Pierluigi Paganini September 05, 2024
In recent years, the spread of electric cars has led to an increase in public charging stations. However, new cyber threats have emerged with this growth, including “quishing.” This term, a combination of “QR Code” and “phishing,” describes a scam in which fraudsters use counterfeit QR Codes to steal sensitive information from users.
How the electric column scam works.
Scammers superimpose a fake QR code on top of the original one on charging stations.
When users scan the code with their smartphone, they are redirected to a fake website that may mimic the legitimate one. Then, they are asked to enter sensitive data such as credit card information. Once entered, this data is sent directly to the scammers.
Impacts and risks
Quishing also poses a significant threat to electric car owners. Not only can they lose money, but their personal data can be used for further fraudulent activities. In addition, trust in public charging infrastructure can be compromised, slowing the adoption of electric cars.
“New e-car drivers who are not yet familiar with public charging stations are particularly at risk,” IT security expert Eddy Willems told to LifePR website. “He knows of cases from Belgium, the Netherlands, France, Spain, Italy and Germany. So-called charging station squishing, derived from phishing, is “definitely a problem within the EU, if not worldwide,” says Willems. The expert advises charging station operators to avoid stickers; the codes should be shown on the display. “That’s safe. Unless someone hacks the charging station. But I haven’t heard of that, and it would be very difficult.”
How to Protect Yourself
To protect yourself from this scam, it is advisable to take some precautions:
Conclusion
Quishing is an emerging threat that requires attention and awareness from everyone. By taking preventive measures and remaining vigilant, you can protect yourself from this scam and continue to benefit from public charging infrastructure safely as well.
About the author: Salvatore Lombardo (Twitter @Slvlombardo)
Electronics engineer and Clusit member, for some time now, espousing the principle of conscious education, he has been writing for several online magazine on information security. He is also the author of the book “La Gestione della Cyber Security nella Pubblica Amministrazione”. “Education improves awareness” is his slogan.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, QR code)