In an era of rapidly evolving cyber threats, RCBC (Rizal Commercial Banking Corporation) is sounding the alarm on a new form of cyberattack known as “Quishing.” As cybercriminals continue to adapt and refine their tactics to exploit unsuspecting victims, the bank is urging the public to exercise heightened vigilance when it comes to QR code usage, a prominent feature of modern contactless payments.
Quishing, short for QR code phishing, is a sophisticated phishing scam that leverages fake or manipulated QR codes to perpetrate illicit and fraudulent activities. These nefarious activities include the dissemination of malware, the pilfering of sensitive personal information, and the illegal transfer of funds to unauthorized accounts.
With the convenience and speed of contact-free payments, especially those made via smartphones using QR codes, fraudsters have found fertile ground for their schemes. It is imperative for individuals to stay informed and adopt precautionary measures to protect themselves from falling victim to this emerging threat.
“Quishing is the method used in fraud where valid QR codes are replaced with another code to facilitate fraud or information harvesting,” according to Carlos Tengkiat, Chief Information Security Officer of Rizal Commercial Banking Corporation’s (RCBC), cautioning users to be extra careful of quishing schemes as it can easily trick people who are not very cautious with how they make QR payments. Tengkiat explains that you can become a victim of quishing by scanning fraudulent and fake QR codes, opening malicious websites, or installing fake applications on your mobile phone.
In response to this growing menace, RCBC has provided the following tips to safeguard against Quishing:
1. Exercise Caution with Unfamiliar QR Codes: Under no circumstances should individuals scan QR codes from unknown or unverified sources. This is a critical first step in preventing Quishing attacks.
2. Scrutinize Physical QR Codes: When scanning physical QR codes, take a moment to inspect the code for any signs of tampering, such as stickers placed over the code. Fraudsters may manipulate QR codes to redirect users to malicious websites designed to harvest login credentials.
3. Verify Electronic QR Codes: If you receive a QR code electronically, whether from an application or email, ensure it originates from a legitimate and trustworthy source. Always verify the source before scanning or uploading the QR code to avoid falling into a Quishing trap.
4. Verify Website Authenticity: After scanning a QR code, carefully examine the website you are redirected to. Confirm that it uses a trusted domain and employs the HTTPS protocol. Be vigilant for any misspellings or irregularities, as these may be indicators of a Quishing attempt.
5. Stay Informed: Keep yourself updated on the latest fraud trends and cyberattacks. Cybercriminals constantly adapt their tactics, so staying informed can help you stay one step ahead of potential threats.
When conducting digital transactions or using mobile payment apps, it is paramount to exercise caution. Be particularly discerning when interacting with websites that request personal information or login credentials. Avoid entering your credentials on unfamiliar sites at all costs.
In addition, it is advisable to regularly update your devices and utilize strong, complex passwords for your e-wallets and online banking applications. A strong password should ideally consist of at least eight characters, including a combination of alphanumeric and special characters.
RCBC emphasizes that cybersecurity is a collective responsibility, involving consumers, government bodies, and private financial institutions. Everyone has a role to play in preventing digital financial fraud. The bank remains dedicated to its commitment to combat online fraud by promoting cybersecurity awareness and employing robust security measures to safeguard its customers from potential threats.