Officials have now issued a red alert due to a rise in malicious 'quishing' attacks, warning iPhone and Android users to be wary of any and all QR codes they're scanning as it could lead to your personal information, or even your bank details, being exposed to criminals.
You have to be extremely careful when using the internet, as while there are more protections than ever before in the technology and gadgets that we use, hackers and cybercriminals are creating new ways to access your data.
Attacks using Google Maps data to pinpoint your location and extort money out of you are just the tip of the iceberg when it comes to online scams, yet one particular form of malicious misdirection has risen in popularity in the United Kingdom.
What is quishing?
Quishing is a particular form of phishing attacks that use fraudulent QR codes to lead people to websites that aim to steal anything from personal information to banking details, and it costs people millions every year.
It is a particularly effective form of cyberattack as there's no way for you to tell whether a QR code is malicious before you scan it, as they look the same regardless of whether they are authentic or not.
Advert
Instead, it requires adept eyes and caution from the user themselves, but it's easy enough for many to fall into the trap and blindly trust a QR code.
What have officials warned about quishing attacks?
As reported by the Mirror, UK fraud and cyber crime reporting center Action Fraud has outlined a major warning to iPhone and Android users to be aware of quishing scams across the UK, claiming that they are 'on the rise'.
"QR codes are becoming increasingly common in everyday life, whether it's scanning one to pay for parking, or receiving an email asking to verify an online account. However, reporting shows cyber criminals are increasingly using quishing as a way to trick the public out of their personal and financial information," Claire Webb, Acting Director of Action Fraud, explained.
As mentioned, it's generally very difficult to spot a quishing attempt before you scan the code, but there are a number of different things to stay secure and avoid any dangerous attacks.
How to avoid quishing attacks?
Action Fraud has outlined a number of things that you should be aware of to help minimize the risk of a quishing attack, and it starts before you get your phone out to scan the code.
If scanning a QR code out in an open space, it's always best to practice caution and ensure that there haven't been any fake codes placed over the real version, as this can dupe many into scanning something that they weren't supposed to.
If you ever doubt whether a QR code is real or not, it's best to head to the website directly through your phone's browser as opposed to scanning the code, as then you can guarantee its authenticity.
Additionally, it's always best to use the QR code scanner built into your device as opposed to any third-party apps.
QR codes in emails also pose a risk, especially with how easy it is for bad actors to dupe an official email address, and again it's best to communicate through direct means outside of the QR code if you're unsure.
One area that Action Fraud indicates to be largely safe is QR codes inside pubs or restaurants. These are typically used for digital menus or to pay for your meal, although once again, it's always a good idea to check whether something hasn't been placed over the original code, especially if you're submitting your bank information.