[ad_1]
In recent months, several police departments across the United States have begun issuing warnings about a growing new scam known as ‘brushing’based on sending packages to people who have not requested them.
This is not the first time we have talked about it, but in this latest wave of cases, the ‘brushing’ comes in tandem with another scam technique: he ‘quishing’.
What does that translate into? What is the most dangerous of the packages received? It is not inside, but in the QR that accompanies them: Because of them, we may end up giving third parties access to our personal and financial information, and even emptying our bank accounts.
DON’T BE FOOLED! The main SCAMS in ONLINE SHOPPING and HOW TO AVOID THEM
What is the scam?
He brushing is a method that combines social engineering with phishing tactics: scammers They send a package with a ‘gift’ item, generally of little value such as jewelry or small gadgets. Typically, the reasons for this can be varied, from harvesting fake reviews (which the scammers will write on behalf of the recipient) to using infected gadgets to spread malware.
However, we are facing a twist of that type of scam, because in this case, the QR code that theoretically it should allow the confused recipient to discover the origin of the shipmentis actually designed to trick the victim and redirect them to a fraudulent website, which may infect their device with malware or steal private information.
According to police departments in cities such as Denver, Colorado, Morrow, Georgia, and Palm Beach, Florida, this type of scam has begun to spread rapidly. In Palm Beach, authorities say the packages contain the recipient’s address, but do not include information about the sender.
“The gift can be kept or thrown away, but the QR code should NOT be scanned for any reason. QR code scams are nothing new. These scams appear everywhere, including parking meters.” (From Akron Police Facebook, Ohio, USA)
The QR code inside the package suggests that scanning it could reveal who sent the package, but this only makes it easier for scammers to learn more about us. Sometimes, this happens because the link leads to the download of an .apk file, an Android application installer.
- How do scammers get victims’ data? One of the key questions is how scammers obtain the names and addresses of their victims. As usual in these cases, the explanation usually lies in massive leaks of personal data from online platforms or large companies. In other cases, it may be due to user errors, who accidentally reveal certain information on their social networks.
- The situation in Spain. Although this type of scam has been more common in the United States, it is likely to reach Spain sooner rather than later. At the moment, INCIBE states that no queries related to the brushing through its cybersecurity helpline.
How to protect yourself from quishing?
INCIBE has issued a series of recommendations to avoid falling into fraud related to QR codes. Among the most notable tips are:
- Do not scan unknown QR codes: If you don’t know who generated the code or for what purpose, it’s best not to interact with it.
- Check URL: If scanning the code directs you to a website, check that the URL matches the name of the company that should have sent the package.
- Be suspicious of shortened URLs: These usually hide malicious websites. Avoid interacting with them unless you fully trust the source.
- Use link analyzers: Tools like VirusTotal can help verify the authenticity of the links the QR code redirects to before opening the page.
- Do not download files without verifying: If you are prompted to download files with extensions like .apk, it may be a malicious app designed to infect your device.
- Avoid providing personal or banking information: Never share sensitive data if you are not absolutely sure of the authenticity of the site.
Via | Damn Timo
Image | Marcos Merino through AI
[ad_2]
Source link
