Our customers tell us we’re genuinely different to other IT companies.
Get in touch today to find out more.
Or call us today on 01225 426 800
It is without a doubt that over the last 2 years, every individual and business has had to adapt to the seemingly never-ending challenges caused by the pandemic.
As the pandemic forced us to remain inside and minimise contact with one another, we saw many technological and digital changes, including the adoption of remote working, increased app usage and retail businesses shifting from brick-and-mortar stores to e-commerce platforms.
However, one of the most interesting technology trends we have seen since early 2020 is the resurgence of QR codes.
Although most think of QR codes as a recent phenomenon, the square black and white barcodes were actually developed in 1994 by Denso Wave – a division of Toyota – to track automobile parts during the assembly process.
As the smartphone began its world dominance in the mid-to-late noughties, QR codes entered the mainstream as the general population had a way to scan them with their smartphone camera.
However, QR codes seemed to have died their death by 2013.
Or so we thought…
As we adjusted to living in a contact-free world to prevent the spread of C-19, QR codes presented the perfect, touch-free solution for many contact or face-to-face actions.
From ordering food, paying bills, and getting more information to checking into venues, QR codes have since been readopted across the board and are once again commonplace in most public spaces.
In a survey by Statista, it was reported that 46.75% of consumers in the UK and US either agreed or strongly agreed that their use of QR codes increased since the beginning of the pandemic.
As with anything rising in popularity, scammers are taking the opportunity to exploit the trend and target unsuspecting businesses and individuals. With the latest scam is unfortunately known as ‘quishing’ – a form of a phishing scam.
Traditionally, a phishing email is sent from a scammer pretending to be a trusted contact or authority, for example, a colleague or bank.
The email will typically create a sense of urgency and contain a link, which if clicked on, will direct you to ‘phishing page’.
A ‘phishing page’ will be a copy of a login page, such as that of Microsoft 365, social media platforms or your bank/PayPal account.
If you enter your login details on a phishing page, the scammer will have access to your credentials and accounts and could:
As phishing emails increased in popularity, more advanced security measures were developed to identify potential phishing scams and divert them to junk folders to protect users.
With phishing emails containing a link or infected file, antivirus software can analyse links and files and decide whether the email is legitimate.
In a ‘quishing’ scam, the scammer will send an email containing a QR code.
The QR code will link to a phishing page, but as it does not contain a link, it makes it harder for antivirus software to figure out the legitimacy of the email.
The website loaded in step 5 is the phishing site, with the form set to redirect you to the real Microsoft 365 website once you submit your details, giving the impression of a glitch.
Sometimes it can be incredibly difficult to differentiate between a legitimate email and a phishing/quishing scam, especially if the scammer uses sophisticated techniques and masks their email address.
If you’re unsure whether an email is legitimate, use the acronym SCAM to help you determine whether it is or not.
SCAM stands for:
In the ‘From’ field, check the email address that was used to send the email. During this step, make sure to check that the sending domain matches that of the sender. For example, an email from PayPal would come from a PayPal branded email address and not firstname.lastname@example.org.
Another thing to look out for in the sending domain is spelling mistakes. Some scammers will purchase domain names similar to the company they are trying to imitate, e.g. microsft.com or loydsbank.co.uk – both of which are missing characters.
Does the email prompt urgent action from you to provide login details/personal information?
Scammers will sometimes use scare tactics such as a fine or late bill to coax you into supplying your information.
If the email is from a contact you know, ask them if they actually sent it. Make sure to do this via a different communication method, such as face-to-face or a telephone call, as their emails may be compromised.
If they confirm they did send it, then you are safe to go ahead, if not, follow the next step.
If the email isn’t legitimate, inform the sender so that they can secure their account and inform their contacts. You should also make your colleagues and IT department or outsourced tech support aware of the email too.
We hope you found this blog useful and that you are now more confident in recognising a phishing/quishing scam using our SCAM acronym.
As with most things, prevention is better than cure and educating your team on how to spot and react to a cybersecurity threat is key to staying safe online.
Our security awareness training is incredibly popular amongst SMEs and covers every aspect of cybersecurity to ensure your business is protected.
You can learn more about our security awareness training here.