QR codes are gaining popularity and being used in all sorts of scenarios - which unfortunately means they are becoming an increasingly prominent target for cybercriminals too.
Cisco Talos has detailed in a blog post on its website how exactly threat actors are making use of QR codes, and how users can prevent themselves from falling victim to scams involving them.
The firm notes that during the Covid-19 pandemic, "QR codes saw a resurgence," as they were an effective way for customers to gain information without coming into contact with others. Since then, they have continued to grow as an attack vector.
Quishing
Cisco points out such tactics are being used more often in phishing emails, seeing a particular rise last year, based on data collected from its Talos Incident Response, which dealt with a QR phishing campaign for the first time in late 2023.
In this campaign, Cisco says that "threat actors tricked victims into scanning malicious QR codes embedded in phishing emails with their personal mobile devices, thereby leading to malware being executed on the mobile devices."
Another attack spotted by the company saw "adversaries sen(ding) targets spear-phishing emails with malicious QR codes pointing to fake Microsoft Office 365 login pages that eventually steal the user’s login credentials when entered."
Cisco claims that part of what makes QR code attacks so dangerous is that they force targets to use their personal mobile devices for scanning, which are both usually less secure and contain more valuable personal information.
Business users will often have endpoint protection on their desktop environments, which should protect them from such phishing scams. But this isn't necessarily the case for their mobile devices.
Where the QR codes lead targets can vary - from a fake version of a login page aimed at stealing the credentials a user inputs, to a dangerous attachment that leads to the installation of malware.
In advising users on how to protect themselves, Cisco says that businesses should deploy a mobile management system, like Cisco Umbrella, as well as providing education to all employees on the dangers of phishing attacks.
It also points out that "malicious QR codes may have a poor image quality or look blurry when embedded in an email," and that "QR code scanners will often provide a preview of the link the code is pointing to, so users can see where they are being taken in advance."
Other red flags of phishing emails in general include poor grammar and typosquatted email addresses and links, which mimic legitimate ones closely but not perfectly.
