open my camera on a QR code, it indicates where it leads me. I've used this a handful of times to verify QR codes. But aside from this, is there a standard way to know what the QR is all about? We aren't necessarily asked to confirm that we're about to enter this and that site, for example, each time we scan QR's, right?

I'm not really a big fan of QR. Even in paying or depositing, I prefer the old manual version of making inputs. Perhaps I'm just used to the old and somehow inconvenient way of doing things, but it seems more secure. You're allowed to doublecheck and verify.

Whenever we download an app and we agree to the terms that they have like the usage of our information and data, it's possible that the app itself might be able to use our camera or hear our voices. This is what google and facebook do to our devices. But as for getting direct usage for our camera just to scan their QRs and have some camera effect, I don't think that it's possible. And for a user to be forced or get exploited by a hacker to penetrate into our apps and devices to get important details like private keys or any files, they have to make us download their malware first or connect to their fake wifi connection.

That's why everyone needs to be watchful with what they scan. Like those flyers and ads that says "scan for more info" they might be legit but who knows if some cons takes a swap of those ads with their ill intent to the victims.

And that is the reason why we need to be safe with our practices and don't be like those people that easily scan things that they see.

Obviously, these cons would definitely take advantage of the whole thing as it is that the QR code scanner is now becoming very rampant and people are beginning to use it very much as a result of its ease and speed to connect with the payment gateway. People just like things of this nature that  does not stress them that much and mostly they do not really verify anything they just quickly use them because they hear it is a hot cake without taking time to see for themselves reviews about it.

This is a major threat that people can easily fall for because it is not easy to notice a malicious website or app from the QR code unless it is scan and by then it would have already been too late. Unfortunately, there is a boom in QR code now, even in leisure centers and train stations, they are there which makes it a very challenging situation.  One way to avoid this is to only scan QR codes from trusted sources and completely avoiding random ones. There should be other ways of protecting oneself from this kind of security threat which I'm willing to learn from others.

What I read about QR code scam is done when the scammer change the QR code to his own. This is common to those physical QR codes and not the digital ones. But if someone download a fake wallet, definitely the QR code belong to scammers. But as for a legit QR code to be changed to hackers code, it is not easy. Even QR code is safer than just copy and paste of addresses.

Wow thats a very long response to a lot of users. But I did appreciate your answer. I get it thats not gonna be easy to scam too as the hacker might need couple of of things needrd beforr succesfully infilitrated the account of yours. However does this kind of QR, also present from some apps that are usable for example a camera effect app? Or something that normal user do and exploited by a hacker for getting some info such as private key?

This is fine if you are using it to yourself because you can check it out and the authenticity of where it is directing you upon scanning the QR code of your own wallet. And about checking the authenticity of a product, it's also true that this system is being used by those companies for their consumers to see the validity of the product that is bought by them. Seems you have no problem with it and you should be fine using QRs as long as you're aware of it and you have some good practice by using it.

If you don't know the source of the QR, you should be fearful and if you are someone that just random scans everything, you have to be careful.

The convenience is there upon using QR codes but the scammers/hackers are also taking advantage of it. So, if you are someone who is not aware of these scams that are circulating in the space, they're targeting you. But as long as you know how it works and you're always vigilant with the QRs that you are scanning then you'd probably be safe. Because one thing for these QRs is possibly can make you download automatically the contents that are tools for them to actually hack someone's device.

You're right, I am aware of these qr code swaps that happen mostly in these establishments where the robber swaps their qr for the payments of the customers. But this is pretty much the same as quishing IMO. I haven't been into restaurants that requires their customers to scan for the menus, that sucks and time consuming to be honest.

Yup, that's what we can do. To remind our families and friends and the community that we are in to be careful of such. Little did they know that the qr codes that they're scanning could lead to their potential losses and other troubles that they don't want to get in.

I agree, don't just scan random qr codes for entertainment but I see this happen sometimes that there were people out of curiosity want to try it. And that's a good choice about scanning the QR to know what's in it, do you have any application in suggestion for that task?

That's why if there are some apps that can be used in scanning those QRs revealing what's the link or app behind it will be useful but I don't know any nor used one. Waiting for some suggestions and we'll put it up on the OP for others to see it since not everyone will read everyone's reply here.

People who barely use it are pretty much safe and those who are just typing the words or links that they often visit. But the trend might go there that people will use QRs from time to time because it's quicker and more convenient for most and these cons are going to take advantage of it.

That's probably one start of it, any technique that's built within it is going to have some time to understand that they can do it also for harming others and stealing people's money. If it's just for referral hunting, that's annoying but it's way finer than of robbing people through it.

I think the curiosity of someone that has been redirected to a fraud website through a QR will stick for a couple of seconds or minutes trying to explore around. And that's when the user is likely to get victimized by that con. You'll only get robbed or scammed unless you pursue to what they instruct to do based on the fake websites alone like signing up of keys/seeds or much worse if it's redirected to an automatic downloading files sharing website that contains a malware. So, there are still some steps before someone becomes a victim but hopefully none will be from here or from the other platforms.

They always reinvent and try to use the innovation that's happening in the corner. That's why they upgrade and so as the technology and we as users and consumers, we also need to be aware of these trends even if it doesn't sound too techy for some but the majority are from normal to average type of users of these QR codes.

Most of the QR codes that I have tried to scan before always directs me to the links that they are supposed to direct me and all of them opened automatically. So, maybe I'd test it out with some other qr code scanner that I haven't used. But I hope that the QR code scanner developers will make some features like this to protect their users too.

Good for you if you don't typical scan qr codes. But at some point, you'd probably be sure to try it out when time permits or some transactions you have personally asks you to do so. And yet, as you've said, you also need to be careful about it.

Exactly, that's how it goes as it can be used for various techniques by these people that takes advantage of the people that don't know how their gimmicks are. Stay safe!

Mostly, they are going to use some fake or dummy accounts for receiving it that have generated the fake QR code for payment but like you guys have mentioned, it's just one of the many ways these cons are using quishing for these harmful purposes they have.

Sounds weird but yeah this is actually happens. I saw similar incidents here my local where QR codes that needs to scan for payment in local stores where changed, probably directly to scammer's payment method, it might sound stupid because they can expose their own info when the victims successfully sent a payment since some info like names are shown in the app after payment but they can just make a fake names and info on that.

Well, if someone sent me a qr code is I don't scan it with the app it requires to scan. I came across this kind of phishing on X (formerly twitter) where the scammer used qr code where it tells that you will earn money but if you scan the qr code is it will ask to send crypto to a wallet address with the amount that the scammer set. If I don't want to use the app is I use online qr code scanner to see what the qr code contain to make it safe.

Any scam that happens with Fiat has its own equivalent in cryptocurrency. And as Bitcoin is already getting global adoption and recognition,these scams will continue to increase.

Quishing scams I learned is not new as even it happens in parking meters.

I don't scan QR codes for any payments. I can say that I am safe but I those who use QR codes and have to scan to make payments and are not aware of this are not. Those who we feel don't know about this should be informed.

Do not scan QR codes absentmindedly. And be vigilant when scanning a new QR code for the first time. If it doesn't feel right, stop the transaction.

The severity of this phishing attack depends on the QR-code scanner (app) you are using.
Any decent app will easily recognize the valid URL but will not open it automatically. It will decode the image, display the URL (or whatever data it finds) in plain text and then ask you if you want to visit that link.
QR codes, as any other technology, are supposed to make our lives easier but we need to be careful when dealing with them. Just don’t scan random codes and if you do, make sure to decode it to see the data it stores in plain text.

Criminals have a way of exploiting any liphol in any development, and not only is cryptocurrency one of the most focus points of exploitation other financial activities too are sometimes victims of those criminals too like the bank account hack through information stolen from victims' phone, this have been around for a while now and QR code scanner and it development is no thought a possible exploitative means to hackers too which mean one can actually scam a virus inflicted QR codes and get device effected.


At this point we all need to be careful and should scan only codes from authorised dealers and not scan any random codes most especially when it comes from online third party services, I also have not scan a cryptocurrency address before and anytime I want to send a coin I copy the address directly and recheck to see before sending coins.

I see so it works like a normal phishing site too. The only difference is that this one is done via QR code scanning.  Well if were directed to a fake site just dont use it or explore around it. But is there a report that if you scan alone a QR and youll get scammed or robbed based on scanning or nah? Thats too much if its in only scanning were gonna be hack or scam.

To be honest, i have noticed an increase of QR codes related to crypto popping up quite frequently in the last few months.
Before that it was usually someone shilling Pi, but now its all sort of stuff.
I assumed it was just referral hunting, but it might as well be a scam website

This is another sophisticated techniques scammers use to steal from their victims. Many people would easily fall into this because there is no way to verify through the QR code if what they are scanning is legit or fake as it directs them to the website or whatever they are in search of without any warning or sign for them to stop. I really do not scan QR codes from random sites except on recommendations from a reputable member or person who can vouch for such services to be real, legit and genuine before I scan any QR code. To be honest I barely use it for payment or purchase of anything except from the Crypto exchange directly which I am very much sure of or I got a direction from the staff of such organisation using the QR code for their services then I can conveniently use it otherwise I do not make the mistake of using it for some random website.

I have read about quishing sometime ago. I don't think quishing is very common because, the number of people that uses QR code often isn't that massive, compare to those that just prefer to use a direct URL via their browsers, though I can admit that this technic is very helpful to scammers because it isn't that difficult to create and put online or printed on a paper shit.

I have seen several QR codes that are printed on paper, in most cases, with captions that are very attractive or convincing. Personally, I scan QR codes, but from popular products only. And I think one problem with QR is that it doesn't give a preview of the website it wants to take you to, which is why I prefer to scan popular products Instead, rather than just checking out everything with a QR code that comes my way