Health & Safety

Health & Safety

Health & Safety

International Fraud Awareness Week

16th November, 2023

by

This week is International Fraud Awareness Week, and a good time to remind everyone about how to protect ourselves from QR Code Phishing Attacks.

What are QR code phishing attacks?

QR code phishing attacks are a type of cyberattack that use QR codes to trick users into visiting malicious websites or downloading malware. QR codes are square-shaped images that contain encoded information, such as a URL, that can be scanned by a smartphone camera. QR codes are often used for convenience, such as accessing online menus, coupons, or contact information. However, some hackers use QR codes to lure unsuspecting users into entering their credentials, personal information, or payment details on fake websites that mimic legitimate ones.

How can you recognise QR code phishing attacks?

QR code phishing attacks can be hard to spot, especially if the QR code is embedded in an email or a document that appears to come from a trusted source, such as your employer, your bank, or a reputable company. However, there are some signs that can help you identify a QR code phishing attack, such as:

  • The email or document contains spelling or grammatical errors, or uses an unusual tone or language.
  • The email or document urges you to scan the QR code quickly, or warns you of negative consequences if you don’t, such as missing a deadline, losing access, or facing legal action.
  • The email or document does not address you by your name, or uses a generic salutation, such as “Dear Customer” or “Dear User”.
  • The email or document does not match the sender’s domain name, or uses a spoofed email address, such as support@cemex.com.co instead of support@cemex.com.
  • The QR code does not have a clear label or description of what it contains or where it leads.
  • The QR code takes you to a website that does not have a secure connection (https) or has a different domain name than the one you expected.
  • The website asks you to enter your username, password, or other sensitive information, or prompts you to download or install something.

How can you protect yourself from QR code phishing attacks?

QR code phishing attacks can be prevented by following some simple steps, such as:

  • Verify the email’s or document’s sender. If you are not sure, contact the sender directly using a different channel, such as a phone call or a text message.
  • Only scan QR codes from trusted sources. If you are unsure whether a QR code is safe, do not scan it.
  • If you are scanning a QR code, before clicking the URL, verify that it matches the legitimate organisation that you are intending to access.
  • Use a QR code scanner app that has security features, such as checking the URL for malicious content, or displaying the URL before opening it.
  • Do not enter your credentials, personal information, or payment details on any website that you do not trust, or that looks suspicious.
  • If you think you may have fallen victim to a QR code phishing attack, immediately change your password and contact your IT Support or Security team.

QR code phishing attacks are a serious threat that can compromise your online security and privacy. By being aware of the signs of a QR code phishing attack, and following the recommendations above, you can protect yourself and your data from hackers.

“Think before you click … plan before you scan!!”