Tuesday, December 14, 2021

QR Code Security

Knowing QR Code Security

Have you scanned any QR code

Cybercriminals keep changing their phishing tactics as we become increasingly aware of their scams. The global cybersecurity team has identified QR code as a new email phishing tactic that you should be aware of. 

Quick-response codes (better known as QR codes) are two-dimensional barcodes used to enable users to access data or web-based resources (URLs). These codes are machine-readable codes that look like an array of black and white squares. These codes store website links or other information that can be read by the camera on your smartphone. You might have seen them recently at restaurants, small shops with digital menus or contactless payment have their QR code scan signage placed for payment. 

The actual QR Codes themselves are not designed to be hackable. This is because they are made using a square matrix with pixelated dots so these dots would have to be changed in order to be “hacked.”. The security issues arise from the information connected to the QR Code.

What is a QR-code phishing attempt?

Cybercriminals use QR codes within emails to encourage unsuspecting users to scan the codes, which then redirect them to malicious websites. Attackers can encode malicious links in the QR code that can lead e.g. to phishing sites. Sometimes attackers can embed malicious URLs containing custom malware into a QR code which could then exfiltrate data from a mobile device when scanned.

In many cases, QR-codes scams are designed to send you to what looks like an authentic login page and ultimately steal your login credentials.

How can you protect yourself?

Protecting against these malicious QR codes at all costs is very simple that,  never scan them.

  • Particularly when scanning QR Codes from print materials in public places, there may be possible that the original QR Code has been replaced with a sticker of the dangerous one. Therefore, check twice that the QR Code is original.
  • Do not scan a QR code you have received via email from an unknown or suspicious source. These codes are designed for physical signage, storefronts, flyers, and digital kiosks, not email.
  • Only scan QR codes from trusted locations.


Stay Safe


-DR

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Network Scanning Tools

Network Scanning through Nmap and Nessus Network scanning is a process used to troubleshoot active devices on a network for vulnerabilities....

  • Telecom | STM-1/4/16 SDH Multiplexer- Part 2
    STM-1/4/16 SDH Multiplexer In my older post I have covered the basic STM and STM-1. STM1 is a synchronous digital hierarchy (SDH) is standar...
  • General IT Controls -ITGC & GTAG
    General IT Controls (GITC or ITGC) Information Technology General Controls is a type of internal controls which is combined a set of policie...
  • EMS or NMS
    EMS or NMS Enterprise Management System Network Monitoring System Enterprise Management System is a bundle of software or application used f...