SALT LAKE CITY — You’ve heard of phishing, which is when scammers send emails or text messages in an attempt to steal personal information, hoping you’ll click a tainted link.
Quishing is just that, but all it takes is a scan of a QR code.
“They want to get into your phone, into financial accounts, maybe your email, which is very powerful,” said cybersecurity strategist Jean-Paul Bergeaux. “If they can get your email, they can get into almost anything.”
Bergeaux warned that if you get a QR code through text or email, consider it invalid and don’t click. But if you’re out in the real world and scan one, he said, “Before you click it, look and see what that little glimpse looks like on the camera. Is that the link I expect it to be? Before I click on it? Scammers love that a lot of people don’t pay attention to that.”
Because QR codes are so ubiquitous, anyone can slap one anywhere, so think twice before you pull out that phone.
“Does it look like it’s something that’s taped over and not the original one? Does it look like it’s frayed, been tampered with in any way? Look for that evidence physically if you’re going to scan one,” explained Bergeaux.
How cryptocurrency works and how to avoid scams:
But should you click a nefarious link from a QR code, how can you tell you’ve been compromised?
“If things start flashing on your screen, if you see something installed or you maybe have a suspicious-looking website that you don’t realize where that came from, those are some of the telltale signs,” said Bergeaux. “Your phone is starting to operate really slowly and not normal; something funky is going on, all of those things are the typical telltale signs.”
While QR codes are convenient, Bergeaux recommends that sometimes it’s best to do things the good old-fashioned way.
“Utility companies and several different types of companies have issued warnings saying, we don’t use QR codes, don’t click on QR codes thinking it’s us,” he said. “I recommend if you know how to get into your bank and your utility company, and you don’t need to use a QR code, don’t use one, go to it manually.”
If you are hacked after scanning a bad QR code and can’t get into your phone, talk to your cell provider to help you recover it.
Even if you find that scammers have gotten into a seemingly insignificant account, Bergeaux advises resetting your passwords for your most important accounts, including email and banking, and staying ahead of the bad actors by using two-factor authentication and regularly updating your phone.
