Read time: 3 minutes

With October being Cybersecurity Month, we want to answer questions about some of the latest scams as well as how to spot and guard against well-known threats.

Q: What Is Quishing?

A: Quishing is a new and sophisticated phishing threat that researchers have recently detected. It involves using a QR code, whose popularity has risen in recent years. Victims are tricked into scanning this code. When they do, they are routed to a fake website where cybercriminals can fool them into providing sensitive personal or financial information. By embedding a malicious QR code in an email, fraudsters bypass traditional defenses. In addition, sometimes scammers place a malicious QR code sticker over a legitimate one.

To help prevent yourself from being harmed by quishing:

• Be cautious about scanning a QR code from an unknown or untrusted source such as a random flyer or unsolicited email.
• Make sure you don’t see a sticker over another QR code.
• Use a QR code scanner that has security features such as verifying the URL before opening it.
• The URL should start with “https” and belong to a website you trust. After scanning, but before proceeding, check the URL to make sure it leads to the website it claims to. Look out for misspellings or other irregularities.
• Be cautious if the QR code asks for personal information, login credentials or payment. Legitimate businesses rarely ask for sensitive information via QR codes.

Q: What Scams Should I Be Aware of as a Business Owner?

A: According to the FBI, business email compromise, or BEC, is one of the most financially damaging online crimes. Here’s how it works: hackers send an email that appears to come from a known source, such as the company CFO or a vendor you regularly deal with, making a legitimate request. The intent is to trick your company into transferring money or confidential data.  

To protect yourself from business-related scams:

• Train your staff to recognize phishing attempts and suspicious emails and regularly update them on new scam tactics.
• Always verify requests for fund transfers or sensitive information, especially if they come from senior executives or external partners. Call the person to confirm they sent an email requesting a money transfer. Do not use the phone number provided in the email; use previously known contact details.
• Implement a multi-person approval process for transactions to add another layer of security.
• Configure multi-factor authentication for email accounts.
• Regularly audit your financial accounts and transactions. If you find any discrepancies, investigate immediately.

Q: What Should I Do Before Downloading Apps to My Phone?

A: Here are some tips to follow before downloading an app:

• Before you download any app, verify its authenticity. To do that, make sure it has at least 100 reviews and several thousand downloads before you install it. And read the reviews, as reviewers typically warn others if the app is malware.
• Stick to downloading apps from official app stores like Google Play for Android and the App Store for iOS. These platforms have security measures in place to vet apps.
• Before installing an app, review the permissions it requests. Be skeptical if an app asks for permissions that don’t seem necessary for its functionality.
• Use your phone’s settings to limit app permissions wherever possible.
• Avoid downloading apps from third-party websites, as these are not vetted for security.

This document is for informational use only. The information contained herein is not intended to be personal technology or cybersecurity advice. Nothing herein should be relied upon as such.  There is no guarantee that any claims made will come to pass. The information contained herein has been obtained from sources believed to be reliable, but Mariner Wealth Advisors does not warrant the accuracy of the information. Consult an information technology or cybersecurity professional for specific information related to your own situation.

Mariner is the marketing name for the financial services businesses of Mariner Wealth Advisors, LLC and its subsidiaries. Investment advisory services are provided through the brands Mariner Wealth, Mariner Independent, Mariner Institutional, Mariner Ultra, and Mariner Workplace, each of which is a business name of the registered investment advisory entities of Mariner. For additional information about each of the registered investment advisory entities of Mariner, including fees and services, please contact Mariner or refer to each entity’s Form ADV Part 2A, which is available on the Investment Adviser Public Disclosure website. Registration of an investment adviser does not imply a certain level of skill or training.