The security risks we face every day are increasing. As new technologies become established, hackers quickly find ways to abuse them to continue carrying out their attacks. And, in this context, QR codes have also fallen into their clutches. Therefore, it is important that you know how you can protect yourself from the threat they represent.
Quishing is the new practice that hackers are using and that gets its name from QR codes, being a type of technique that is becoming more and more widespread. The volume of risk to which we are going to be exposed to quishing will be proportional to the use we make of this type of code. And, as you can imagine, this is increasingly increasing.
It’s like jumping into the void
One of the problems with QR codes, even though they are a really practical type of technology, is that they put us in a reckless situation. When we read a code, what we expect is for it to load a URL address that we enter to do what we are promised. The use of QR codes is very varied and there are many occasions to use them.
We could read a QR code to see additional information about the product available in a store. For example, these codes are present on some labels in physical stores. That way we have the opportunity to read all the data that we might be interested in knowing before making the purchase. Another option is that the QR codes correspond to tickets that we have purchased for a theme park, the cinema or any other activity. We even found these codes on business cards of professionals with whom we were able to speak at an event. In principle, we never distrust of these codes, but in all cases we are doing the same thing: a leap into the void without any security.
Avoid QR infections
The times when QR codes were a fun novelty and we scanned everyone we met with our cell phone camera have to end. That’s the first line of defense to avoid infections. Security experts recommend users turn their devices into a temple that is impregnable and expose themselves to as few infections as possible. Happily reading QR codes, no matter how much we believe that they do not have any type of infection, is not a good idea.
So, start by avoiding reading random QR codes. Use them when you have them printed in official services or in some type of source that you are sure has not been altered or modified by anyone. You’d be surprised how many hackers they use QR code spoofing in places you apparently shouldn’t be suspicious, like a store window. It’s easy for them: they just have to paste a QR code on top and do it in a way that doesn’t look suspicious. Then, when customers read the code, they will be redirected to a web link that will appear to be real, but will take them through steps that end up hacking their device.
Consider that the interest of attackers who use quishing is the same as those who use phishing or any other similar technique. What they want are the personal data of your services, your credit card number or even access to your bank account. In other cases, they will manage to get you to enter all your private information into a form and then use it to hack your accounts in a convenient way. There are many possible situations in which you may find yourself and that could be very problematic.
In addition to being wary of QR codes, try to activate two-step identification on as many services as you can, as this will limit problems in case you have been hacked. You should also log out of your accounts, update your data, change your passwords from time to time and even delete the accounts of those services that you do not use and do not intend to access again.
Finally, don’t forget something crucial: update your web browser. With mobile phones we sometimes get overconfident and don’t have the applications updated to the latest version, but it is essential that you keep the browser up to date. This will allow you to receive all the security updates that have been made and thus know that the program will defend you as much as possible against different quishing attacks.
Beyond this, the only foolproof way to avoid falling into quishing is not to read any QR code, but it is obvious that it is an interesting technology and that, sometimes, we use it. Also, remember that QR codes not only have to be linked to web pages, but can also lead to other content or elements. Above all, keep your eyes open.