Security News > 2022 > February > How QR code ease of use has broaden the attack surface
In this interview with Help Net Security, Neil Clauson, Regional CISO at Mimecast, talks about the threats of QR code phishing, explains the vulnerabilities of such technology and how to make sure not to fall prey to such attack.
In the case of QR codes being used as a form of payment, the FBI warned that cybercriminals can use tampered QR codes to redirect payments, stealing victim funds for their own personal use.
Legitimate QR codes are typically leveraged for their ease of use - you simply point your phones camera at the code and it's instantly scanned taking you to the desired webpage.
How can QR codes be used to execute a phishing attack?
In general, any QR code in an email should be considered suspicious - a legitimate sender would have just sent the actual URL, and is most likely trying to circumvent URL scanning solutions, many of which do not currently analyze QR codes.
While naturally, they may not think of a QR code as a malicious attack vector, you can teach them of the dangers related to scanning a code, and just how costly that can be.
News URL
https://www.helpnetsecurity.com/2022/02/16/qr-code-phishing/
Related news
- How QR code attacks work and how to protect yourself (source)
- Week in review: How QR code attacks work and how to protect yourself, 10 must-reads for CISOs (source)
- Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes (source)
- Google binning SMS MFA at last and replacing it with QR codes (source)