Phishing came first and it can be used as an umbrella term for online phishing, but often it is done via e-mail. When fraudsters started to call their targeted victims, vishing was added, which stands for voice phishing – that is phishing using the voice as access point via a phone call. This year the number of fake text messages has also risen sharply – this is called smishing.
”It’s not important which method is used – but it’s important to be alert when you receive an unsolicited e-mail, telephone call or text message asking you to act or do something,” says Amalia Krantz, fraud expert at Nordea.
Fraudsters are finding new methods all the time, and now it is time to add yet another ”ishing” method. This is quishing where the entry point is a QR code.
A QR code can include various types of data, but it is most often a link presented as a square bar code you can scan with your phone. It can be used for various purposes, for example:
”The QR code stands for Quick Response and is often quicker and in some cases it also increases security. For example when you scan a QR code to log in instead of typing your personal identification number,” says Amalia Krantz.
Fraudsters can use QR codes to guide us to a fraudulent website, which looks genuine. Here they will try to phish information or get you to use some type of security solution. If you scan a QR code it is important that you carefully check the website you were directed to and think before you act.
Exactly as we have learnt to be careful not to click on unknown links, we need to be aware of QR codes as they are also links. The difference is that we can see a link and try to assess the authenticity – but we cannot do that with a QR code.
Exactly as in the case of phishing, vishing and smishing, this is a point of access for fraudsters. And no matter whether it is via e-mail, phone, text message or now a QR code, we should use our common sense and be suspicious when someone contacts us unexpectedly and asks us to act in some way. This can be any form of online phishing where fraudsters will try to get information or get the person to use a security solution.
”A good rule of thumb is to consider who has taken the initiative. If you for example want to log into a website or swish a recipient, QR codes are easy to use. But if you receive a QR code unexpectedly and is asked to act, you should be suspicious and think before your scan. It may be a fraud attempt,” says Amalia Krantz