Criminals have discovered the QR code for the “Quishing” scam. After fake letters from credit institutions, fake parking tickets with QR codes are now in circulation. We'll explain what you should pay particular attention to with QR codes.
The Lower Saxony State Criminal Police Office warned about the new “Quishing” scam as early as the beginning of August 2024. At that time, the focus was mainly on letters that supposedly came from banks and credit institutions.
These were supposed to inform about “an important matter related” to bank accounts. They also contained a QR code that the recipients had to use to confirm their identity.
But these were fake codes that criminals wanted to use to steal money or data from their potential victims. So-called quishing – i.e. phishing via QR code – is no longer limited to bank letters. Fake parking tickets and false QR codes on charging stations for electric cars are now also in circulation, as the Federal Association of Consumer Organizations (VZBV) warns.
Quishing: Fake parking tickets with QR codes in circulation
QR codes are an easy way for criminals to deceive their potential victims. Because of the encrypted display, it is not immediately clear what information is stored.
The target website that the QR code leads to is not immediately visible either. To do so, it must first be scanned with the camera of a smartphone. However, caution is advised.
Cyber criminals are taking advantage of this. In the case of fake bank letters, for example, access data for online banking can be obtained. According to the North Rhine-Westphalia State Office of Criminal Investigation, in some cases these QR codes are also used to initiate direct money transfers.
Fake parking tickets and QR codes on charging stations
But it is not just bank customers who are the focus of the new “Quishing” scam. Drivers should also be careful when scanning QR codes in the future.
Cybercriminals are also trying to collect payments using fake tickets with QR codes. In some cities, ticket booths contain QR codes that drivers can use to pay their fines directly.
Criminals are now handing out fake tickets that also contain QR codes. According to the VZBV, this is already known from Berlin, among other places.
Fake QR codes also appeared on charging stations for electric cars in August. Here, too, the criminals are targeting direct payment transactions, as the regular QR codes link to the provider's payment page.
How to protect yourself from “Quishing”
There are a few precautions you can take to avoid falling into the trap of fake QR codes. In general, it is advisable to only scan a QR code if you are sure that it is legitimate.
If you are unsure, you should set your scanner so that it does not automatically open the website stored in the QR code. Instead, display the URL first so that you can check it.
If you have received a traffic ticket and are unsure of its authenticity, according to the VZBV you should go to the police as a precaution and clarify the matter there.
If you receive fake letters from your bank, it may be advisable to contact them by phone. You can then ask whether the letter is genuine or not.
When it comes to charging stations for electric cars, the ADAC advises against scanning QR codes that have been covered up. Charging stations can usually also be used via an app or with a charging card, so you can avoid having to scan a QR code.
Also interesting:
Source: https://www.basicthinking.de/blog/2024/09/02/gefaelschte-strafzettel-qr-code-quishing/