QR code fraud: Consumer advice center warns against squishing

Fraudsters are inventive when it comes to cheating people out of their money. We’ll show you which scams are currently in circulation.

Criminals are constantly trying to get sensitive account and credit card data as well as personal information from consumers. They primarily use digital channels to do this. Find out what tricks they use here.

Because QR codes do not allow users to immediately see what information the digital images contain, they are increasingly being misused by criminals. The North Rhine-Westphalia Consumer Advice Center warns against this. The scam is called quishing. The term is derived from the words “QR code” and “phishing”.

What is particularly insidious about the scam is “that not all smartphones display what is in the QR code before carrying out the corresponding action”. That is why cell phone users should install an app that displays the link first, it says.

The Lower Saxony State Office of Criminal Investigation is also warning of fraud involving QR codes. Officials report that fraudsters are currently sending fake letters from German banks containing such codes.

Anyone who scans one of these codes and follows the link contained therein will land on a fake banking page and be asked to enter sensitive data. The criminals’ goal is to gain access to the online banking of the letter recipients. The hook in the letters is, according to the information, the claim that the identity of the customers must be verified due to EU regulations.

The consumer advice center is warning of new scams in the form of phishing emails to Sparkasse customers. In the emails with the subject “Security message,” the fraudsters claim to have contacted the customer several times because of a supposedly invalid device registration. The recipients are asked to immediately correct their registration data via a link in the email – otherwise they face a fine of 5,200 euros.

It is not easy to recognize at first glance that this is a scam. According to the consumer advice center, the sender address cannot always be clearly identified as a phishing attempt. However, the unprofessional wording, the impersonal greeting and links within the email are typical.

Customers of ING and Targobank should also be careful in their email inboxes. Under the pretext of “Important information about account security” or similar subject lines, recipients are asked to update their contact details. The fraudsters even claim that this will protect them from criminal activities. These perfidious tricks are used to try to obtain personal data.

Important: A reputable bank would never request your data via a link. If one of these scams ends up in your mailbox, you should not click on the links contained in it under any circumstances. Simply move the email to your spam folder.

An email from the tax administration in your inbox – that’s something you quickly take notice of. But be careful: Anyone who currently receives such an email should be particularly vigilant. Recently, there has been an increase in fraudulent messages that appear to come from Elster, the tax office or the Federal Central Tax Office (BZSt).

These emails often contain a request to open an attached file that is presented as a tax assessment or invoice, according to the information on the electronic tax return (Elster) website. The aim: to obtain personal data such as login information and bank or credit card details.

Recipients of such emails should therefore not open attachments if they are unsure of the origin of the message. Caution should also be exercised with embedded links in such emails – they should only be clicked if the authenticity of the message is beyond doubt.

In addition, tax authorities never ask for sensitive data such as tax numbers, bank details or PINs by email. If you are unsure, contacting the responsible tax office can provide clarity.

Who doesn’t like receiving money unexpectedly? If you receive an SMS from “Sofortinfo”, however, you shouldn’t get too excited. As the fact-checking portal “Mimikama” reports, cyber criminals are currently trying to lure alleged victims into a trap with a promise of money. The SMS states that a sum of money has been deposited into the victim’s account.