A new form of phishing has been making the rounds

Another scam email has been making the circuit again, and this one is not exclusive to the trucking industry. We want to bring it to the attention of as many people as possible. This is impersonating Dragonfly Intelcom and is utilizing the latest technique called quishing (like phishing but with a q).  Quishing makes use of QR codes that you scan with your camera but leads you to a phishing website that may be looking to either steal confidential information or download malware on to your device.

Scammers are getting trickier with Scam Emails

Below is a screenshot of one that we received. We have placed the black line over the QR code so you don’t accidentally scan it!

But this is not the only place scammers are using false QR codes to steal your information.

According to  a CBC news report there have been cases of people receiving goods they did not order with a QR code included in the packaging leading to a phishing site.

Double check anything you see posted in public as well. In the same article by CBC there had been cases in Ottawa where street parking signs had been tampered with and someone had added a QR sticker to a pay parking sign leading to a fraudulent site for park payment.

These attempts are getting more sophisticated as you can see with the above example. The senders even included a French version as one would find in Canada. One of the big clues you are supposed to look at is the sending address as it usually close but just off a bit, but in this case even the sending email seemed correct.

How to tell if a QR code is “quishing”

Instead, now you will have to be more careful when you open your camera to scan a code. When you open your camera to scan the QR code, you should get a preview of the website address. Look to see where it plans to send you. If there are a lot of symbols like %20%20%20 this is a sign indicating they are trying to hide that they are sending you to a misrepresented site. Example: Intelcomdragonfly.com%20%20%20%20badsite.com. Or of the link preview is something else entirely don’t click it.

Another clue that the email or QR code is a scam is if they give any sense of urgency as in the above “if a client “fails to complete the required procedures, provide the required information or comply with the requirements of clause 13.2.7 of our Terms of Use”, Intelcom – Dragonfly reserves the right to return the parcel to is sender.” This another clue to double check that this email is legitimate.

A final clue to determining legitimacy:  Are you actually expecting a package? If not, better be double checking that email, text message and QR code- usually stuff doesn’t show up for free! Though admittedly with the amount of online shopping with home delivery, this can be easy to be over looked as we all often have stuff on route to us and we often are too busy to double check these things, but now we will need to be extra vigilant.

As people become savvier to traditional phishing attempts, scammer are creating new ways to steal which now include QR codes.

Please share this information with as many as you can, as we all benefit when we shut down these attempts