The security implications of QR Codes in 2022

Magni Reynir Sigurðsson, Senior Manager of Detection Technologies at Cyren discusses the security implications in 2022 of increased QR code use.

Magni Reynir Sigurðsson, Senior Manager of Detection Technologies at cloud-based internet security company, Cyren, discusses the security implications of increased QR code use. 

“From track-and-trace to ordering from menus at restaurants, we have seen an increase in QR codes being widely used in multiple industries throughout the past year. The ease of use and accessibility the two-dimensional barcodes have offered customers during the pandemic has meant more and more companies have employed it as part of their business operations. However, threat actors are now exploiting the increased familiarity of this technology by sending out targeted phishing emails containing malicious QR codes.  

"QR codes are particularly appealing for cybercriminals who look to use them as part of their phishing campaigns, as they negate the need to include URLs or attachments that might get intercepted when scanned by the email gateway, meaning the attackers are much less likely to be detected. QR codes are also “mobile-friendly” increasing the odds that an unsuspecting victim will follow the malicious URL using a personal or otherwise unsecured device. 

"These phishing campaigns work on the principle that the victim receives an email which includes a ‘required action’, such as updating or securing an account, or paying an outstanding delivery and therefore subsequently scans the contained QR code. The fraudulent site will then gather any credentials the victim might enter, from usernames and passwords to bank details and social security numbers, and this data will be consequently used by the attackers for malicious purposes. 

"These types of attacks will only escalate in 2022 as more and more companies start using QR codes for business practice, thereby increasing the surface of legitimate activity for attackers to spoof. Moreover, the new year will see an increase in QR codes being used in malware campaigns, where the fake QR codes trick users into installing malicious apps via untrusted sites or app-stores that then steal data from the user, such as logging every key stroke, stealing credentials and data, and sending expensive SMS messages from the victim’s phone. 

"The increased use of QR codes and other novel evasion techniques in 2022 will force enhancements to detection technologies and user education. Remember, if the email or text message containing a QR code looks suspicious, it probably is. Consumers can ensure their credentials are safe by enabling multi-factor authentication and following best practices for password management. Businesses should evaluate specialized phishing solutions that employ techniques like machine learning to spot malicious QR codes and other evasive phishing techniques.”  

 

Share

Featured Articles

Founder Shield MD on Navigating Multi-Cloud Complexities

Founder Shield Managing Director Jonathan Selby talks strategies to navigating the complexities of multi-cloud set ups

Qodea CISO Explains How Cyber Threats Could Outrun Cost

Qodea CISO Business Manager Ed Russell explains how growth in sophistication and volume of attacks means current investment in defences falls short

Nokia and NL-ix Deploy Europe’s Largest IXP-Based Anti-DDoS

This collaboration between Nokia and NL-ix is unprecedented both being Largest IXP-Based Anti-DDoS, but the first anti-DDoS solution deployed by an IXP

Bridging the Gap: Examining the UK-US Data Bridge

Data Breaches

Hiddenlayer CSO Tells Why It Made an AI Security Council

Technology & AI

Cooperation Key Theme at Microsoft Endpoint Security Summit

Cyber Security