"Quishing" (a combination of "QR code" and "phishing") is a type of scam using malicious QR codes to lure victims to fake websites, install malware, or carry out unwanted transactions.

Instead of suspicious links in emails or messages, scammers cleverly exploit QR code images, a tool that many people trust and use daily.


👉 Common "Quishing" tricks:

- Fake QR codes in public: Overlapping or replacing payment QR codes, information at restaurants, bus stations... with codes from perpetrators to steal money when users make payments.

- QR codes in phishing emails and messages: Impersonating reputable organizations sending notifications with QR codes leading to websites that steal login information or request money transfers.

- QR codes on fake products and documents: Printing perpetrators' QR codes on counterfeit goods, virtual lottery tickets, fraudulent documents to lure users into accessing dangerous websites or providing personal information.

- Man-in-the-middle attacks via QR codes: Interfering with the scanning process, redirecting users through a data-collecting website before reaching the real site.


👉 Victims of "Quishing" may face serious consequences, including:

- Stealing personal information: Leakage of name, address, phone number, email, social media accounts.

- Losing money in accounts: Information theft regarding banking, credit cards, and unauthorized transactions.

- Devices infected with malware: Installation of spyware, viruses, and ransomware.

- Becoming a victim of other types of fraud: Stolen personal information can be used for more malicious purposes.


👉 To contribute to prevention, deterrence, and effective combat against this type of crime, the Cybersecurity and High-Tech Crime Prevention Department of Hanoi Police recommends that the public should:

- Check carefully before scanning QR codes: Always verify the source and validity of QR codes, especially with strange or overlapping codes.

- Carefully observe the surrounding environment: At payment points, ensure that the QR code has not been tampered with.

- Be cautious of unusual offers: Avoid scanning QR codes accompanied by overly attractive promotions.

- Carefully review the URL after scanning: Ensure the web address starts with "https://" and is the correct domain of the organization.

- Use safe QR code scanning applications: Consider using apps that have the function of warning about harmful links.

- Update security software: Ensure devices are protected by the latest antivirus software.

- Limit sharing personal information: Be cautious when providing information after scanning a QR code.

- Report signs of fraud: Immediately notify authorities if suspected of being scammed.

#scam #quishing