Danger from QR Codes: How to Protect Yourself from "Quishing"
What was once considered a practical technique is increasingly becoming a threat: QR codes can be manipulated and misused for cyberattacks. The method is called "Quishing" – a new form of phishing where fake QR codes lead to data theft or malware. ERGO digital expert Alina Gedde warns of the risks and explains how to protect oneself.
What is Quishing?
The term combines "QR" (Quick Response) and "Phishing." Unlike traditional phishing emails, the attacks here work through a scanned QR code. "The insidious part is that QR codes are not automatically checked by antivirus software," explains Gedde. "Many people scan thoughtlessly – making it particularly easy for fraudsters."
How the Attack Works
The perpetrators place fake codes on posters, in emails, letters, or in publicly accessible places. After scanning, users land on deceptively real-looking sites that prompt them to enter sensitive data such as passwords, bank details, or credit card information. In some cases, a harmful download starts immediately.
Typical baits: package tracking, voice messages, parking meters, or payment requests. The goal is usually access to online banking or personal data.
Warning Signs and Protective Measures
QR codes in unusual places or those that cover existing codes should raise suspicion. Caution is also advised with emails or SMS from dubious senders—especially if they urge quick action.
After scanning, users should pay attention to the web address: If the HTTPS encryption is missing or the URL contains typos or unusual domains, the process should be aborted. Under no circumstances should personal or financial information be entered on such sites.
Gedde advises scanning QR codes only from trusted sources and checking the target address if possible. Many scanner apps offer a preview function. Current security software on the smartphone also helps to minimize risks.
What to Do in Case of Suspicion
If there are doubts after scanning, the process should be immediately aborted. If data has already been disclosed, Gedde recommends: Change passwords immediately, inform affected services or banks, and if necessary, file a report with the police. A complete check of the smartphone for malware and unwanted apps is also advisable.
(Red)
This article has been automatically translated, read the original article here.
Du hast einen Hinweis für uns? Oder einen Insider-Tipp, was bei dir in der Gegend gerade passiert? Dann melde dich bei uns, damit wir darüber berichten können.
Wir gehen allen Hinweisen nach, die wir erhalten. Und damit wir schon einen Vorgeschmack und einen guten Überblick bekommen, freuen wir uns über Fotos, Videos oder Texte. Einfach das Formular unten ausfüllen und schon landet dein Tipp bei uns in der Redaktion.
Alternativ kannst du uns direkt über WhatsApp kontaktieren: Zum WhatsApp Chat
Herzlichen Dank für deine Zusendung.
