QR codes can be found in many different places: on advertising posters, on public transport buses or even in restaurants. We use them very willingly, although we can never be sure what is behind them – it can be a website with malware, and thus only a step (or a scan) from trouble.
QR code – think before you scan
Recently, an American organization Surveillance Technology Oversight Project conducted an experiment in New York. Leaflets advertising a cultural event containing QR code.
This code actually led to a page warning of the dangers of scanning codes from an unknown source. As it turned out, the flyer attracted many interested people who without hesitation decided to check the content of the code.
The organization behind the experiment took a very short notice hundreds of visits to the siteto which he transferred the QR code prepared for the purposes of the research. The experiment proved the ease with which fake QR codes can be placed in public spaces – on information leaflets or ATMs. It is also disturbing that many people without a second thought decided to check what was behind the code.
It should be remembered that a characteristic feature of QR codes is that at first glance you cannot see what is hidden in such code. Currently, there is no standard for labeling a “safe” QR code, which means that there is no easy way for a smartphone user to check whether a given QR code transfers to an innocent website with an advertisement or to a malicious website created by cybercriminals. Of course, this method of attack is not the most common, but it is worth being vigilant when dealing with any redirects to websites, whether in the form of links or QR codes.
– said Kamil Sadkowski, senior cybersecurity specialist, Eset
Quishing – malicious emails with QR codes
Phishing campaigns most often use e-mails containing url linkswhich take the unaware user to a fake website or redirect to a malicious program’s installation file. Cybersecurity specialists pay attention to their increasing effectiveness.
According to Stormshield in 2020, the rate of successful attempts to obtain confidential information increased by 30%. The increasing popularity of QR codes means that, instead of links in this type of activities, more and more often characteristic squares containing the code are used.
Recently, they have been targeted by cybercriminals, among others users of Microsoft 365 cloud applicationswho received emails containing fake QR codes.
Internet users must be just as careful when using computers and mobile devices. There may be a phishing page behind the QR code. Unfortunately, most users aren’t able to verify QR codes as easily as they can with a URL. It is also worth mentioning that malicious QR codes in emails are generally not caught by basic email security, which further increases the risk of the attack being successful.
– said an expert from the Eset company
How to defend yourself?
The purpose of creating QR codes was streamlining the process of obtaining information. These are still simple redirects to websites that can be searched using a regular search engine. A slightly longer form of accessing information may prove to be a safer alternative in the face of a potential attack by cybercriminals.
To view the content under the graphic cover of a QR code, you can use code scanning applications that allow you to preview the entire URL before going to the website. Any errors or additional letters in the address will then help to distinguish the forged pages from the real ones. To improve the level of protection, it is also recommended to have an anti-malware solution that will alert you to potential threats.
– added Kamil Sadkowski
Look: The smartphone will call Spain itself. The bill will scare you
Look: The Play Store is still a source of crap: four Trojans are account cleaners
Photo source: Shutterstock (shisu_ka)
Text source: press release