Tag Archive for: Online Security

Is That QR Code Safe? What You Need to Know About the Cyberthreat Quishing

 

In our fast-paced, tech-driven world, QR codes have become second nature. We scan them to check out restaurant menus, access Wi-Fi networks, or join virtual events. But beneath their convenience lies a potential cyber threat that’s catching many off guard: Quishing.

Quishing—short for QR code phishing—is a sneaky variant of the classic phishing scam. Picture this: you’re at a cozy café, scanning a QR code to browse the menu. It feels harmless, even mundane. But hidden within that innocent-looking grid could be a link to a malicious website, ready to steal your personal information or unleash malware onto your device.

How Quishing Works

Cybercriminals embed harmful links into QR codes and strategically place them in unsuspecting locations:

  • Public bulletin boards
  • Flyers
  • Transport hubs
  • Online ads
  • Even restaurant tables

These codes often redirect you to phishing sites that mimic legitimate websites. Once you’re there, you might unknowingly hand over sensitive information like passwords, credit card details, or even trigger malware downloads.

Spotting Suspicious QR Codes

Knowing how to recognize potential threats is key to staying safe. Watch out for these red flags:

  1. Unknown Origin: If a QR code appears in an unexpected location or looks unprofessional, think twice before scanning it.
  2. Too-Good-To-Be-True Offers: Scammers often lure victims with promises of amazing deals or exclusive gifts.
  3. Requests for Personal Information: If a scanned code leads you to a page asking for sensitive details right away, it’s a major red flag.

Protect Yourself from Quishing

A few proactive measures can go a long way in keeping you safe:

  1. Verify the Source: Only scan QR codes from trusted entities, such as well-known brands or official communications.
  2. Use Secure QR Scanners: Many modern smartphones come with built-in security features to detect malicious links. Take advantage of these tools.
  3. Close Suspicious Websites: If a scanned QR code leads to a dubious website, close it immediately. Avoid clicking on any links.
  4. Keep Software Updated: Regularly update your device’s operating system and apps to ensure they’re equipped with the latest security patches.

Real-World Quishing Scams

Quishing isn’t just theoretical—it’s happening now. Here are two notable examples:

  • Public Transport Scam: In one major city, scammers replaced QR codes on transport kiosks with their own malicious codes. Commuters who scanned them were directed to phishing sites that stole credit card information.
  • Concert Fraud: Fake posters for a popular concert included QR codes leading fans to a bogus ticketing site. Attendees paid for tickets that never arrived, losing both money and trust.

Stay One Step Ahead

In this digital age, vigilance is your best defense. If a QR code seems suspicious or makes you hesitate, trust your gut. By learning to spot the signs of quishing and practicing safe scanning habits, you can outsmart cybercriminals and keep your personal information secure.

So the next time you’re tempted to scan a QR code, ask yourself: Is it worth the risk? A little caution today can save you a world of trouble tomorrow.

PS: In addition to freely scanning any QR code that pops up, make sure you’re not committing these Bad Cybersecurity Habits:  https://sileo.com/bad-cybersecurity-habits/.

One Smartphone Security Tool You Might Be Missing

You’re already aware that credit card payments are safer than debit cards and checks, right? If someone spends fraudulently on your card, you call the credit card company and POOF! they make it disappear. But if you’re ready to elevate your security game even further, it’s time to tuck away that plastic card and start paying with your smartphone. Why, you ask? Because smartphone payments work a bit like Harry Potter’s invisibility cloak, effectively masking your identity from a horcrux full of hackers. (Side note: You might need to read all seven Harry Potter books to fully appreciate this metaphor.)

Let’s dive into the magical world of mobile payments, starting with Apple Pay for the iPhone users frequenting places like Honeydukes to grab some Pixie Puffs.

Setting Up Apple Pay on Your iPhone (Full Apple Instructions Here):

  1. Open Wallet App: On your iPhone, open the Wallet app. If you don’t have it on your home screen, you can find it by swiping down and using the search feature.
  2. Add a Card: Tap the plus sign to add a new card. You can either scan your credit card with the camera or enter the details manually.
  3. Verify Your Card: Depending on your bank, you might need to verify your card via a text message, email, or a call to your bank.
  4. Secure It: Once added, your card is secured with Face ID, Touch ID, or a passcode. Unlike a physical credit card, this digital lock must be unlocked to access and use your card.
  5. Ready to Pay: At the register, double-click the home button or side button to bring up your Wallet, authenticate, and then hold your phone near the payment terminal.

When you tap to pay at Honeydukes, Apple Pay doesn’t just send your actual credit card number across the ether. Instead, it conjures up an encrypted virtual account number that cloaks your real one, keeping your private payment details hidden from the prying eyes of dark wizards—aka hackers. Plus, your information is never transmitted or stored on the retailer’s servers, fortifying your defenses against breaches.

Like its Apple counterpart, Google Pay also provides an excellent defense against the dark arts of the digital world. Before approving the payment, your bank or card issuer verifies the dynamic security code—unique to your device—to make sure it’s you who’s casting the spending spell.

Setting Up Google Pay on Android Phones (Full Google Instructions Here):

  1. Download Google Pay: Ensure that Google Pay is installed on your Android device. You can download it from the Google Play Store if it’s not already installed.
  2. Open Google Pay & Add a Card: Launch Google Pay and tap on “Payment” at the bottom, then tap the “+” sign to add a credit or debit card.
  3. Verify Your Card: As with Apple Pay, you may need to verify your card through your bank with an SMS, email, or phone call.
  4. Secure Your App: Set up a screen lock if you haven’t already. Google Pay requires this as an extra layer of security.
  5. Make a Payment: Wake up your phone and hold it near the payment terminal until you see a check mark indicating that your payment was successful.

Setting up digital payments might feel like preparing for a trip to Diagon Alley, but it’s worth it. Paying with your phone is not just fast and secure—it’s also, let’s face it, pretty darn magical. Whether you’re wielding an iPhone or an Android, your smartphone is now the most enchanted item in your pocket, shielding you from the dark forces lurking in the shadows of digital transactions.

Does your organization need to up-level your Smartphone and overall online security? Reach out to explore in-person or virtual keynotes that are fun, informative and necessary in our digital world where things change in the blink of an eye. 

Safe Online Shopping on Cyber Monday

It’s almost Cyber Monday, so tell me something – why do you shop online? Because it’s super convenient? Or because you get better pricing? Maybe it’s because you’re allergic to hand-to-hand combat on Black Friday? I’m a huge fan of shopping online to save time, money and brain cells. But if you have bad surfing hygiene, you’re just asking identity thieves to go on a shopping spree with your money. And it’s so easy to avoid if you know how. Which you’re about to.

Thanks for joining me here on Sileo on Security, where we believe there’s no need to fear online shopping if you surf wisely. I want to share nine habits with you over the next three episodes that will keep your digital shopping cart safer than the real thing.

The first habit is just common sense. Please, stick to reputable websites with a proven track record. If you haven’t used the site in the past or if it isn’t a recognizable brand like Amazon, research before you buy! If you shop there in person, you’re probably safe online. When you buy only based on price, you generally get what you pay for. Cheap products, shipping charges, MALWARE! Also be careful about imposter websites with URLs that look almost exactly like the real one.

Next, always LOOK for the LOCK. If your browser doesn’t show a padlock in the URL bar and doesn’t start with the address HTTPS://, don’t fill out ANY forms or send ANY information via that website. The S in the address stands for secure, and everything else is just faking it! [No “S”, No $]

Third – you may get sick of hearing me say this one, but it’s so important to use strong passwords on all of your internet accounts. The easiest way for a hacker to spend your money is to crack your account because your password is your dog’s name, a word in the dictionary or something thieves can find on your MySpace profile. You don’t still have a MySpace profile?

Your One-Minute Mission today is quick and easy. Log in to the ecommerce websites you shop on most often – so for me, in order, I’d go to Amazon, Zappos, DaintyCandles.com, PayPal – you know, the usual suspects. Once you login, make your password longer and stronger than it already is. Just doing this, occasionally changing your passwords, makes thieves work a whole lot harder for those candles.

And then, as you always do, make sure that you tune in for the next episode of SOS, where I’ll give you intermediate steps to protect your online identity.

All of us at The Sileo Group wish you a happy and healthy holiday season!

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.

Tired of Being Tracked by Websites? Do Not Track is Here.

In response to the growing demands for more privacy on the internet, Mozilla implements a Do Not Track option in Firefox 4.

The most recent version of Mozilla Firefox, which was rolled out this February, offers users the option to opt-out of website tracking. Once enabled, the user’s preference to not be tracked is automatically sent to the website. That doesn’t mean that the website has to do anything about it, but there will probably be a bit of a stink about those sites that don’t respect user’s privacy preferences (it would be the equivalent of someone making a sales call to you after you join the Do Not Call list). Unfortunately, most users will never know which websites are participating in the opt-out Do Not Track function.

Learn more about Firefox’s Do Not Track Technology and about the Big Brother issues posed by companies tracking your every move on the internet.

In my opinion, beginning to solve the surfer privacy issues at the browser level is the right direction to take. It is the most universal gate through which all surfers pass – no one visits a website without touching a browser. If consumers get behind the technology now and let the companies they do business with know that they expect them to honor Firefox’s Do Not Track technology, there will be no option but to acquiesce.

Mozilla Firefox version 4.0 is still in beta while they make sure they get any glitches fixed. So don’t install it unless you are comfortable with using beta (often glitchy) software. It has been out for many weeks now, and most of the glitches are probably resolved at this point.

To add the Do Not Track functionality, download and install the latest version of Firefox 4, and then go to Firefox -> Options  -> Advanced. Check the “Do Not Track” box and save your settings.

When this option is selected, a header will be sent signaling to websites that you wish to opt-out of online behavioral tracking.  You will not notice any difference in your browsing experience until sites and advertisers start responding to the header. I recommend that users go in and try this out. This is the best way to give them feedback so they can make our browsing experience as safe as possible.

John Sileo’s motivational keynote speeches train organizations to play aggressive information offense before the attack, whether that is identity theft, data breach, cyber crime, social networking exposure or human fraud. Learn more at www.ThinkLikeASpy.com or call him directly on 800.258.8076.