Tag: QR codes

Quishing – Bypassing Phishing Security Measures

The Growing Threat of QR Code Phishing

QR codes have become an everyday feature of transactions, providing one click access to websites, product pages, and social media accounts. But with this convenience, a new cybersecurity threat has emerged: quishing, or QR code phishing. 

This criminal technique involves hackers embedding malicious URLs in QR codes to trick users into compromising their personal or company data.

Here’s a look at the ins and outs of quishing and how to use QRs safely. 

Cracking the code: how hackers create fraudulent QRs

QR codes are all over the marketplace, from restaurant menus to payment systems, and even multi-factor authentication. However, their widespread use has also made them an appealing tool for attackers. 

Unlike traditional phishing emails, quishing bypasses many email filters and firewalls because the malicious link is hidden within an image rather than plaintext. This makes it harder for legacy software to detect and block.

  • A typical quishing attack usually involves a scammer placing a fake QR code sticker over a legitimate one. You may even find one on a  parking meter, ATM, or restaurant table.
  • When scanned, the QR code directs the victim to a fake website that looks legitimate, prompting them to log in, make a payment, or enter sensitive information. 
  • In the worst case scenario, the QR code might trigger the download of malware that compromises a user’s entire device.

Quishing is especially dangerous because of  the high level of trust that users have when scanning a QR code. Many of us don’t double check QR codes the way we do suspicious links or attachments, opening the door to opportunistic attacks. 

This complacency, combined with a lack of visual cues about where the QR code leads, increases the risk of falling for these scams which are becoming more prevalent across SA. 

How to use QRs safely and avoid quishing 

As cybersecurity experts, we recommend several best practices to reduce the chances of a quishing incident: 

  • Know Your QR. Always verify the source of a QR code before scanning it.
  • Educate Employees. Raise awareness about the risks associated with scanning unknown QR codes, especially those received via email.
  • Use Advanced Email Filtering: Email security solutions that can detect and block emails containing malicious QR codes are essential today. 
  • Make Secure QR Code Scanners Mandatory: Direct the use of QR code scanners in your office that can preview URLs before opening them, helping to identify potentially malicious links.

Stay ahead of quishing attacks with secure cloud storage 

As technology evolves, so do the methods used by cybercriminals. To stay a step ahead of them, businesses should ensure that their data is fully backed up and encrypted, and that’s where our cloud storage packages come in. 

Click the button below to explore our range of data protection solutions for businesses of any size. 

Learn More

QR Codes – An Influence or a Catastrophe Waiting to Happen?

It’s midway through 2021, and the world has changed exponentially over the past year and a half. We’re bumping elbows, heading off on staycations, and we’ve all stepped up a level or two when it comes to digital technology. In fact, industry pros estimate that global digital transformation has sped up a whopping seven years. As far as digital tech goes, many of us are  pretty well-advanced.

People who could hardly work a mobile device before have had no choice but to learn to Facetime, Zoom, or use Meetings. Online ordering systems flourished, grocery stores started doing deliveries, and people started working from home. Of course, we’re advanced; we’ve been forced into it!

Before COVID-19 struck, you might have used, or seen people using a mobile phone with a QR code to check into a flight and pass-through security or gain access to an event or venue. Some businesses have even used a QR code to track the movement and health status of their staff. In fact, if you’ve used payment services such as Zapper and Snapscan, you’ve used a QR code in those transactions too.

Now that the general population is becoming so familiar with QR codes, one maybe needs to ask, are they safe? Are they every bit the influential convenience we see them as, or are they just another security catastrophe waiting to happen?

the qr code – opportunity to criminals

As more and more people are scanning and tapping with their mobile devices to go places and get things done or pay their accounts, complacency sets in. People stop questioning whether their QR code scanning activities are a risk and simply go through the motions: scan, tap, swipe – you know the drill. And therein lies the opportunity for criminals.

To illustrate this point, one only has to consider that studies done in 2020 revealed that 71% of people who scan QR codes have no way of telling the difference between a malicious code and a legitimate one.

the possible risks when using qr codes

QR codes can be used to sign into networks and gain access to a flight or a concert, but they can also be used to deploy malicious codes on your mobile device. Here’s what a fake QR code can do:

  • Send you to a malicious URL that’s used for phishing
  • Make an instant payment that comes off your credit card or mobile contract balance
  • Force your mobile to call an expensive call centre
  • Force your mobile to make an outgoing call that exposes your number to a scammer
  • Send information about your location
  • Send an email or text message on your behalf

how to ensure you’re not scanning malicious qr codes

There are a few ways you can determine if a QR code is legitimate or not. Here are a few tips:

  • Question where the QR code is placed. If a QR code is printed on a pizza box, the chances are that it’s more legitimate than a QR code handed to you at the robots by someone in plain clothing.
  • Many QR codes offer the option of viewing the URL of the code. If it looks suspicious, don’t process the scan.
  • If the URL is a bit.ly address, it’s best to be cautious. Criminals often use bit.ly URLs to disguise malicious addresses.

don’t give criminals a chance

Always practice caution when using QR codes which offer a quick and easy way to enter competitions or link to a special offer. Sometimes you have to use them if a company makes use of QR codes to provide access to premises but make sure that you do due diligence and don’t put yourself in a risky position. Your data is worth a lot – protect it!