What You Need to Know About Malicious QR Codes

The resurgence in the popularity of QR (Quick Response) codes came as a result of the coronavirus pandemic. As the world searched for more ways to create contactless business processes and offerings, it seemed like a perfect solution. So, of course, bad actors hopped on the trend too, creating new ways to target QR code users with phishing and other scams. Here’s what you need to know.

QR Code Growth and Opportunities – for Us and for Scammers

Several years ago, you had to download an app to be able to scan any QR code. But now, your cell phone’s camera will do it automatically and prompt you to click the link associated with the code. This is how many businesses are presenting product lists, restaurant or drink menus, coupons, and other helpful bits of information.

And with this convenience comes the potential for corruption. More and more people are using personal devices – cell phones, tablets, and other smart technology – for both work and play.

We are not as careful about monitoring which links we click on our phones. When the QR link pops up, we just click it. This creates opportunities for hackers to disguise malicious programs and links behind QR codes.

Malicious QR – What’s Different Now?

In the past, many bad actors created or stole images of QR codes and then actually tied malicious hyperlinks to them. But in the fall of 2021, the malicious campaigns took some new turns.

They are now embedding functional QR codes into emails and using them to “redirect victims to an information or credentials phishing website, while others may trick users into launching a payment app or follow[ing] a malicious social media account,” according to SC Media.

There are other in-person and online tactics being employed as well.

When it comes to in-person attacks, a scammer will approach someone on the street or outside a business and say they need you to scan the code so they can pay for a subway ticket, a meal, or help raise money for a good cause. This is one of the hardest scams to prevent, because many of us, when faced with someone in need, have a hard time saying no.

There are many more ways scammers are committing QR code fraud:

• QR payment fraud occurs when a bad actor places fraudulent codes at places where a lot of online payments are made. This can be done as easily as placing the sticker of a fraudulent code over the real one at a gas station, convenience store, or other quick-stop establishments.
• QR viruses are easy for cybercriminals to set up too. All they must do is embed links to web pages that contain viruses and other malware. Just scanning the code can create an opening for the malware to compromise your devices and accounts.

How to Combat Malicious QR

There is some good news when it comes to these “quishing” (QR phishing) attacks. Because the latest tactics are carried out through email, your IT professionals and teams can put monitoring tools in place to catch these emails before they propagate too far into your employees’ or customers’ inboxes.

There are also some shortcomings from the attacker’s standpoint – if the intended recipient opens the email on his or her phone, it’s more inconvenient for them to be able to scan the code, since they can’t use their camera.

Here are some ways to protect yourself and your business from malicious QR codes, shared by VPNOverview:

• If you or your coworkers receive a suspicious message containing a QR code claiming to have been sent by a large institution or bank, contact the company directly and find out of the message truly came from them.
• If someone asks you to scan a code so you can receive a payment, it’s most likely a scam. QR codes are usually used to pay for something, not for receiving payment.
• Avoid using QR codes to transfer cryptocurrency whenever possible.
• Make sure you, your employees, and your IT staff are keeping up-to-date on the latest changes in the world of malicious QR.
• Make sure your cybersecurity programs – whether they are run in-house or you are using a managed IT service like Verve’s – are taking QR threats seriously and have tools in place to protect your data and devices.

Protect Your Business from QR Code Fraud Today

Whether your business uses them daily or just occasionally, this trend in malicious QR codes is affecting more and more people and businesses. The nature of cyber threats is that they grow and evolve almost as fast we learn to combat them, and QR code fraud is no different.

That’s why many companies today are switching to managed IT services. Managed IT is yours to customize, but our experts at Verve IT can help you create and maintain network solutions and updates, backup, disaster recovery, device management, cloud services, and more.

Verve is IT, simplified. Learn more about our managed IT services, or give us a call today at 209-244-7120.