Scammers are now hiding phishing attacks inside unexpected deliveries

By NordVPN 

For the longest time, phishing has been the number one cyberattack method, manipulating people into giving away their personal information or money. According to the latest research, scammers seem to be getting more creative, and this trend appears to be changing as QR codes gain more popularity now among scammers.

Recent research from cybersecurity company NordVPN reveals that over 26 million people could have unknowingly been lured into malicious websites through fake QR codes. Scammers deploy these deceptive codes through a scam technique known as “brushing,” where people receive unexpected packages from unknown senders.

“QR codes have become a silent gateway for cybercriminals. Unlike traditional phishing emails where we’ve learned to spot red flags, a physical QR code feels inherently trustworthy,” said Marijus Briedis, chief technology officer at NordVPN. “Treat every unexpected QR code with the same suspicion you would treat a link from an unknown sender in your inbox.”

Scan at your own risk

A brushing scam unfolds when an anonymous package arrives with a cryptic note encouraging the recipient to scan a QR code to verify the gift or find out where it’s coming from. The message might seem harmless, but it’s actually a trap.

Cybersecurity experts at KeepNet Labs warn that QR codes now carry over 26% of malicious links, and quishing (another name for “QR code phishing”) may soon be as prominent as email phishing.

When victims scan these QR codes, they might open phishing websites designed to steal personal information, download malware onto devices, or capture login credentials. Even more alarming, 73% of Americans admit to scanning QR codes without verifying their legitimacy, which makes these brushing scams increasingly effective.

This relatively new attack method transforms seemingly innocent QR codes into traps set to catch people off guard, turning what appears to be a simple marketing trick into a personal data theft.

How to stay safe

Marijus Briedis shares essential tips to help people protect themselves from brushing scams and malicious QR codes:

• Before you scan a QR code, make sure you know where it came from. Is it from a business you trust or someone you don’t recognize? If you’re unsure, don’t scan it. Reach out to the sender through their official contact information.
• Most smartphones let you see a link to a website before you open it. Take advantage of this feature. If the link looks odd or isn’t what you expected, don’t continue.
• Make sure your phone’s security software is always up to date. Use a VPN when browsing the internet. These steps help protect you from dangerous websites and data theft, even if you accidentally open a harmful site.
• Help your friends and family stay safe by sharing these tips, especially with anyone who isn’t very comfortable with technology. Scammers often go after people who don’t know about these tricks.

NordVPN graphic

Article Share