QR codes have become widespread in our lives, appearing everywhere, from product packaging to restaurant menus. Scanning a QR code with your smartphone can lead you to a website or provide additional information about a product or service. However, scammers have found a way to exploit this technology for their own gain. In this blog post, we’ll take a closer look at QR code scams and how you can protect yourself.
The Danger of QR Codes
In an interview with CSO Online, Alex Mosher, global vice president at MobileIron, stated, “By their very nature, QR codes are not human-readable. Therefore, the ability to alter a QR code to point to an alternative resource without being detected is simple and highly effective.”
According to a recent study, almost 75% of the participants could not differentiate between a genuine and fraudulent QR code. It emphasized the importance of educating individuals about the various other functions that QR codes can perform.
“Mobile device attacks can be a threat to both individuals and businesses,” warns Mosher. He emphasizes that a successful attack on an employee’s mobile device can lead to personal information being compromised, financial resources being depleted, and sensitive corporate data being leaked.
How Does a QR Scam Happen?
QR code scams come in many forms, but here are a few recent examples:
“Quishing” or QR Code Phishing
Hackers use a technique called Quishing to conceal the website URL within a visual QR code. This makes it difficult for victims to detect QR fishing by simply checking the address before scanning. This technique is frequently used in phishing emails, where threat actors create a sense of urgency or stress, such as a time-sensitive alert, which can cause victims to be less attentive than usual.
Placement of fake qr codes
Scammers place their own QR codes over legitimate codes on products in stores. When consumers scan the codes, the codes take them to a fake website that asks for personal information.
Scammers place QR codes on stickers or posters around public places. When the user scans them, they are taken to a website where they are prompted to download an app. The app then installs malware on the unsuspecting victim’s phone.
Real Life QR Code Scams
Energy company quishing
In August 2023, cybersecurity researchers at Cofense detected a widespread phishing campaign targeting a major energy company in the United States.
Over a thousand emails were sent as part of this campaign, with almost 29% of these emails directed at the energy company. The remaining emails were sent to companies in the manufacturing (15%), insurance (9%), technology (7%), and financial services (6%) industries.
The phishing email operation included QR codes that led recipients to a fake Microsoft 365 login page. The attackers used urgency to trick victims into updating their account settings within three days, leading to the theft of their login credentials.
malicious paw patrol qr
In September 2023, a disturbing incident occurred where cyber criminals redirected a URL associated with the children’s cartoon ‘Paw Patrol’ printed on four themed snack products. As a result, the URL led to pornographic content.
The discount supermarket, Lidl, had to recall its entire range of snacks because of a safety concern. TechRadar reached out to Lidl and was advised that “this is a limited offer product from a specific brand that is not included in our primary selection and is also available at other retailers.”
Lidl issued a public notice regarding the QR hijacking issue. “We recommend that customers refrain from viewing the URL and return this product to the nearest store where a full refund will be given.”
As per the report by TechCrunch, the domain involved in the cyber attack is presently registered to an individual based in Lianyungang, China. However, it was earlier owned by Appy Kids Co., the manufacturer of the affected Paw Patrol products. According to public records from Companies House, the company dissolved over a year ago.
Protecting Yourself from QR Code Scams
Here are some tips to help you stay safe from QR code scams:
1. Avoid qR codes in public places
If you see a QR code on a poster or sticker in a public place, be wary of scanning it—only scan codes from sources you trust.
2. verify the source before scanning
Before scanning a QR code, ensure it is from a legitimate source. If it’s on a product, for example, make sure it’s the original code and not a sticker placed over it.
3. don’t give out personal information
Be wary if a QR code takes you to a website that asks for personal information. Legitimate websites will never ask for things like your social security number or card information.
4. Keep your phone software up to date
Ensure your smartphone’s operating system and security software are current. This will help protect you from malware and other threats.
QR Code Scams | Conclusion
QR codes provide a convenient way to access information, but malicious individuals can also exploit them. Avoid scanning codes in public places, verify the source before scanning, and never give out personal information. By following these tips, you can safely enjoy the benefits of QR codes.
Are you concerned about the security of your business from QR code scams or other cyber threats? At AtNetPlus, we have safeguarded businesses in Northeast Ohio from such malicious attacks since 1998. Don’t let your business fall victim to cybercrime– reach out to us today for reliable protection and peace of mind.
- How attackers exploit QR codes and how to mitigate the risk | CSO Online.
- Why you should think twice before scanning QR Codes | techradar
- Major Energy Company Targeted in Large QR Code Phishing Campaign | COFENSE
- Lidl recalls Paw Patrol snacks after website on packaging displayed porn | TechCrunch
- APPY FOOD AND DRINKS LIMITED | gov.uk