The Cyber Security Operations Group (CSOG) of PLDT and Smart Communications has warned its customers against scanning quick response or QR codes received from dubious entities on emails or messaging platforms, saying this could be a form of “quishing”.
‘Quishing’ makes use of a malicious QR code that when scanned, directs unsuspecting victims to a fake version of a legitimate website, and lures them into giving up sensitive information like login credentials.
“When victims enter their personal data on the fake website, the hackers will immediately capture them and use the information to take control of their various accounts including their digital wallets,” warned Angel Redoble, FVP and chief information and security officer of PLDT and Smart.
The use of QR codes for financial transactions has proven useful during the Covid-19 pandemic after the government required merchants to shift to electronic payment amid health-related restrictions.
To avoid becoming a ‘quishing’ victim, PLDT and Smart’s CSOG advised the public to scan QR codes that come from a trusted or known sender or source only.
“Before clicking a link, check the destination first. If it seems dubious, best not to visit it. Watch out for advertising materials that have been tampered with,” the company said.
Other than QR codes, criminals also run ‘smishing’ or fraud over text messages and ‘vishing’ or voice calls to deceive their victims. These are different forms of social engineering or the use of deception to trick a person into divulging private or sensitive information that may be used for criminal activities.
The group also warned against persons asking for PIN (personal identification number), security code or OTPs (one-time passwords). To further protect customers, PLDT and Smart have blocked 203 URLs tied to text scams from June 10, 2022 to July 26, 2022.
“Remember what our parents taught us about not talking to strangers? This remains true to this day, whether you’re interacting in person or on your gadgets,” added Redoble.
