New scam: With “quishing,” fraudsters send QR codes and use them to direct their victims to fake bank websites. The Lower Saxony LKA sees various ways in which the perpetrators can obtain the data from your Ivibet login.
The data could come from a hack in the past – for example at an online shop where the possible victim is or was a customer with the corresponding data stored. The perpetrators can easily evaluate this data and then use it to personally address corresponding emails or letters, as the Lower Saxony State Criminal Police Office (LKA) announced. The personal data could also have been entered on a phishing page by the victim in question – and combinations of different data sets would also be conceivable.
POLICY WARN URGENTLY ABOUT FRAUD
The police in Oldenburg (Lower Saxony) and Neumünster (Schleswig-Holstein) are urgently warning against the new method. Quishing is therefore a combination of the words QR – the abbreviation for codes that can be read with the cell phone camera stands for “quick response” – and phishing. It is a further development of the well-known phishing scam, in which users are tricked into disclosing sensitive data via fake emails or personal letters.
Perpetrators send harmless-looking QR codes
When quishing, perpetrators rely on QR codes, which seem harmless at first glance. They would be placed on fake bank cover letters that are often sent as letters to victims, police said. The injured parties should then update access data for online banking and personal data using the QR code. However, anyone who scans the QR code is redirected to a fake website. According to the Oldenburg police, these websites often look deceptively real. The perpetrators then steal the sensitive data there.
Attempted fraud also occurs on traffic tickets and at charging stations
The Lower Saxony Consumer Center also warns of the scam. Accordingly, the QR codes not only appear in alleged bank letters, but also at e-charging stations or on fake parking tickets. According to its own information, the Heidekreis police station has also identified isolated cases of fraud involving quishing. In the cases known so far, no damage occurred. “However, we are assuming that there is an unreported case,” a spokesman told NDR Lower Saxony upon request.
HOW CAN YOU PROTECT YOURSELF
Be careful with unknown QR codes
The police advise you to be particularly careful with unknown QR codes from emails or cover letters. You should check the sender carefully. In cover letters, a general salutation as “customer” is often used and not a personal salutation. The officials in Oldenburg recommend using current browsers and software that checks QR codes for possible dangers before scanning. The police in Neumünster advise always using so-called multi-factor authentication when banking online: “Criminals are missing the second or third factor, even if they received your data through phishing.”
OTHER TRAPS
Fraudsters are increasingly trying to obtain personal data such as passwords and credit card numbers via email, SMS, WhatsApp or telephone and misuse them. How can you protect yourself?
The scam is called phishing – the made-up word is derived from the English terms “password harvesting” and “fishing”. Phishing refers to the theft of personal data using fake websites, emails or text messages. Captured data is often sold on to other fraudsters, who then misuse bank details or credit card numbers to make purchases on behalf of the victims. However, criminals’ fraudulent attempts and common phishing tricks can be recognized by certain signs.
Phishing via email: links, attachments and fake websites
The perpetrators often obtain the email addresses of potential victims through address brokers. They then send manipulated file attachments or links that, when clicked, install spy programs undetected on the computer or lead to fake websites of well-known companies, such as a bank or government agency or streaming services such as Netflix and Disney+. For example, on the fake pages, those affected are asked to enter their access data.
