Not all that glitters is QR! Charging station fraud is on the rise

Learn how to spot it and protect yourself so you can charge your car safely.

This article was written by Cristiano Dri, Software Engineer at Mobisec. It is part of a series of articles written by Mobisec employees and published every two weeks on the Mobisec blog.

Quishing: a growing threat.

With the spread of electric vehicles, charging points have become increasingly common. However, this growth has brought with it a new threat: quishing. If this is a new term to you, don’t worry. We’ll explain what it is and how you can protect yourself.

What is quishing?

Quishing is an online scam that exploits the counterfeiting of QR codes. The term comes from the combination of “QR code” and “phishing”. Scammers create QR codes that, when scanned, lead to malicious websites. Users may be tricked into providing personal or financial information. Charging stations are becoming a common target, with unsuspecting motorists falling into the trap.

How does it work?

Charging points often have a QR code near the socket to initiate the charging process. It may appear legitimate, with messages such as “Scan to start charging” or “Get a discount”. However, if the code has been altered by a scammer, you could end up on a fraudulent website asking for sensitive information, such as your credit card details.

The risks.

The risks of quishing are significant. You could end up paying for non-existent charges or, in more serious cases, suffer identity theft. Your financial and personal information could be compromised, with unpleasant consequences for your security and privacy.

How can you protect yourself?

Fortunately, there are simple and effective steps you can take to protect yourself:

• Check authenticity: After scanning a QR code, make sure the retailer’s app opens automatically. If a web page opens instead, check the URL carefully to make sure it is correct.
• Use the official app: Downloading and using the charging provider’s official app is the safest way to access services.
• Use a card: Some companies offer cards that allow you to start charging without scanning a QR code. These cards also work in areas with poor mobile coverage.
• Report suspicious activity: If you encounter a suspicious QR code or notice anomalies at a charging station, report the incident to the company and the authorities immediately.

Conclusion.

Quishing is an emerging threat that should not be underestimated. Being informed is the first step in protecting yourself. With a few precautions, you can avoid scams and charge your vehicle safely. Stay vigilant, protect your data and enjoy your journey!