https://www.wptv.com/life/tech-tips/what-is-quishing-us-postal-inspection-service-warns-of-new-scam-used-to-commit-identity-fraud
The U.S. Postal Inspection Service is warning the public
about a new scam criminals are using to commit identity
fraud.
It's called quishing, a form of phishing that uses fake QR
codes to trick people into revealing their personal information.
The scammers typically initiate the attack by sharing a
message with a QR code via social media, posting it in a
public location or sending it unsolicited via text or email.
The message will likely be enticing, offering a gift or
a discount to willing consumers.
When the viewer scans the QR, they will be taken to
the scammer's website, and although it will likely
appear legitimate, it's just a deception through which
the criminal can gain a person's trust. That trust
can be used to garner the user's personal information,
including their name, address, banking information,
passwords and more.
The scammers can then use your personal information
to commit identity fraud
. . .
But it SEEMED so GOOD - so LEGIT !!!
"Human factors", the one security issue that
can never be fully overcome ..... and likely
even 'AI' can be scammed because it's TRAINED
on human stuff.
Not sure why the USPS was involved here, but
good for them. I suppose some of these QR
code scams can come in via junk mail. The
WORST ones now appear on yer hi-def TV cheapo
commercials .... "Just scan the code on
your screen and ...".
Maybe stick to low-def channels eh ? :-)
These are the equiv of "click scams" from the
past - the bright and shiny "Just Click Here
For Your Reward" button nobody can resist ....
A LOT of people got their "reward" ...
Except QR codes are not "transparent", no
text/addresses to examine first (as if
hardly anyone EVER looked at the http
link - what does ".ru" mean ?)
In my last years on the job, employees would
ask me to confirm the legitimacy of sites/
addresses/links that came in the e-mail.
Sometimes it was easy, sometimes it would
take a couple HOURS of investigation.
Found deliberate mis-spellings - oft with
characters that kinda LOOKED like English
letters or maybe one extra/missing letter
like "Mississipi"
Sometimes there were links to
real companies - but nobody WE ever did
biz with (one was an Aussie mining co,
I think they'd created a fake page ON their
legit web site - notified them). Oft
the evil was buried in .js ... you had
to read the code, often long, to look
for evil links. They were typically
obscured by LONG LONG leader text in
the links.
Then there were the fake PayPal and
related ... deliberately bad links -
but there WAS a "If you have problems,
link/call HERE" msg. One "USA-looking"
phone number was in TURKEY. Another
was for some Italian org that restored
old churches.
I always wrote-up a two or three short
para simplified explain of WHY the mail
was evil and what to LOOK for. This
increase the general paranoia level
and sharpened-up the sense of mails
with a "bad smell". NOT sure what the
new guys do. Probably doom ..... :-)
Yea, yea, "alt.survival" is mostly guys
with bunkers and 10 years worth of
dehydrated food (it's not enough guys !
The best 'survival' tactic is keeping
the existing system from imploding).
Day-2-DAY survival ... that's a more
pressing, real, and volatile issue.
Le 2024-06-21 à 00:34, 26xh.0717 a écrit :
https://www.wptv.com/life/tech-tips/what-is-quishing-us-postal-inspection-service-warns-of-new-scam-used-to-commit-identity-fraud
The U.S. Postal Inspection Service is warning the public
about a new scam criminals are using to commit identity
fraud.
It's called quishing, a form of phishing that uses fake QR
codes to trick people into revealing their personal information.
The scammers typically initiate the attack by sharing a
message with a QR code via social media, posting it in a
public location or sending it unsolicited via text or email.
The message will likely be enticing, offering a gift or
a discount to willing consumers.
When the viewer scans the QR, they will be taken to
the scammer's website, and although it will likely
appear legitimate, it's just a deception through which
the criminal can gain a person's trust. That trust
can be used to garner the user's personal information,
including their name, address, banking information,
passwords and more.
The scammers can then use your personal information
to commit identity fraud
. . .
But it SEEMED so GOOD - so LEGIT !!!
"Human factors", the one security issue that
can never be fully overcome ..... and likely
even 'AI' can be scammed because it's TRAINED
on human stuff.
Not sure why the USPS was involved here, but
good for them. I suppose some of these QR
code scams can come in via junk mail. The
WORST ones now appear on yer hi-def TV cheapo
commercials .... "Just scan the code on
your screen and ...".
Maybe stick to low-def channels eh ? :-)
These are the equiv of "click scams" from the
past - the bright and shiny "Just Click Here
For Your Reward" button nobody can resist ....
A LOT of people got their "reward" ...
Except QR codes are not "transparent", no
text/addresses to examine first (as if
hardly anyone EVER looked at the http
link - what does ".ru" mean ?)
In my last years on the job, employees would
ask me to confirm the legitimacy of sites/
addresses/links that came in the e-mail.
Sometimes it was easy, sometimes it would
take a couple HOURS of investigation.
Found deliberate mis-spellings - oft with
characters that kinda LOOKED like English
letters or maybe one extra/missing letter
like "Mississipi"
Sometimes there were links to
real companies - but nobody WE ever did
biz with (one was an Aussie mining co,
I think they'd created a fake page ON their
legit web site - notified them). Oft
the evil was buried in .js ... you had
to read the code, often long, to look
for evil links. They were typically
obscured by LONG LONG leader text in
the links.
Then there were the fake PayPal and
related ... deliberately bad links -
but there WAS a "If you have problems,
link/call HERE" msg. One "USA-looking"
phone number was in TURKEY. Another
was for some Italian org that restored
old churches.
I always wrote-up a two or three short
para simplified explain of WHY the mail
was evil and what to LOOK for. This
increase the general paranoia level
and sharpened-up the sense of mails
with a "bad smell". NOT sure what the
new guys do. Probably doom ..... :-)
Yea, yea, "alt.survival" is mostly guys
with bunkers and 10 years worth of
dehydrated food (it's not enough guys !
The best 'survival' tactic is keeping
the existing system from imploding).
Day-2-DAY survival ... that's a more
pressing, real, and volatile issue.
You are quite right. Although «prepping» is the prime directive,
«keeping the existing system from imploding» is an absolute necessity.
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 546 |
| Nodes: | 16 (2 / 14) |
| Uptime: | 20:12:55 |
| Calls: | 10,390 |
| Calls today: | 1 |
| Files: | 14,061 |
| Messages: | 6,416,974 |