QR codes in emails? Watch out it could be part of a 'Quishing' scam

Tuesday, October 3, 2023
RALEIGH, N.C. (WTVD) -- A new email scam campaign is using QR codes to get your sensitive information.

It's called quishing or QR phishing and security experts say it's when fraudsters launch email campaigns that appear to have legitimate QR codes, but if you scan the QR code in that scam email, embedded is a malicious URL that will lead you to websites that contain malware or websites designed to steal your personal or financial information.
[Ads /]
These emails typically come from what seems to be a well-known company or brand, instead, they're just copycats and that's what makes quishing so successful. Many of these fraudulent QR codes lead you to believe you will get a discount or special offer.

In efforts to try and protect yourself from falling victim to this scam, security experts say you should preview the URL before accessing the link. If the URL is unreadable, use caution.

MORE TROUBLESHOOTER: USAA offers help to those affected by potential government shutdown, but watch out for scammers
[Ads /]
If you click on the link from the QR code, look for spelling and grammatical errors. If the site is not secure, that's often a sign it's a bogus website.

"You're going to want to look for the lockbox icon in the left corner of the URL and also see if it starts with an HTTPS. Of course, the HTTPS stands for secure. If you see that and the lockbox icon, that's generally a pretty good sign that you're on a safe website," Nick Hill said with the Better Business Bureau



If you do scan a fake QR code, change your passwords to the accounts you may have given scammers access. Also, take steps to secure any of your financial accounts. Setting up two-factor authentication on your accounts also helps protect your accounts. You can also set up fraud alerts for extra protection.
Copyright © 2024 WTVD-TV. All Rights Reserved.