The new threat to electric car owners. What are quishing attacks

“Quishing” attacks are the new digital threat targeting electric car owners to steal drivers’ payment details, Eset’s cyber security experts warn, in an article recently published on the company’s Romanian blog.

A new scam threatens the owners of electric cars PHOTO Archive

“In recent years, many countries and regions around the world have made rapid progress in adopting electric cars. About 14 million new cars were registered in 2023 alone, an annual increase of 35%, bringing the total number globally to more than 40 million. But new technologies also come with new threats. Ever alert for opportunities, criminal groups combine threats from the physical and virtual worlds. One of the latest scams spotted In several European countries, it is the use of QR code phishing techniques, known as “quishing”, to intercept or steal payment details. In fact, this method is very similar to scams that use fake QR codes on parking meters, and electric vehicle drivers must be aware of this type of threat at charging stations”says Phil Muncaster, Eset specialist, quoted by Agerpres.

How this type of attack works

According to the cited source, “quishing” represents a threat derived from “phishing”and through this cybercriminals manage to “stick” various fake QR codes over the real ones.

“When scanned, victims are directed to a phishing site where their data is stolen or malware is downloaded. It’s a particularly effective tactic because it doesn’t raise the same suspicion as, for example, phishing URLs. Mobile devices are usually less protected than laptops and PCs, so the chances of success are higher”notes the author of the article.

A report published at the end of last year indicated a 51% increase in such incidents “quishing”in September 2023, compared to the period January – August 2023.

Danger for owners of electric cars

In this context, hackers have adapted the scam to electric vehicle (EV) owners in Europe. Thus, according to reports in Great Britain, France and Germany, scammers attach malicious QR codes over legitimate ones from public charging stations.

“The code is intended to direct users to a site where they can pay the station operator (e.g. Ubitricity) for electricity. However, if they scan the fake code, users will be directed to a similar phishing site asking them to enter their details of payment, which the criminals will collect. The correct site will load on the second attempt, so that the victims can finally pay for the upload. There are also reports that the criminals are even using the technology of signal jamming to prevent victims from using charging apps and force them to scan the malicious QR code With over 600,000 EV charging points across Europe, there are many opportunities for scammers to catch unsuspecting drivers with such scams .There have been numerous reported incidents of fraudsters targeting drivers via malicious QR codes affixed to parking meters. In this case, the unauthorized driver may not only lose their card details, but may also receive a parking fine from the local authorities.” draws the attention of the Eset expert.

How to protect yourself from quishing

Against the background of this new threat there are a number of methods designed to reduce the risk of “quishing”including: pay attention to the QR code displayed at parking meters or charging stations; never scan a QR code unless it is displayed directly on the charging/parking terminal; pay only through a phone call or through the official charging application of the respective operator; disable the option to automatically perform actions when scanning a QR code; check your bank statement for any suspicious transactions; use two-factor authentication (2FA) on all accounts that offer this option for added security; make sure your mobile device has security software installed from a trusted vendor.

The Eset company was founded in 1992 in Bratislava (Slovakia) and is one of the top companies offering malware content detection and analysis services, being present in over 180 countries.