Adversaries are taking advantage of increased QR code adoption by launching phishing campaigns using the technology. “Quishing” is the usage of a QR code lure to harvest credentials and/or deliver a malicious payload.
A recent phishing campaign contained a QR code that prompted users to scan it in order to listen to an “encrypted voicemail.” When users scanned the QR code they were directed to a fake Microsoft login page which harvested their credentials.
QR codes have seen increased adoption at restaurants and other venues that require hands free exchange of information. The recent campaign is a good reminder to be mindful of what you’re scanning and where it may take you.
Author: AJ Vicens
Published: October 26, 2021
Link
Ryan Trapp says
Hi Matt,
Good read. Personally, I’m always wary of scanning QR codes into my phone. It does not stop and ask for confirmation before loading up whatever webpage the QR code is set to direct the user to. With restaurants being more conscientious of germs due to the COVID-19 pandemic, we have seen a significant rise in QR codes being used in lieu of traditional menus. It seems like it is something that is only growing in popularity of use.
Vanessa Marin says
I will fully admit to scanning QR codes indiscriminately up until Dr. Mackey let me in on the secret… They are incredibly vulnerable! Restaurants, payment applications, advertising, coupons, tickets, etc. are all prime examples of QR codes that we trust to scan. But you can also create a QR code at will for any website. I personally have a button on my browser that allows me to create a QR code for the site I’m surfing.
Matthew Bryan says
Same here. I never thought about it until it came up in class. I’ve been looking into app that can sand box the links within the code. I may try this out https://www.kaspersky.co.in/qr-scanner