Black Friday is approaching rapidly, and while savvy shoppers across the UK are eagerly tracking price drops, scammers have their eyes on a different target. As millions of parcels are expected to traverse the postal network in the upcoming weeks, cybercriminals are taking advantage of the chaos to perpetrate dangerous scams directly to people’s doorsteps.
In recent months, there has been a notable surge in “quishing,” a tactic where criminals embed phishing attacks within QR codes, as reported by various UK publications. This technique is now being fused with a resurged brushing scam and is gaining momentum in anticipation of the Black Friday shopping frenzy.
Theodore Ullrich, a technology specialist at Tomorrow Lab, has observed a heightened level of this scam due to consumers eagerly awaiting deliveries. He explains that when individuals are tracking multiple orders simultaneously, they are more likely to trust an unexpected package, which is precisely what fraudsters exploit as the most critical moment of the scam.
Ullrich warns that unsolicited parcels are not merely inconveniences but potential gateways to more severe security breaches. Scammers capitalize on recipients’ curiosity by enticing them to scan QR codes that lead to phishing sites, aiming to extract personal and financial information swiftly.
He underscores how easily individuals can fall victim to this scam by innocently scanning QR codes on packages, assuming they are related to delivery tracking or returns. However, these actions can inadvertently lead to malicious websites designed to harvest sensitive data within seconds, catching victims off guard.
This evolving scam is a sophisticated evolution of traditional brushing schemes, where scammers used to send unsolicited parcels to fabricate fake reviews. Now, by incorporating QR codes into or onto the packages, criminals are targeting personal data and financial assets, making the scam far more perilous.
Ullrich emphasizes that scammers are becoming bolder as they exploit the abundance of personal information available online. With names and addresses easily accessible from various sources, scammers can create convincing parcels that deceive recipients until it’s too late.
Reports have surfaced of similar tactics being employed in other scenarios, such as motorists falling prey to fraudulent QR codes on parking machines, redirecting them to scam payment platforms. Ullrich warns that these tactics will escalate during the Black Friday week, exploiting the shopping frenzy to perpetrate more scams.
He advises recipients to be vigilant and proactive if they receive unexpected parcels, urging them to verify the source through official channels rather than trusting contact details printed on the package, which could be controlled by scammers. Taking immediate action to secure personal accounts and monitoring financial activities is crucial to mitigating potential risks associated with falling victim to such scams.
In conclusion, Ullrich stresses the importance of skepticism towards QR codes, urging individuals to refrain from scanning unfamiliar codes and to approach any suspicious activity with caution. By maintaining a level-headed approach and refraining from impulsive actions, consumers can thwart scammers’ attempts to exploit their trust during the busy shopping season.