Did you ever wonder why scandals get the suffix “-gate” in the media?  You know, issues like queuegate – Phillip Schofield and Holly Willoughby getting to the front at Queen Elizabeth’s lying-in-state – or Kategate – the 2024 Mother’s Day photo featuring the Princess of Wales.  But what have these controversies got to do with gates?  Nothing at all, of course!

The original case dates back to the 1970s when a burglary at the Watergate Complex resulted in a scandal which led to the resignation of President Richard Nixon.  Thus, the handy shorthand to denote unethical behaviour was coined.

The IT world has its own suffix – -ishing!  The thing all these terms have in common is cyber-crime.  Probably the first one you will have heard of is phishing – just as you might fish for compliments, the hacker dangles bait to phish for victims.  Our blog explains how phishing works in practice.

More recent additions are smishing – communicating via SMS text messages – and vishing – criminals using (voice) phone calls to trick you. 

Can you guess what quishing is?

Quishing is a cyber attack which uses QR (Quick Response) codes.

The beauty of using QR codes (from the hacker’s perspective anyway) is that the web address (URL) is hidden in a pattern of black and white boxes within a square so you cannot read it without a smart phone camera.  You are probably more likely to be trusting of a QR code than a website; it’s such an easy way to access a website quickly.

What was your reaction to the QR code at the top of this story?  Were you curious enough to whip out your phone and follow the link?  Fortunately for you, this was simply a link to the Computer Troubleshooters website. 

It is startlingly easy to create a QR code.  In Chrome, you visit the desired website, then click on the 3 dots at the top right-hand corner.  Select “save and share” then choose the option “create a QR code”.  You can see how efficiently cybercriminals could generate QR codes to their dodgy sites.

So, how does quishing work?

You are invited to follow the QR link to a site where you have to enter your password and other personal information.  The reason that your data is useful to a scammer is that it allows them to impersonate their victim, along with all the access that this grants them.

There have been cases of malicious QR codes being adhered over the top of legitimate stickers on car park ticket machines; you think you are paying to stay for 3 hours but you are actually giving your money – and card details – to a criminal instead.  An article in The Telegraph reported that this scam has also been found on electric vehicle charging points.

When quishing joins the world of phishing it can be difficult to detect, even for sophisticated spam filtering systems.  The QR code could turn up within the text of an email or it might appear in an attachment which would not have been scanned.

How can you avoid being quished?

Just as you are always warned to stay alert to anomalies in the spelling of email addresses, or whether they match the purported sender, you do get an opportunity to review the web address before you click on the contents.  When you hover your smartphone over the QR code, it should tell you the connected URL.  Even if you click through to the website, you should be able to check the address before handing over your personal data.

The moral of the story: as technology evolves, so too do cyber-attacks.  Stay circumspect and consider getting your team some security awareness training.

If you would like to beef up your cyber security, contact Computer Troubleshooters – just use the QR code above!