The FBI recently issued a warning about the increasing threats. “A victim scans what they think to be a legitimate code but the tampered code directs victims to a malicious site, which prompts them to enter login and financial information,” the agency wrote in a public service announcement.
While the use of QR codes can certainly offer benefits to organizations, cyber experts confirmed that these codes might also pose potential security risks. Cybercriminals have begun leveraging them to launch phishing attacks against customers and employees in recent months.
The FBI recently issued a warning about the increasing threats. “A victim scans what they think to be a legitimate code but the tampered code directs victims to a malicious site, which prompts them to enter login and financial information,” the agency wrote in a public service announcement.
To execute such attacks, cybercriminals may either manipulate existing QR codes or place fraudulent one’s within an organization, thus directing any customer or employee who scans these codes to malicious content. From there, cybercriminals may be able to compromise their victims’ devices and gain unauthorized access to their personal data. If employees’ devices are compromised, cybercriminals could also hack their entire organization.
Considering QR code phishing attacks are on the rise, it’s crucial for organizations to perform regular integrity evaluations of their QR codes to ensure they haven’t been manipulated in any way. Also, organizations should train their employees on this phishing technique and encourage them to look out for potentially suspicious codes. To minimize damages if an employee scans a harmful QR code, it’s best for organizations to safeguard their systems with spam blockers and multifactor authentication.
How to Protect Employees/Customers:
For physical QR codes, always inspect to make sure they have not been tampered with
Don't use QR codes to direct clients to a payment portal
Don't use QR codes in company emails or any other means that are not encrypted.
Restrict employees ability to download QR code applications on mobile devices; most devices today have the ability to read QR codes through the camera
Over the past few years, Quick Response (QR) codes—scannable barcodes that direct individuals to specific documents or websites—have become increasingly prevalent within organizational settings. For example, restaurants may use them to allow customers to view their menus online, and retailers may use such codes for digital payment purposes.
While the use of QR codes can certainly offer benefits to organizations, cyber experts confirmed that these codes might also pose potential security risks. Cybercriminals have begun leveraging them to launch phishing attacks against customers and employees in recent months.
The FBI recently issued a warning about the increasing threats. “A victim scans what they think to be a legitimate code but the tampered code directs victims to a malicious site, which prompts them to enter login and financial information,” the agency wrote in a public service announcement.
To execute such attacks, cybercriminals may either manipulate existing QR codes or place fraudulent one’s within an organization, thus directing any customer or employee who scans these codes to malicious content. From there, cybercriminals may be able to compromise their victims’ devices and gain unauthorized access to their personal data. If employees’ devices are compromised, cybercriminals could also hack their entire organization.
Considering QR code phishing attacks are on the rise, it’s crucial for organizations to perform regular integrity evaluations of their QR codes to ensure they haven’t been manipulated in any way. Also, organizations should train their employees on this phishing technique and encourage them to look out for potentially suspicious codes. To minimize damages if an employee scans a harmful QR code, it’s best for organizations to safeguard their systems with spam blockers and multifactor authentication.
How to Protect Employees/Customers:
For physical QR codes, always inspect to make sure they have not been tampered with
Don't use QR codes to direct clients to a payment portal
Don't use QR codes in company emails or any other means that are not encrypted.
Restrict employees ability to download QR code applications on mobile devices; most devices today have the ability to read QR codes through the camera
The Last Word
QR codes can offer benefits in directing customers to needed information. However, without the right security structure, it can also allow cybercriminals an open window into your business. We can make sure your risks are covered appropriately.