Real-world Phishing Scams: Here’s what to look out for
Cybersecurity is constantly evolving, and scammers are adapting in response.
One major way in which scammers are adapting is offline phishing. Phishing is a type of scam where the scammer creates a fake site that tricks the user into handing over their personal information- offline phishing brings this scam into the real world. Understanding how to identify offline phishing tactics is essential to protecting yourself and your personal and financial information.
The PWA Scam
One dangerous trick scammers use in the real world is fake QR codes. By printing and placing fake QR code stickers over legitimate codes, such as those found on electric scooters or bike rentals, scammers redirect unsuspecting users to fake websites.
These fraudulent sites then prompt users to install an app on their device. While these apps may appear genuine, they are actually controlled by the scammers, who use them to harvest sensitive information such as login credentials and payment details.
Scammers do this through the use of Progressive Web Applications (PWAs). PWAs are a type of app built using web-based technology that is becoming increasingly popular. Their accessibility and convenience has led to many companies, including major sites like Spotify and Facebook, to use PWAs. What makes them so popular is that PWAs use web technology to run smoothly on multiple operating systems, such as IOS and Android, in comparison to traditional platform-specific apps, which are built for a specific operating system. PWAs combine many benefits of traditional apps with the ease of access of websites, including that they can be directly installed to your device, which has become a new avenue for scammers to exploit. PWAs are installed directly from the web, allowing scammers to dodge the security protocols of app stores like Google Play or the Apple Store. This is how scammers are able to use QR codes to trick users into downloading their fraudulent apps. By creating PWAs that mimic real applications, users are tricked into disclosing sensitive information.
Protect yourself against PWA
To help identify and avoid fake apps, you can long-press an app on your device and open “App Info”, and scroll to the end of the information. Genuine applications will have a clear name such as “com.facebook.katana” or “com.spotify.music”. Apps that are labeled as “web APK” are PWAs and not official apps, and may indicate a scam. Another red flag is being prompted to install an app you already have.
The Fake Printed Scam
Offline QR code scams can appear in many forms. One version involves placing fake parking tickets on cars, using QR codes to direct the user to fake websites that mimic city sites and request personal data.
To protect yourself from this type of scam, avoid scanning QR codes on tickets. Instead, visit your city’s official website to directly handle any possible parking fees or fines. If you enter the ticket information in the official site and get an error, the ticket is likely a scam.
The Restaurant Flyer Scam
Altered restaurant flyers are another form of fake QR code scam that tends to target tourists. Scammers distribute modified flyers of legitimate businesses with an altered phone number. When victims call the altered numbers, they inadvertently give their payment information to the scammers.
How to protect yourself from the Flyer Scam:
To ensure your safety, make sure to verify restaurant information through official websites or other trusted online directories before placing your order.
So in summary
Offline phishing tactics are evolving with new technology. Scammers can use fake QR codes to trick people into installing PWAs, bypassing official app stores, and steal your personal information through these fraudulent applications. To stay safe, avoid scanning public QR codes, and make sure to verify the legitimacy of any apps you install on your device. By exercising caution and staying informed, you can protect your personal and financial information from dangerous offline phishing attempts.
