Citibank has issued an urgent alert to its customers in the United States: quishing, a new form of digital fraud, is putting everyone's money and security at risk. This type of cyberattack uses QR codes to deceive victims and steal their personal and banking data.
The term "quishing" combines the words "QR" and "phishing." It involves the creation of malicious QR codes that, when scanned, redirect to fake websites designed to obtain confidential information or install harmful software on users' devices.
Citibank gets more serious than ever: be very careful with "quishing"
These codes can be found in public places, emails, text messages, or even on seemingly legitimate websites. Scammers place fake QR codes in strategic locations, such as charging stations for electric cars, parking meters, restaurants, or billboards.
By scanning these codes, victims are redirected to websites that mimic the originals, where they are asked to enter personal data or download applications containing malware. In some cases, criminals send emails or text messages with QR codes.
Ones that supposedly come from trusted institutions, such as banks or government agencies. By scanning them, users are taken to fraudulent pages that collect their confidential information.
When should we be suspicious?
It is important to be alert to QR codes found in public places without clear identification or that come from emails or messages from unknown senders.
Be very careful if they immediately request personal or financial information or redirect to websites with suspicious URLs or spelling errors. If after scanning a QR code sensitive information is requested or an application is automatically downloaded, it is likely an attempt at quishing.
Recommended practices according to US cybersecurity
To protect against this threat, cybersecurity experts recommend avoiding scanning QR codes from unknown or unverified sources. They advise using scanning applications that show the URL before opening it.
In turn, verify the authenticity of websites before entering personal information and keep device software updated and use antivirus tools. Additionally, report any suspicious activity to the appropriate authorities and the financial entity involved.
Citibank and other financial institutions urge their customers to stay alert and adopt preventive measures to avoid becoming victims of quishing. Cybersecurity is a shared responsibility, and education and caution are key to protecting our data and our money.