QR codes in emails? Watch out - it could be part of a 'Quishing' scam

Tuesday, October 3, 2023
RALEIGH, N.C. -- A new email scam campaign is using QR codes to get your sensitive information.

It's called "quishing" or QR phishing, and security experts say it's when fraudsters launch email campaigns that appear to have legitimate QR codes. But if you scan the QR code in that scam email, embedded is a malicious URL that will lead you to websites that contain malware or websites designed to steal your personal or financial information.
[Ads /]
These emails typically come from what seems to be a well-known company or brand. But in reality, they're just copycats, and that's what makes quishing so successful. Many of these fraudulent QR codes lead you to believe you will get a discount or special offer.

MORE: Romance scammer swindles life savings from widow
Widow moves to Cary to start new life; ends up losing $78,000 of her life savings in romance scam

In efforts to try and protect yourself from falling victim to this scam, security experts say you should preview the URL before accessing the link. If the URL is unreadable, use caution.

If you click on the link from the QR code, look for spelling and grammatical errors. If the site is not secure, that's often a sign it's a bogus website.

"You're going to want to look for the lockbox icon in the left corner of the URL and also see if it starts with an HTTPS. Of course, the HTTPS stands for secure. If you see that and the lockbox icon, that's generally a pretty good sign that you're on a safe website," said Nick Hill with the Better Business Bureau



If you do scan a fake QR code, change your passwords to the accounts you may have given scammers access to.
[Ads /]
Also, take steps to secure any of your financial accounts. Setting up two-factor authentication on your accounts also helps protect your accounts. Plus, you can set up fraud alerts for extra protection.
Copyright © 2024 WTVD-TV. All Rights Reserved.