Attackers are exploiting the QR code surge to steal information and conduct phishing campaigns. Here’s what security teams and users need to know to stay safe.
The COVID-19 pandemic has ushered in a new era of QR code usage, simplifying contactless transactions and making life more convenient. However, bad actors are quick to exploit this opportunity and the inherent vulnerabilities of QR codes, posing a growing threat to individuals and organizations alike. The QRurb Your Enthusiasm 2021 report by Ivanti reveals that global QR code usage is on the rise, but organizations are lagging in security awareness and practices.
Despite 83% of respondents using QR codes for financial transactions in the past three months, most are unaware of the risks involved. Only 47% are aware that scanning a QR code can open a URL, and merely 37% know it can download an application. Users frequently scan QR codes in various settings, from retail stores to restaurants, often using their own unsecured devices, putting both personal and enterprise data at risk.
Attackers are increasingly targeting mobile devices with sophisticated attacks, capitalizing on the distractions that often accompany mobile use. They can embed malicious URLs into QR codes, leading to data exfiltration when scanned or redirecting users to phishing sites to steal credentials.
QR code phishing, known as “qishing,” is a growing concern. Attackers use QR codes to direct victims to malicious websites or trick them into downloading malware, often mimicking legitimate companies’ messages. Victims are urged to re-authenticate their sessions, leading to credential theft.
To protect against QR code security threats, users should exercise caution. Always inspect QR codes for alterations before scanning, especially in public places. Pay attention to the URL being directed to, and never log into an app using a QR code. Organizations should consider unified endpoint solutions, mobile threat defense, and exploit protection for all devices accessing corporate resources.
Verify the legitimacy of QR codes by ensuring they come from trusted sources. Avoid URLs that differ from a company’s legitimate URL or redirect users to different sites.
As QR code usage continues to rise, it’s essential for both individuals and organizations to be vigilant and stay informed about the associated risks. With mobile devices becoming increasingly prevalent during the pandemic and QR code use on the rise, cybersecurity awareness and protective measures are more critical than ever.