The FBI Warns: 'Quishing' Scam Targets US Citizens
A North Korean-sponsored hacking group is employing a cunning tactic known as 'quishing' to spy on US citizens. This scam involves embedding malicious URLs within QR codes, which are then sent via email. While QR codes themselves are harmless, the links they contain can lead to deceptive websites.
The FBI's warning highlights a recent quishing attack that occurred in May 2025. In this case, the hackers spoofed a foreign advisor's email, requesting insights from a think tank leader about developments on the Korean Peninsula. The email included a QR code that, when scanned, would have led to a questionnaire.
To protect yourself, the FBI advises verifying QR code sources through secondary means, such as contacting the sender directly, before entering login credentials or downloading files. This is especially important for individuals targeted in 'spearfishing' attacks, where the attempt to deceive is tailored to the specific person.
Here's how to avoid falling victim to quishing:
- Don't click on unsolicited links or scan unexpected QR codes. Treat all QR codes with caution, even those found on street signs or advertisements.
- Verify the source of the QR code. If you receive a QR code from a company, navigate directly to their website instead of scanning the code.
- Inspect the URL for signs of phishing. Look for unfamiliar top-level domains like '.TV' or '.IT'.
- Use antivirus apps for added protection. Consider installing Android antivirus apps to shield yourself from phishing attacks and malware.
If you suspect you've been scammed or are at risk, identity theft protection services can help recover your identity and funds. As QR codes become more prevalent, staying vigilant and cautious is crucial.
For the latest tech news and security tips, follow Tom's Guide on Google News and add us as a preferred source. Stay informed and protect yourself from online threats!
