What Is the History of the QR Code?
QR codes date back to 1994 and were invented by the Japanese company Denso Wave. QR stands for “quick response” — the codes were created with a focus on high-speed reading and the ability to store a large amount of information. The codes were initially used by the auto industry for electronic kanban and later adopted by food, pharmaceutical and contact lens companies, among others, to control their merchandise and improve production efficiency.
One crucial factor that contributed to the widespread use of QR codes was Denso Wave’s decision to make the specifications of the QR code publicly available without exercising patent rights, so the technology could be used by as many people as possible.
By the early 2000s, “marketers latched onto QRs as a way to easily send people to landing pages and specific web content,” writes Ira Gostin, partner at G8 Consulting, in Forbes. Soon after, they faded into obscurity, only to be revived again in 2020 during the pandemic. QR codes have since held their popularity and are now used in retail, marketing, logistics and digital payments.
How Does a Quishing Attack Work?
In a quishing attack, cybercriminals use QR codes to deceive people into visiting malicious websites or downloading rogue applications. To do this, hackers create a fake QR code that mimics a legitimate one.
Users are then redirected to a malicious website or prompted to download a rogue application, believing it’s from a trusted source. Then they are prompted to fill out personal information such as credit card details or login credentials.
According to Matthew Tyson in CSO, the “precipitous rise” in QR code phishing campaigns in 2023 happened in part because they are simple to use — and hack. “It is easy for attackers to use free resources to generate convincing QR code enabled phishing emails, attachments, and websites — a mechanism that can increase the effectiveness of their efforts with minimum effort,” he writes.
Quishing is a serious concern because users cannot easily differentiate between genuine and malicious QR codes. The codes can also bypass security systems because they read as a single image with no suspicious text.
Whether it’s stealing private information or using the web page to load malware onto a device, users should watch out for QR code email scams, payment scams, package scams, donation scams and investment scams.
How Can You Detect a Quishing Attack?
The Federal Trade Commission issued a recent warning that scammers are hiding harmful information in QR codes, and though some are in plain sight, others are almost impossible to spot. So, detecting a QR phishing scam requires keen observation.
Here are some tips and techniques to stay alert:
Scrutinize the QR code itself. Watch for unusual designs, pixilation or errors in the code structure. This can include letters or symbols written in tiny font between the square barcodes.
Verify the source. Legitimate businesses usually embed QR codes on their official websites or materials, not in unsolicited emails or messages.
Assess the degree of urgency and emotional tone. A sudden or unprompted request for personal information is most likely a sign of a quishing attack. These scams also tap into emotion to elicit a fast response, so consider whether the message expresses a sense of fear, curiosity or greed
Always check the URL before scanning. If it appears random or doesn’t match the supposed sender, it could be fraudulent. Typically, users can see a preview of the link before clicking as their cameras scan over the code.
Be cautious of QR codes asking for sensitive info or prompting auto-downloads. Genuine codes generally direct to a website for information rather than requesting personal data up front.
Examine the permissions requested by the linked site after scanning. A reputable site won’t ask for unnecessary access.