"Scanning QR Codes: The Preliminary Verification Process"
In a recent warning, the Consumer Advice Centre Brandenburg (VZB) has highlighted the growing threat of QR code phishing (quishing) scams targeting PayPal accounts. These scams use QR codes to direct users to fake websites, potentially compromising login data and endangering accounts.
Erk Schaarschmidt, a lawyer at VZB, advises choosing the payment path yourself for added security. Many smartphones allow users to check the link before opening it, allowing for comparison with the original address. This simple step can help prevent users from falling victim to these scams.
Quishing isn't entirely without warning signs. One common warning sign is the payment method itself. Users should be wary of payments handled outside the platform, as it may be a sign of a scam. Payment confirmations are rarely required in cases of quishing.
Scammers often distribute malicious QR codes via phishing emails pretending to be from trusted companies, fake invoices or bills with QR codes for "fast payment", tampered QR codes on restaurant menus, parking meters, or event materials, and unsolicited packages containing QR codes that lead to fake login pages or malware downloads.
To protect your PayPal account and other sensitive data from quishing scams, VZB recommends enabling two-factor authentication (2FA) on PayPal for both payments and logins. With 2FA, scammers can't access the account without a further confirmation, such as a code sent via SMS or a 2FA app.
In addition, users should preview the URL before following it, verify the source, navigate manually for logins, check for physical tampering, avoid urgent or suspicious requests, and be wary of unexpected packages with QR codes. By combining vigilance about context and source, manual navigation for sensitive logins, URL verification, and security best practices like 2FA, users can significantly reduce the risk of falling victim to quishing attacks.
Recently, a case of quishing was reported where a seller on a used clothing platform was tricked into using a fake PayPal site. The fake PayPal site, which looked almost identical to the original, sent the entered information directly to the scammers. As a result, the seller logged in and several payments totaling over 3,000 euros were made from their account.
Users are encouraged to stay vigilant and follow these security measures to protect their PayPal accounts and other sensitive data from these scams. For more information, visit the VZB website or contact your local consumer advice centre.
[1] [Source 1] [2] [Source 2] [3] [Source 3] [4] [Source 4] [5] [Source 5]
Technology plays a crucial role in personal-finance, and cybersecurity is essential to protect it. In the wake of the growing QR code phishing scams, it's advisable to be cautious about payments handled outside the platform for added cybersecurity. Enabling two-factor authentication (2FA) can significantly minimize the risk of falling victim to these attacks.
