Home » Cybersecurity » The Cyber Threats Hiding in QR Codes

The Cyber Threats Hiding in QR Codes
QR codes have become increasingly prevalent within organizational settings. Unfortunately, cybercriminals have found a way to exploit them.

Home » Cybersecurity » The Cyber Threats Hiding in QR Codes

The Cyber Threats Hiding in QR Codes

QR codes have become increasingly prevalent within organizational settings. Unfortunately, cybercriminals have found a way to exploit them.
Over the past few years, Quick Response (QR) codes—scannable barcodes that direct individuals to specific documents or websites—have become increasingly prevalent within organizational settings. For example, restaurants may use them to allow customers to view their menus online, and retailers may use such codes for digital payment purposes.

The FBI recently issued a warning about the increasing threats. “A victim scans what they think to be a legitimate code but the tampered code directs victims to a malicious site, which prompts them to enter login and financial information,” the agency wrote in a public service announcement.

While the use of QR codes can certainly offer benefits to organizations, cyber experts confirmed that these codes might also pose potential security risks. Cybercriminals have begun leveraging them to launch phishing attacks against customers and employees in recent months.

The FBI recently issued a warning about the increasing threats. “A victim scans what they think to be a legitimate code but the tampered code directs victims to a malicious site, which prompts them to enter login and financial information,” the agency wrote in a public service announcement.

To execute such attacks, cybercriminals may either manipulate existing QR codes or place fraudulent one’s within an organization, thus directing any customer or employee who scans these codes to malicious content. From there, cybercriminals may be able to compromise their victims’ devices and gain unauthorized access to their personal data. If employees’ devices are compromised, cybercriminals could also hack their entire organization.

Considering QR code phishing attacks are on the rise, it’s crucial for organizations to perform regular integrity evaluations of their QR codes to ensure they haven’t been manipulated in any way. Also, organizations should train their employees on this phishing technique and encourage them to look out for potentially suspicious codes. To minimize damages if an employee scans a harmful QR code, it’s best for organizations to safeguard their systems with spam blockers and multifactor authentication.

How to Protect Employees/Customers:

For physical QR codes, always inspect to make sure they have not been tampered with

Don't use QR codes to direct clients to a payment portal

Don't use QR codes in company emails or any other means that are not encrypted.

Restrict employees ability to download QR code applications on mobile devices; most devices today have the ability to read QR codes through the camera

Over the past few years, Quick Response (QR) codes—scannable barcodes that direct individuals to specific documents or websites—have become increasingly prevalent within organizational settings. For example, restaurants may use them to allow customers to view their menus online, and retailers may use such codes for digital payment purposes.

While the use of QR codes can certainly offer benefits to organizations, cyber experts confirmed that these codes might also pose potential security risks. Cybercriminals have begun leveraging them to launch phishing attacks against customers and employees in recent months.

The FBI recently issued a warning about the increasing threats. “A victim scans what they think to be a legitimate code but the tampered code directs victims to a malicious site, which prompts them to enter login and financial information,” the agency wrote in a public service announcement.

To execute such attacks, cybercriminals may either manipulate existing QR codes or place fraudulent one’s within an organization, thus directing any customer or employee who scans these codes to malicious content. From there, cybercriminals may be able to compromise their victims’ devices and gain unauthorized access to their personal data. If employees’ devices are compromised, cybercriminals could also hack their entire organization.

Considering QR code phishing attacks are on the rise, it’s crucial for organizations to perform regular integrity evaluations of their QR codes to ensure they haven’t been manipulated in any way. Also, organizations should train their employees on this phishing technique and encourage them to look out for potentially suspicious codes. To minimize damages if an employee scans a harmful QR code, it’s best for organizations to safeguard their systems with spam blockers and multifactor authentication.

How to Protect Employees/Customers:

For physical QR codes, always inspect to make sure they have not been tampered with

Don't use QR codes to direct clients to a payment portal

Don't use QR codes in company emails or any other means that are not encrypted.

Restrict employees ability to download QR code applications on mobile devices; most devices today have the ability to read QR codes through the camera

The Last Word

QR codes can offer benefits in directing customers to needed information. However, without the right security structure, it can also allow cybercriminals an open window into your business. We can make sure your risks are covered appropriately.

Additional Resources

automotive cybersecurity for a woman in a car

What is Automotive Cyber Security?

This article discusses cybersecurity threats modern vehicles face, the importance of the automotive industry providing protections against those risks, and best practices for minimizing cybersecurity threats.

Read More

a woman on her laptop participating in her company's cybersecurity culture

Creating a Cybersecurity Culture

This article contains tips for improving employee engagement and creating a cybersecurity culture that will help protect your organization against cybercriminals.

Read More

cursor on software updates which becomes a challenge during end of life software

Managing End of Life Software

When software reaches end-of-life (EOL) it means manufacturers will no longer develop or service the product, discontinuing all technical support, upgrades, bug fixes, and security fixes. This article discusses the risks of continuing to use EOL software and discusses best practices for organizations to mitigate this risk.

Read More

Loading...