Public warned against ‘quishing,’ the latest criminal activity online

Scammers are now using quick response (QR) codes to launch cyber attacks amid an increasing use for online payment transactions, according to PLDT Inc. and its wireless unit Smart Communications Inc.

In a statement on Friday, the Pangilinan-led firms warned against QR phishing or “quishing,” which refers to emails or messages sent by scammers that contain malicious QR codes.

Scanning these QR codes lead unsuspecting victims to fake websites, tricking them into providing their personal information like login credentials.

“When victims enter their personal data on the fake website, the hackers will immediately capture them and use the information to take control of their various accounts including their digital wallets,” PLDT and Smart chief information and security officer Angel Redoble said.

The warning came amid the growing use of QR codes for e-commerce and other online payments with consumers now more reliant on digital platforms.

The telecommunication firms reminded the public not to share personal identification numbers, security codes or one-time passwords.

“Remember what our parents taught us about not talking to strangers? This remains true to this day, whether you’re interacting in person or [through] your gadgets,” Redoble said.

PLDT and Smart have been doing their part in foiling online scams, most recently announcing a crackdown on websites linked to text scams.

In the first half, it blocked a total of 650 websites found to be related to phishing.

“Most phishing sites are tucked in the deep web. When cybercriminals have acquired the victim’s personal data, they use this to access the victim’s bank accounts or trade them in the dark web,” Redoble said.

The dark web, described by Redoble as a “hotbed for illegal activities,” refers to content not easily and fully accessible via search engines.