A QR code otherwise known as a quick response code is an image represented by a square with a series of black squares on a white background. This image can be scanned by users mobile devices and typically redirects them to a webpage or download. QR codes have increased exponentially during the pandemic and have led many scammers to exploit it for malicious activities.
QRishing is a phishing type attack implemented through the QR code, it works by hiding malicious software or fraudulent websites in the QR code. Users who scan these codes may not immediately recognize the content of the QR code with potentially dangerous consequences.
For instance, the attacker could attach a QR Code in an area that tends to be dedicated to advertising a product or brand. Once the user falls into the trap and scans the code, he is usually redirected to a fraudulent link which among other scams can aim to trick the user into entering his credentials in order to steal his identity or to infect his device with trojans and ransomware.
82% of the European population know how to scan a QR code, and four out of ten Europeans do it on a weekly basis, if you are among them are you paying attention before scanning QR codes and properly inspecting where it has taken you?
Curiosity is the biggest motivating factor that leads us to scan QR codes, each user is led to scan them without fear and without thinking about the potential consequences that this use could have on their sensitive data, device or personal computer.
Mobile devices tend to be less secure than PCs and used less cautiously, which is why attackers tend to use QR codes more frequently.
Do you know how to behave in front of a QR code?
To be honest it is not easy to recognize a malicious QR code, you have to pay close attention to these aspects:
1 - Ask yourself who generated the QR code and if it refers to a site where personal information is requested be very careful.
2 - Do not scan QR codes of dubious origin such as in emails from unknown sources or on websites that you are not 100% sure of also be aware of QR codes on billboards or street signs.
3 - Install security applications on your device to help protect you and your device.
4 - If you received the QR code in an email, check the email address to ensure that it is from a company, person or brand you trust 100%.
ReactionIf curiosity has prompted you to scan a QR code without the right attention, do not despair, pay attention to what happens after the code is scanned:
1 - We advise you not to open shortened URLs as they may hide malicious links.
2 - Check the authenticity of any website you are redirected to before entering any of your sensitive data or credentials, again, if you are not 100% sure it is safe do not enter anything and close the website immediately and never download anything you are not 100% aware of from a QR code.
3 - Check that the website on which the QR code directed you to has the security protocol (https) but bare in mind that this still does not stop people from stealing your sensitive data.
Curiosity often pushes us to take reckless actions, but as you have seen in this video tutorial, it is never too late to learn to recognize where dangers, that can undermine our cybersecurity, are hidden!