Quishing; a new scam on the rise – What is it?

Do not share your personal information with anyone!


The human has the potential to conceive both good and bad ideas; and sadly, to all the benevolent and progressive ideas conceived by man, there are also the malevolent and regressive opposites.

Just like there are bright minds working to provide the latest and best in new technological advancements and innovation, there are also those who use the expanding digital infrastructure for more nefarious means – scamming being among the top of that list.

There have been a number of varied scams reported here on this white sandy nation as well, with most of them related to phishing activities.

First of all, what is Phishing?

The First-Year Computer Science students would have come across this term by now, and they already know what the word entails – especially in a globalized and tech-heavy world.

To the unversed, and unfamiliar, phishing is a form of social engineering and scam where attackers deceive people into revealing sensitive information – typically in the form of usernames, passwords, credit card numbers, bank account information and other sensitive data.

In these attacks, fraudulent messages that appear to come from a legitimate source, are sent to unsuspecting individuals to trick them into sharing the aforementioned sensitive information or data.

The end goal is simple – access login information, or install malware on a victim’s device, which almost always lead to the same endgame: monetary loss on the part of the victim.

So, what is Quishing?

This is the latest in the scammers’ belt of varied tricks.

Quishing “uses subterfuge to direct you to bogus sites” in an attempt to get your personally identifiable information – which could include passwords, credit and debit card numbers and other sensitive information.

Quishing is short for QR code phishing.

The scam involves, scammers posting signs with QR codes on them in high-traffic locations or sending them via email or text (by now the readers must have heard through the techvine about a certain phishing scam involving a “Nigerian Prince” – the new and more modernized version is the Quishing approach).

Once the intended victim scan the QR code, they are taken to the scammer’s website, which is disguised to look legitimate – often impersonating a government agency, bank or a publicly recognized company.

The victim is next asked to input personal information and just like that, the scammers are able to access their sensitive data.

People carry a lot of sensitive data on their smartphones now. For instance, individuals put their Google Mail (gmail) address as a login credential to various internet or mobile banking applications, and use their mobile phone number as a 2F verification option.

Through Quishing, scammers access the passwords of these emails, personal information of the user available on the smart device, and any such sensitive information or login credentials, that could give access to the victim’s banking profiles or accounts and steal their money.

Ok! How Do I Avoid This Then?

The first and quickest response to this is; practice caution. Do not indulge in the habit of scanning QR codes the minute you see them.

Here are ways on how you can avoid becoming a victim of quishing;

  • First ask yourself where the QR code came from before you do anything else. For instance, suppose there is a poster in the name of a government ministry or agency with a QR code printed on it; you may wish to first contact said government agency or ministry to verify if they had indeed pasted any posters across town, before you scan the code.
  • If you receive an unexpected email or text with a QR code – DO NOT scan it.
  • Contact your local bank, government agency or company to notify that a scammer is impersonating them.
  • Block spam messages
  • Protect sensitive information – such as passwords, credit and debit card numbers. Make use of proper 2F authorization options to ensure stronger security measures.

Share this post: