Cybercriminals have no limits when it comes to organizing their cyber attacks. They constantly come up with new techniques to steal passwords, personal data or simply take control of a device. This time we echo one more example in which they use a recognized brand, in this case Amazon, to steal. They use what is known as Quishing, a strategy in which they can rob you just with a gesture that you usually make with your cell phone.
Surely you have heard many times about Phishing. Basically, it is a fake email or SMS that they send you with a fake link that takes you to a website that they have created to steal your data. Quishing is similar, but this time they use a QR code. Yes, a simple code like the one you can see on a restaurant table or in a museum to have more information.
Quishing using Amazon
More than once we have recommended being careful when scanning a QR code where you don’t really know the origin. They can put a false code in busy places, such as a tourist monument where there is a sign with information. Even in a restaurant, simply by putting a sticker on the original QR on the table, they could be scammed.
However, in this case it is a Quishing attack that uses the Amazon brand and is a little different. This is a postcard that they send to your home or give to you in certain places. There you will see the Amazon logo, as well as a series of information to follow a few steps and obtain a discount coupon that you can use on this platform.
The problem is that it really is false. This is a Quishing attack. Although everything seems legitimate, with the Amazon logo, the official written website and details like that, when you scan that QR code with your mobile, you are going to go to a totally fake website. They ask you to log in, since you have to enter a code that they give you and thus obtain your prize.
Just in that process, when you log in, is how your password is stolen. You are not really logging in to the official Amazon website, but to another page that they have created to steal from you. We leave you a post on the social network X in which a user reports this issue:
d
@newmediaguynyc
POSTCARD SCAM!!!
BIG TIME AMAZON SCAM!!!!!
Pass it on to EVERYBODY!
DO NOT USE THE QR CODE ON THIS POSTCARD! https://t.co/AFbwZWA0ps
February 19, 2024 • 09:27
1
0
Tips to avoid falling into the trap
Just like a postcard like this one from Amazon might arrive in your hands, you may come across a QR code in many places and in many different ways. What you should do, in order to protect yourself and not fall into the trap. Always check the URL you are accessing very carefully. It can be a very strange address, without any sense, but be careful because sometimes it simply changes a letter or number.
You should also avoid accepting anything that comes your way, downloading any file or giving out certain information. For example, in a restaurant they could put a fake QR code to invite you to download a PDF with, supposedly, the menu. However, that could contain malware. Be very careful with this.
It’s a good idea to always keep your devices protected. Make sure you have a good antivirus, as well as keeping them updated. This will help you correct vulnerabilities so that hackers cannot take advantage. It will help protect you from Quishing attacks, but also from many other threats.
In short, Quishing is a very important problem and now it seems that they also use postcards impersonating Amazon and other brands. Be very careful when scanning QR codes of this type, as you could be exposing your security. You can even log into Wi-Fi with a QR.
