Should You Trust That Random QR Code?
You could probably tell the difference between a real text message and one sent by a scammer. The phishing text likely has a sense of urgency, asks for payment as a gift card and might make you wrinkle your brow at some of the wording. But could you tell a fake QR code from a legitimate one?
Many of us are familiar enough with phishing scams -- where thieves impersonate a trusted sender to deliver a malicious web address -- to steer clear. But it can be significantly harder to recognize QR phishing, sometimes called Quishing or QRishing.
Unlike phishing, in which you can typically see the web address to identify its legitimacy, there's no way to easily distinguish between the QR code for a menu or a parking payment app with one that takes you to a fraudulent site with a malicious download.
The number of QR phishing attempts soared from 0.8% in 2022 to 12.4% in 2024, according to a recent Phishing Threat Trends Report from Egress.
Although you can try to avoid QR codes altogether, there are many times when we have to rely on them to pull up menus or pay for parking.
"To protect yourself from QR phishing, ensure your mobile device's security settings are up to date and use trusted security software," said Lisa Plaggemier, executive director of the National Cybersecurity Alliance.
Plaggemier also recommends that you only scan QR codes from reputable sources, whether on a physical sign, website or email. And if a QR code seems suspicious or directs you to a site requesting sensitive information, stop immediately.
QR phishing or QRishing is a cyber attack that uses QR codes linked to sites that trick users into downloading malicious content or providing sensitive information.
After the victim has downloaded the content, the attackers steal user information such as passwords, financial data and other personally identifiable information, or PII. The information can then be used to commit identity theft and financial fraud.
The trouble is, with QR codes, you may not be able to tell the difference between a malicious code and a legitimate one until you've scanned it. However, use your intuition. If you're at a gas pump and there is a random QR code beneath a questionable sticker, it's likely not worth scanning.
Always be skeptical of any QR codes you see and consider their source. Be extremely suspicious of QR codes in the following places:
Airports
Restaurants
Bus stops
Flyers such as fake parking tickets
Phony emails and text messages
And remember that it's always possible for someone to place a sticker with a malicious code over a legitimate code on a sign, parking meter or other trusted location.
Take a moment to examine public QR codes for signs of tampering. Watch out for QR codes from unsolicited text messages and emails, and be extra cautious of QR codes that promise free goods or prizes.
To avoid QRishing scams, always use a trusted QR code scanner app that includes security features that can detect malicious links. You could try TrendMicro's QR Code scanner, QR & Barcode Reader by Gamma Play or QR Code Reader by TeaCapps.
As a last resort, be sure to double-check the URLs you are being sent before clicking on them. Particularly for URLs that include common misspellings of popular company names or ones that merely contain the name of a trusted company within an untrusted domain name.
If you're the victim of QRishing scam, it's important to report the crime and protect your information. Any information you've given to the scammers may be compromised, including your name, address, Social Security number and financial accounts.
Contact your bank and inform them that your account has been compromised. You should immediately change your passwords, scan your devices for malware and implement multi-factor authentication if you haven't already. Also check your credit reports for fraudulent activity and consider freezing your credit.
Here are some additional resources for victims of QR code scams:
Federal Trade Commission -- The FTC has an online reporting site so that consumers can report fraud. You can also call the FTC's Consumer Response Center at (877) 382-4357 to file a fraud report by phone.
IdentityTheft.gov -- The FTC also offers this site to help consumers report cases of identity theft, get a recovery plan and put it into action. You can also call the FTC Identity Theft Hotline at 1-877-IDTHEFT (1-877-438-4338).
Social Security Administration -- The Social Security Administration offers resources for those who have had their Social Security number stolen. You can also report it to the Social Security Administration at oig.ssa.gov or by calling its Office of Inspector General fraud hotline at 1-800-269-0271.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
05-06-2025
- Yahoo
Trend Micro and IGP Photonics have been highlighted as Zacks Bull and Bear of the Day
Chicago, IL – June 4, 2025 – Zacks Equity Research shares Trend Micro TMICY as the Bull of the Day and IGP Photonics IPGP as the Bear of the Day. In addition, Zacks Equity Research provides analysis on Broadcom AVGO. Here is a synopsis of all three stocks. Trend Micro has joined the growing number of cybersecurity stocks that have gained traction, including CrowdStrike, CyberArk Software, Palo Alto Networks and Zscaler. Outside of Zscaler, Trend Micro has outperformed most of its popular cybersecurity peers this year and is sitting on gains of over +40%. Offering endpoint, messaging, and web security software, what further separates Trend Micro is its more reasonable valuation, although the growth of these popular cybersecurity firms is starting to justify their premiums to the broader market. That said, Trend Micro's strong financial results and strategic growth initiatives are very compelling, with TMICY sporting a Zacks Rank #1 (Strong Buy) and landing the Bull of the Day. At the forefront of Trend Micro's expansion is its Vision One unified cybersecurity platform, which is designed to provide advanced threat detection, risk management, and security automation across multiple environments for the enterprise. Simplifying security operations for businesses while providing proactive risk management, Trend Micro serves over 10,000 large enterprise customers worldwide, with Vision One being widely adopted by financial institutions, healthcare organizations, and government agencies. Highlighted as a leading XDR platform (Extended Detection and Response), enterprises have flocked to Trend Vision One because of the platform's ability to adapt to AI-driven threats, using machine learning to detect and respond to sophisticated cyberattacks. It's also noteworthy that Vision One protects cloud-native applications and digital workloads, putting Trend Micro in a prime position to compete with Palo Alto Networks, Zscaler, and other cloud security leaders. Also contributing to Trend Micro's expansion is that it has multiple partnerships across various industries, including with cloud providers, other cybersecurity firms, and managed service providers: Microsoft – Integrates Trend Micro's security solutions with Azure for enhanced cloud protection. Amazon's AWS – Collaborates on cloud security and threat intelligence for AWS customers. Alphabet's Google Cloud – Works together on AI-driven cybersecurity and cloud-native security solutions. Cisco Systems – Partners on network security and endpoint protection. VMware – Provides virtualization security for VMware environments. Outside of traditional cybersecurity for the enterprise, Trend Micro's Scam Check Tool had 16,000 active users during Q1, boosting its consumer revenue by 14% from the prior year quarter. Based on Zacks' estimates, Trend Micro's total sales are expected to be up 10% in fiscal 2025 and are projected to rise another 6% in FY26 to $2.11 billion. Notably, FY26 sales projections would represent 22% growth over the last five years, with Trend Micro's top line more than doubling over the last decade in correlation with the need to combat the rising number of cyber threats. Most suggestive of more upside in Trend Micro stock is that FY25 and FY26 EPS estimates are up over 3% and 7% in the last 30 days, respectively. Trend Micro's annual earnings are now expected to spike 30% this year to $2.05 per share, versus EPS of $1.57 in 2024. Plus, FY26 EPS is projected to rise another 16%. Making the positive EPS revisions very enticing is that TMICY trades at 37.4X forward earnings, with the next cheapest P/E valuation among its afore-noted cybersecurity peers being Zscaler at 95.5X. In terms of price to sales, Trend Micro also stands out with a forward P/S ratio of 5.4X, which is near the S&P 500 with CrowdStrike, CyberArk, Palo Alto, and Zscaler all trading at a least 14X or more. While many cybersecurity stocks are intriguing at the moment, investors who may be keeping their risk tolerance in mind could be more comfortable selecting Trend Micro. With its consumer business expansion supporting the growth of the popular Trend Vision One platform, more upside for TMICY looks justified at current levels when considering the premium investors are paying for cybersecurity stocks. Falling 30% year to date, the trend of declining earnings estimate revisions points to more downside risk for IGP Photonics stock. After much hype in recent years, investor sentiment has diminished for the laser systems and components provider due to shrinking operating margins amid lower demand for materials processing products. To that point, IPGP has fallen mightily from its all-time peaks of over $200 a share, and unfortunately, the slide could continue as IPG's stock lands a Zacks Rank #5 (Strong Sell) and the Bear of the Day. Although IPG was able to exceed its Q1 expectations in early May, sales fell 9% from the comparative quarter to $227.79 million. More concerning, earnings dropped 40% to $0.31 a share from EPS of $0.52 in Q1 2024. Attributing to the top and bottom-line decline were tariff-related costs, which have reduced demand for material product applications that rely heavily on IPG's high-performance lasers. Furthermore, IPG warned that tariff-related delays could slow shipments and further impact its profit margins. Leading to much anguish, IPG expects Q2 EPS between $0.05-$0.25 versus $0.45 a share in the prior period, with sales expected at $210-$240 million compared to $257 million a year ago. Correlating with softer-than-expected guidance, earnings estimate revisions have continued to decline for IPG. Notably, fiscal 2025 and FY26 EPS estimates have now dropped over 37% in the last 60 days, respectively. Making the trend of declining EPS revisions harder to bear is that IPG's stock still trades at an overly stretched premium to the broader market at 63.6X forward earnings. It's also noteworthy that IPGP is trading near its decade-long high in terms of price to forward earnings and is 177% above its median of 25.7X during this period. There are many signs that point to it being time to sell IPG Photonics stock, with IPGP having an overall 'F' VGM Zacks Style Scores grade for the combination of Value, Growth, and Momentum. Ultimately, investing in the company's unique laser services is not worth it right now. Zacks Thematic Screens lets you dive into 30 dynamic investment themes shaping the future. Whether you're interested in cutting-edge technology, renewable energy, or healthcare innovations, our themes help you invest in ideas that matter to you. Let's take a closer look at the Artificial Intelligence theme and analyze a top-ranked stock that the screen returned, such as Broadcom. This screen features diverse companies involved in AI, ranging from creators of software and hardware that power AI to those applying and utilizing this technology through automation, diagnostics, cognitive tasks, and more. Artificial Intelligence (AI) refers to the technology that enables computers and machines to simulate human intelligence and problem-solving capabilities to perform the cognitive functions usually associated with human minds. In general, AI systems work by ingesting large amounts of data with fast, iterative processing and intelligent algorithms. It then analyzes the data using neural networks for correlations and patterns and allows the software to learn automatically from these patterns to make predictions. Broadcom is evolving a broad portfolio of technologies to extend its leadership in enabling next-generation AI infrastructure. This includes foundational technologies and advanced packaging capabilities aimed at building the highest performance, lowest power custom AI accelerators. AVGO stock currently sports a favorable Zacks Rank #2 (Buy), with its earnings outlook shifting bullishly for its current fiscal year. Its recent set of quarterly results brought several positives, with AI revenue of $4.1 billion melting 77% higher year-over-year. The quarter's results were driven by robust demand for its AI solutions, with the company forecasting AI semiconductor revenue of $4.4 billion for Q2. Keep in mind that the stock is set to report quarterly results this week, with current consensus expectations indicating 42% year-over-year EPS growth on 20% higher sales. The company's sales have remained strong over recent periods thanks to the above-mentioned AI frenzy, as shown below. Zacks Thematic Screens lets you dive into 30 dynamic investment themes shaping the future. Whether you're interested in cutting-edge technology, renewable energy, or healthcare innovations, our themes help you invest in ideas that matter to you. Upon running the Zacks Artificial Intelligence Thematic screen, top-ranked Broadcom was returned. For those interested in viewing all the Thematic lists, please click here >>> Thematic Screens – Zacks Investment Research. Since 2000, our top stock-picking strategies have blown away the S&P's +7.7% average gain per year. Amazingly, they soared with average gains of +48.4%, +50.2% and +56.7% per year. Today you can access their live picks without cost or obligation. See Stocks Free >> Media Contact Zacks Investment Research 800-767-3771 ext. 9339 provides investment resources and informs you of these resources, which you may choose to use in making your own investment decisions. Zacks is providing information on this resource to you subject to the Zacks "Terms and Conditions of Service" disclaimer. Past performance is no guarantee of future results. Inherent in any investment is the potential for material is being provided for informational purposes only and nothing herein constitutes investment, legal, accounting or tax advice, or a recommendation to buy, sell or hold a security. No recommendation or advice is being given as to whether any investment is suitable for a particular investor. It should not be assumed that any investments in securities, companies, sectors or markets identified and described were or will be profitable. All information is current as of the date of herein and is subject to change without notice. Any views or opinions expressed may not reflect those of the firm as a whole. Zacks Investment Research does not engage in investment banking, market making or asset management activities of any securities. These returns are from hypothetical portfolios consisting of stocks with Zacks Rank = 1 that were rebalanced monthly with zero transaction costs. These are not the returns of actual portfolios of stocks. The S&P 500 is an unmanaged for information about the performance numbers displayed in this press release. Want the latest recommendations from Zacks Investment Research? Today, you can download 7 Best Stocks for the Next 30 Days. Click to get this free report Broadcom Inc. (AVGO) : Free Stock Analysis Report Trend Micro Inc. (TMICY) : Free Stock Analysis Report IPG Photonics Corporation (IPGP) : Free Stock Analysis Report This article originally published on Zacks Investment Research ( Zacks Investment Research Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Forbes
27-05-2025
- Forbes
No, That TikTok Video Won't Help You Get Free Software
Selecting TikTok TikTok users are being warned to look out for videos—likely deepfakes—showing them how to activate Windows and Microsoft Office, or to enable premium features in apps such as Spotify or CapCut. The similarity of the videos suggests that they were likely created through automation, said Trend Micro, which uncovered the campaign, while the voice issuing instructions also appears to be AI-generated. This makes the videos particularly dangerous, as it allows for extremely large-scale operations, as well as the ability to target different categories of users with different tactics. The videos instruct users to pull up the Run program on Windows and then execute a PowerShell command that, they're told, will activate the software or extra features for free. In reality, though, the command downloads a malicious script that distributes the Vidar and StealC information-stealing malware. Vidar can then take screenshots of the victim's desktop and steal credentials, credit cards, and cryptocurrency wallets, while StealC can also harvest a broad range of sensitive information. "In this campaign, attackers are using TikTok videos to verbally instruct users into executing malicious commands on their own systems. The social engineering occurs within the video itself, rather than through detectable code or scripts", Trend Micro warned. "There is no malicious code present on the platform for security solutions to analyze or block. All actionable content is delivered visually and aurally. Threat actors do this to attempt to evade existing detection mechanisms, making it harder for defenders to detect and disrupt these campaigns." The researchers found a number of accounts posting the videos, including @gitallowed, @ @allaivo2, @ @alexfixpc, and @digitaldreams771. One video reached more than half a million views, with over 20,000 likes and more than 100 comments. "The vast user base and algorithmic reach of social media platforms provide an ideal delivery mechanism for threat actors", said Trend Micro threats analyst Junestherry Dela Cruz. "For attackers, this means broad distribution without the logistical burden of maintaining an infrastructure. The use of AI-generated content also elevates these kinds of attacks from isolated incidents to a highly scalable operation, as these videos can be rapidly produced and tailored to target different user segments." The popularity of TikTok means that scams are rife, with fake giveaways, fake celebrity and influencer accounts, romance scams and more. The company regularly takes down scam accounts and warns users, asking them to report any scams that they find. It has taken down the accounts reported by Trend Micro. "Users should be encouraged to scrutinize unsolicited technical instructions, verify the legitimacy of video sources, and report suspicious content, whether on social media, messaging apps, or email", Trend Micro warned. "After all, if an offer seems too good to be true, it probably is."
Forbes
24-05-2025
- Forbes
Windows Passwords Are Under Attack — Do These 7 Things Now
Beware these Windows CAPTCHA attacks. SOPA Images/LightRocket via Getty Images Microsoft Windows is always a premier target for cybercriminal actors, and more often than not, passwords are front and center of their campaign payloads. Be it the pray and spray hackers employing automatic password hacking machines, state-sponsored advanced persistent threat groups targeting the enterprise, or even warnings from security researchers about the threat presented by Copilot AI for SharePoint, Windows passwords are the most valuable of low-hanging fruits. Now Trend Micro has confirmed how one particular password threat is making a determined effort to get hold of yours. Here are seven things you need to do to stop your organization being the next victim of the Captcha hackers. The Completely Automated Public Turing test to tell Computers and Humans Apart, thankfully shortened to Captcha, is something that we have all encountered and all have much the same hatred for. Being asked to select squares containing images of bicycles or ticking a checkbox to prove we are not a robot (wouldn't a robot be able to do that?) are largely pointless at the best of times, and downright dangerous at the worst. If AI cannot solve a Captcha more often than not, then, frankly, we have nothing to fear from our robot overlords. What we do have to fear, however, are hackers using Captcha methods to initiate an infostealer malware infection chain that ultimately leads to password compromise. he latest Trend Micro research takes a deep dive into the technical details behind what it refers to as 'a notable surge in fake Captcha cases.' As always, I recommend you go and read that report in full if it is the technical teardown that you are after. The TL;DR, however, is that this wave of fake Captcha attacks is tricking users into pasting malicious commands into the Windows Run dialog, with payloads executed in memory and often employing PowerShell. 'These attacks enable data exfiltration, credential theft, remote access, and loader deployment,' the Trend Micro researchers warned, 'via malware such as Lumma Stealer, Rhadamanthys, AsyncRAT, Emmental, and XWorm.' Yes, Microsoft has just led a global operation to dismantle much of the Lumma Stealer network infrastructure. No, that doesn't mean you are now safe. As one player is disrupted, so others rise to fill the void. 'These campaigns abuse multiple legitimate platforms, including file-sharing services, content and search platforms, music repositories, URL redirectors and document hosts,' Trend Micro said, and those using Windows operating systems where minimal script execution restrictions are employed are most at risk. Microsoft has recommended that 'customers always practice good computing habits online, including exercising caution when clicking on links to web pages, opening unknown files, or accepting file transfers,' as well as 'switching to Passkeys wherever possible and using authentication apps such as Microsoft Authenticator, which warn users about potential phishing attempts.' The Trend Micro report, however, concludes that organizations should apply the following seven mitigations: Of course, if you really care about your Windows passwords, I would also add that opening the Windows Run window by pressing Windows+R, pasting the clipboard's content in the run window using CTRL+V, and then pressing Enter to execute it, isn't the best response to a supposed Captcha text. Think smart and don't do that, OK?
