Customers who scan quick response (QR codes) from dubious entities on emails or messaging platforms can fall prey to "quishing", warned PLDT and Smart’s Cyber Security Operations Group (CSOG).

‘Quishing’ makes use of malicious QR codes that when scanned, directs unsuspecting victims to a fake version of a legitimate website and lures them into giving up sensitive information like login credentials.

“When victims enter their personal data on the fake website, the hackers will immediately capture them and use the information to take control of their various accounts including their digital wallets,” warned Angel Redoble, FVP and Chief Information and Security Officer of PLDT and Smart.

The use of QR codes for financial transactions has proven useful during the COVID-19 pandemic after the government required merchants to shift to electronic payment amid health-related restrictions.

To protect against ‘quishing’, users must only scan QR codes that come from a trusted or known sender, PLDT and Smart’s CSOG advised.

Before clicking a link, check the destination first. If it seems dubious, best not to visit it.

Watch out for advertising materials that have been tampered with.

Other than QR codes, criminals also run ‘smishing’ or fraud over text messages and ‘vishing’ or voice calls to deceive their victims.

These are different forms of social engineering or the use of deception to trick a person into divulging private or sensitive information that may be used for criminal activities.

The PLDT group also warns against persons asking users for their PIN (personal identification number), security code or OTPs (one-time passwords).

To protect customers, PLDT and Smart have blocked 203 URLs tied to text scams from June 10, 2022 to July 26, 2022.

“Remember what our parents taught us about not talking to strangers? This remains true to this day, whether you’re interacting in person or on your gadgets,” Redoble cautioned.