15-01-2024 15:53

Are you on top of quishing? A new fraud method

We have phishing, vishing and smishing. Now we also have quishing. This is a new fraud method where the fraudsters now use a QR code.
Customer using smart phone to scan QR code

Phishing, vishing and smishing – what is what?

Phishing came first and it can be used as an umbrella term for online phishing, but often it is done via e-mail. When fraudsters started to call their targeted victims, vishing was added, which stands for voice phishing – that is phishing using the voice as access point via a phone call. This year the number of fake text messages has also risen sharply – this is called smishing. 

Amalia Krantz, fraud expert at Nordea.

”It’s not important which method is used – but it’s important to be alert when you receive an unsolicited e-mail, telephone call or text message asking you to act or do something,” says Amalia Krantz, fraud expert at Nordea. 

Fraudsters are finding new methods all the time, and now it is time to add yet another ”ishing” method. This is quishing where the entry point is a QR code. 

What is a QR code?

A QR code can include various types of data, but it is most often a link presented as a square bar code you can scan with your phone. It can be used for various purposes, for example: 

  • To reach a specific website. It is quicker to scan a QR code than to type the web address.
  • To log into a website you get the option of scanning a QR code with your Mobile BankID app and then enter your pin code. 
  • To swish a specific recipient you can scan a QR code instead of typing the recipient’s number. 

”The QR code stands for Quick Response and is often quicker and in some cases it also increases security. For example when you scan a QR code to log in instead of typing your personal identification number,” says Amalia Krantz. 

How do fraudsters use QR codes?

Fraudsters can use QR codes to guide us to a fraudulent website, which looks genuine. Here they will try to phish information or get you to use some type of security solution. If you scan a QR code it is important that you carefully check the website you were directed to and think before you act. 

Exactly as we have learnt to be careful not to click on unknown links, we need to be aware of QR codes as they are also links. The difference is that we can see a link and try to assess the authenticity – but we cannot do that with a QR code. 

How can you protect yourself?

Exactly as in the case of phishing, vishing and smishing, this is a point of access for fraudsters. And no matter whether it is via e-mail, phone, text message or now a QR code, we should use our common sense and be suspicious when someone contacts us unexpectedly and asks us to act in some way. This can be any form of online phishing where fraudsters will try to get information or get the person to use a security solution. 

”A good rule of thumb is to consider who has taken the initiative. If you for example want to log into a website or swish a recipient, QR codes are easy to use. But if you receive a QR code unexpectedly and is asked to act, you should be suspicious and think before your scan. It may be a fraud attempt,” says Amalia Krantz