© Unsplash/Albert Hu
As recalled in an article from our colleagues in Le Figaro, the French have integrated QR Codes into their daily lives with confinement – and since then, their use has continued to increase. It must be said that they have become a necessary step for, for example, paying for electric charging at terminals or parking – or consult the menu in a restaurant.
However, they turn out to be very (or even a little too) easy to exploit by pirates. Indeed, these QR Codes are generally used as simple ways to enter a hyperlink more easily into your smartphone. But since it is a code, it is practically impossible to know which page you will land on.
How to protect yourself against “quishing” ?
We trust them more easily, and hackers have understood this: they edit their own codes which they paste on top of legitimate codes. All this to direct their victims to a phishing page – in other words a page containing all the codes of the service, whose identity the hackers are trying to usurp.
Enough to allow the collection of users' banking or personal data; which could potentially lead to theft of large sums of money. This worrying practice now has a name: “quishing”. And there are in fact few really effective ways to protect yourself.
A priori, when it comes to’ a QR Code affixed to an apparently official document, such as a notice of violation, we can verify that the page linked to the code has an address whose domain name is indeed .gouv.fr. But for services like charging stations or parking stations, verifying the legitimacy of a given code can be more complicated because of the increased variety of actors.
To remedy this, either you need to know the local offering with the name of each company operating in the city and their official internet address. Either you must use mobile antivirus software integrating an agent against phishing. This real-time service blocks sites that have been flagged (or detected) as malicious.
As a result, your smartphone becomes unable to open corrupted QR Codes. The Bitdefender Total Security suite allows you to benefit from this type of protection – which can rely on a special VPN on iPhone.
- After SMS and emails, phishing campaigns have a new particularly pernicious attack surface: QR Codes.
- Affixed to charging stations, fake PVs and other dangerous locations, they trap a worrying number of Internet users – rather confident in the security of these codes.
- However, they only turn out to be simple links to a page, and do not contain any security mechanism. even limit abuse.
📍 To not miss any news from Presse-citron, follow us on Google News and WhatsApp.