These days, it seems we all get a fraud threat at least once in 24 hours.  Take your poison – from a text, to an email, to a call.  Regardless of your age or gender or income, you would be targeted and can be a victim if you’re not careful.

Previously, we were warned about phishing, or the practice of sending fraudulent emails and texts made to appear to come from a legitimate and reputable source.  Just the other day, I got a text telling me that my Maya account was blocked and I needed to log in to verify my account information.  

Since I am a Maya user, it made me pause and good thing I checked the website address again.  When I looked closely, it was not paymaya, but payamaya.  Most people who become anxious on receiving the text may miss this, click the link, and give fraudsters the opportunity they are looking for.

And just when we were clued in on phishing, vishing came along.  This is a more active form of fraud because with vishing (short for voice phishing), victims receive phone calls or voice messages to trick them into providing sensitive information including log in credentials, credit card numbers, or bank details.  I personally know of several whose Facebook accounts were hacked as a result of vishing, which led them to lose money and for their family, friends and clients to also be targeted and suffer financial loss.

Now there seems to be a new fraud trick going around town known as quishing. This rising cyber threat uses QR codes so victims will download malicious software or disclose important information.  Fraudsters create fake QR codes which when scanned will lead users to harmful websites.

With the increasing use of QR codes for payments, promotions, and information, this is something we all need to guard against.  Here at home, many stores now prefer to accept payment via electronic wallets using QR codes.  Overseas, restaurants prefer you order from a digital menu available when you scan their QR code, and some even insist you also order online, as well as pay for your meal online.  

As QR codes become more and more a part of our everyday lives, no wonder cybercriminals now want to use them as bait or hook or both. Wherever you are in the world, it won’t hurt to be cautious of QR codes from unknown sources to avoid falling victim to these scams.

How to protect yourself?

Start by verifying the source.  You should always confirm the origin of the QR code. Be cautious of codes from unsolicited or unfamiliar sources, especially those with tempting offers like free Wi-Fi, or redeem a gift.

Make sure to also preview links.  Most use their phone camera when scanning a QR code, and security professionals suggest you download a secure QR code scanner that shows the URL before you click.  This way you can check the website address before proceeding to access the site.

Stay alert with your phone camera.  Avoid scanning QR codes found in public spaces unless their purpose is clear, for example, to complete an immigration card.  Just think of all the information stored in your phone.  You would not want anyone else, including cybercriminals, to access them right?

Scanned and about to be scammed?

Let’s say you have scanned the QR code and something does not feel right, then it could be that you have encountered quishing.  Do not panic because you can still prevent becoming a victim.

Do not share any private information.  If you scanned a QR code and it asks for personal information, consider closing the page immediately.

Report suspicious activity.  Make sure to notify the relevant authorities about any suspicious incidents.  If you have shared information that may be used against you, consider blocking your bank card, credit cards, and changing the passwords to your accounts.

Whether fraudsters use phishing, vishing, or quishing, their goal remains the same: to steal sensitive information like passwords, financial data, or other personally identifiable information. Scammers can then use this information for identity theft, financial fraud, or ransomware, so always stay vigilant and cyber-safe!