Black Friday bargain hunters are being warned about the perils of a new cyber scam called ‘quishing’ that threatens to provide criminals with a festive windfall as the £9bn shopping bonanza kicks in this weekend.
With people in a rush to secure cut-price goods, experts say they have a reduced vigilance when shopping online that opens them up to predatory online gangs.
And a surge in quishing scams has emerged in recent weeks which use fake QR codes to steal people’s personal data and circumvent traditional internet security methods.
Similar in method to phishing attacks, these seeks to persuade the victim to click on a malicious link which places malicious software onto the user’s device. The attacker can then remotely take control of the user’s device for whatever purpose they wish, this could be data theft, financial crime or fraud.
Data is also sold on via an information broker to the huge international market in stolen personal data and credit cards.
Tom Holloway, head of Cybersecurity at IT and cybersecurity service provider, Redcentric, said: “More people will be shopping online over the Black Friday and Cyber Monday weekend than at any other time of year, making it a prime time for scammers to attack.
“The high number of deals and discounts also increases the feeling of urgency amongst shoppers, as people don’t want to miss out on such great deals. This, in turn, lowers cautiousness and therefore means that shoppers are less likely to be vigilant in the face of a potential threat. One of these new potential threats is quishing.
“One of the main concerns with quishing attacks is that, due to the way in which QR codes work, traditional email security measures that are put in place to prevent phishing attacks won’t work. This means that a malicious QR code could be embedded in a document and therefore delivered to the user’s mailbox, bypassing email security protection.”
To help combat the scammers Tom urges people to always “pause before clicking” and check URL addresses claiming to be reputable companies are genuine and have no obvious spelling errors or oddly formatted words – and the best case is to visit the retailer’s website direct rather than following a link.
He added: “Organisations use social media to promote deals and offers to their target audience and hackers know that many of us will be clicking on links and buying products this way over the Black Friday weekend. It is therefore a favoured method for hackers to post malicious posts and links.”
Tom also urged people not to use a weak password, change password for different retailers and avoid using debit cards but instead use credit cards, Papal, Allpe Pay or Google Pay which all have added security measures.
And most importantly he says don’t use public wi-fi when out and about as hackers can easily hack into the networks to steal card details.