Fraud with QR codes Quishing: how to protect yourself
The most important facts in brief
- New scam from cyber criminals: Fake QR codes
- Be careful with codes sent by post, charging stations for electric cars and on "fake" parking tickets
- Only scan a QR code if you are sure it is genuine
QR code: What is it actually?
QR is the abbreviation for Quick Response. Complex information is displayed in abbreviated form so that users can access it quickly. Barcodes or barcodes work on the same principle.
Quishing is a scam in which criminals manipulate QR codes in order to obtain sensitive data such as credit card information.
Fake letters from banks
Requests for payment as fraud attempts by e-mail are not new - although rarely with a QR code. Recently, criminals have been sending their text printed out with a QR code and sending it by post.
Be careful when you receive letters from banks. The fake letters often address you as "Dear account holder", but not with your real name.
You can read more information about this scam on the Lower Saxony Criminal Police Office website.
Bottle QR codes on electric car charging stations
Fraudsters cover the real QR codes with fake ones that lead to deceptively genuine websites. Drivers of electric cars who want to pay for their charging process using a QR code at the charging station are unwittingly disclosing their account details.
The ADAC advises, among other things, not to scan a pasted-over QR code. If the charging station has a display, scan the code there. In most cases, charging stations can also be used with an app or charging card from another provider. You do not have to scan an existing QR code.
Fake parking tickets on the car
Public order offices in some municipalities or cities offer drivers the opportunity to pay their parking tickets directly. This is done via a QR code. Here too, criminals exploit this method by attaching fake tickets with false QR codes under the windshield wipers of cars. Check the ticket very carefully. Are you unsure whether it is genuine? Then check with the police.
Protection against quishing
- Be vigilant: Do not scan the QR code without checking it if you are supposed to enter payment details. Be sure to check the Internet address to see if it is the address of your bank.
- Do not open content automatically: If possible, switch off the function for opening a scanned QR code immediately. Some QR code scanners display the link first: If the source is abroad, this can be an indication of a malicious QR code (for example ".ru"). Caution is also advised with short links, as the actual destination of the link is not displayed.
- Contacting the bank: Do you doubt that the letter and the QR code on it are genuine? Do not use the contact details given on the letter, but research them yourself.
- General formulations: Be careful if a letter uses a general form of address ("Dear account holder").
- QR code pasted over: If the QR code on a charging station is possibly pasted over, do not scan it. If, for example, a charging station has a display, the code should be scanned from there.