Vishing & Quishing (July 2024)

Technology Tips – Published July 2024 in the Guide and Digest

by Don Trauger – Kennett

 

No, they are not new languages but are two new types of security threats that you may face with your computer. I haven’t seen any like these two so they may not be widely exploited.

Vishing can be described as a computer threat that combines both “voice” and “phishing” to obtain sensitive data such as bank account information, credit card details, or passwords. Like many other scams, vishing falls under the heading of social engineering. Calls can come to your cell phone or computer. Examples of calls can come purportedly from your bank or Microsoft. Neither your bank nor Microsoft operate this way with their customers. In the same type of fraud are fake police officer demands that say to hand over your valuables to them for safe keeping. This one is particularly aimed at us older folks.

Quishing is relatively new and uses QR codes to spirit you off to their fake website so they can obtain your private data. A QR code is typically a square filled with dots. A picture taken of it with your cell phone will display a link to click to take you to their fraudulent site. Computers and cell phones can be set up to “sync” with each other and makes Quishing insidious to this fraudulent technique that will infect both devices. Cell phones don’t protect very well using QR codes that produce a link to a fake website. If you get to the site and log in, they capture your login details. At that point they now can send malware to both devices.

Protect against Vishing:

  • Make a note of the caller’s phone number and Web address, then do a Google search to verify the information. Since a call of this nature is often fake, be highly aware of the fact it probably is.
  • Do not give out any personal or financial information over the phone unless you have verified the caller’s identity and you are sure it’s a legitimate enquiry.
  • Remember you are now acting as the anti-virus program that usually protects the computer. If the computer has been hacked so has your antivirus program!

Protection against Quishing:

  • Be careful when scanning QR codes, especially if they come from an unknown or questionable source. If the message seems strange to you, it probably is so don’t proceed any further without verifying.
  • Do a Google search of the URL (Web address) to which the QR code leads before entering any personal information. Reputable sites use encrypted connections (https).
  • Activate multi-factor authentication for your online accounts. This provides an extra layer of security because even if the fraudsters get hold of your login details, they will still need the second or third authentication factor to log in on your behalf.

Conclusion

Both Vishing and Quishing are serious threats that cybercriminals skillfully use to gain access to your personal and financial data. By being aware of the specific tactics and warning signs associated with these scams and taking appropriate protective measures, you can effectively defend yourself.

Always be vigilant, avoid giving out sensitive information, whether over the phone or by carelessly scanning QR codes, and take the time to check the credibility of sources. Your security and the protection of your data should always come first.