A new threat targeting electric car owners has already spread to European countries with the possibility of coming to our country as well. This is a type of phishing, Quishing.
Quishing is a type of phishing attack where fraudsters use QR codes to trick users into providing sensitive information or downloading malware.
The term is a combination of “QR Code” and “phishing” and describes a scam in which fraudsters use fake QR codes to steal sensitive information from users.
Fraudsters have recently targeted electric cars, as the increase in electric cars has led to a corresponding increase in public charging stations.
Table of Contents
How the Electric Car Quishing Scam Works
Fraudsters place a fake QR code on a sticker above public charging stations. When users scan the code with their smartphone to pay and activate the charger they are redirected to a fake website that mimics the legitimate one.
They are then asked to enter sensitive data such as credit card details. Once entered, this data is sent directly to the fraudsters, while at the same time redirecting the motorist to the normal page.
Effects and risks
Quishing is a significant threat to electric car owners. Not only can they lose money, but their personal data can be used for further fraudulent activities. In addition, trust in public charging infrastructure may be challenged, slowing the adoption of electric car technology.
Currently, cases have appeared in Belgium, the Netherlands, France, Spain, Italy and Germany.
How to protect yourself
To protect yourself from this scam, it is recommended that you take some precautions:
-
Avoid scanning stickers with your mobile phone. The QR codes must appear on the charger screen and not on a label and even worse on a sticker. Unless someone hacks the charging station, but so far there is no such case.
-
Use prepaid cards and not your credit or cash cards that have all your money in them. Prepaid cards have a limit and at worst they will only take the amount you have prepaid.
-
Check the website URL: Make sure the website address starts with “https” and that the domain is correct and not i-guru.gr style. Remember that fake websites often have small changes to the URL, such as missing or replaced letters, and try to mimic the normal address.
-
Report suspicious QR codes immediately. If you notice a QR code that appears to have been overwritten or altered, it is important to report it to the charging station operator immediately.