Fraudsters are now using rapid response (QR) codes to begin cyber-attacks known as “quishing“, according to PLDT Inc. and its cellular subsidiary Smart Communications Inc., as their use for online financial transactions expands.
The firms led by Pangilinan issued a warning about QR phishing or “quishing” on Friday, referring to emails or messages sent by con artists that contain dangerous QR codes.
Telcos Warn Public Against “Quishing,” a New Form of Online Scam
According to the Inquirer, scanning these QR codes leads gullible shoppers to bogus websites that trick visitors into disclosing personal information such as login passwords.
“When victims enter their personal data on the fake website, the hackers will immediately capture them and use the information to take control of their various accounts including their digital wallets,” PLDT and Smart chief information and security officer Angel Redoble said.
The warning came as the use of QR codes for e-commerce and other online payments grew, and users became more reliant on digital platforms.
Telecommunications providers warned the public not to share personal identification numbers, security codes, or one-time passwords.
“Remember what our parents taught us about not talking to strangers? This remains true to this day, whether you’re interacting in person or [through] your gadgets,” Redoble said.
In an effort to curb internet frauds, PLDT and Smart recently announced a crackdown on websites linked to text scams.
650 phishing-related websites were blacklisted in the first half.
“Most phishing sites are tucked in the deep web. When cybercriminals have acquired the victim’s personal data, they use this to access the victim’s bank accounts or trade them in the dark web,” Redoble said.
The phrase “black web,” according to Redoble, refers to content that is not easily and entirely accessible via search engines.