E-News | Defend Your Data: Beware of ‘quishing,’ scams involving QR codes

Quick response codes have gained popularity because they are free, easy to create, and a convenient alternative to a long or complicated web address. They are also being used in a new form of cyberattack called "quishing."

Criminals use QR codes to distribute malware or direct victims to fraudulent websites intended to steal personal information or data. These scams are deceptive because it can be difficult to distinguish a legitimate QR code from a malicious one, and email security systems often fail to detect image files.

Information Technology Services offers the following three tips to protect against this growing threat:

1. Consider the source. If you come across a QR code in a public place, or receive it via text message or email, pay attention to the details. Are you affiliated with or located in a company or institution that you know and trust? Does the business normally depend on QR codes?

2. Only scan trusted codes. Make sure the code you are about to scan has not been altered, such as if a sticker is applied to an original document.

3. Preview the destination. Make sure to preview where the QR code will take you. Before you tap the URL, take a close look at it and make sure it's secure: the QR code should start with https://. Cybercriminals often use URL shorteners to trick you.

Get more information at DefendYourData.wvu.edu and forward suspicious emails as an attachment to DefendYourData@mail.wvu.edu. Employees can also use the Report Message button in Outlook.

Leave a Comment


No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *