As the world of technology continues to expand, so does the number of threat vectors that could possibly compromise the security of an individual and company alike. As the landscape for the threats continues to change, the more important it is for everyone to be more vigilant and aware of the potential dangers that are beginning to pop up more and more. One of the major ways that are being targeted is being utilized more and more by restaurants and other retailers alike. QR codes have now become just one of the latest ways that attackers will try and gain access to devices of unsuspecting customers alike. QR codes have now become just one of the latest ways that attackers will try and gain access to devices of unsuspecting customers.
QR codes are bar-code like objects that are used for a number of things. They can be used to easily navigate to a specific website for a retailer or to data storage as well. They are not only used in retail, they are also used in video games as well as other activities like geocaching. While these companies and activities can be legitimately using the QR codes, hackers are using the public’s blind trust of seeing them at stores and restaurants to gain access to unsuspecting victim’s devices.
An example of how they do this is particularly at restaurants. Since COVID-19 began and then restaurants began reopening again, many of them utilize QR codes for customers to see the menu. By doing this, it makes it much easier for customers to see the whole menu for the restaurant. However, hackers know this and will create their own QR codes and drop them on tables or on the floor near tables. They are hoping that a customer will scan it with their device and once they do, it will either download data to their device without the user knowing it or it can even navigate them to a fake website that the hacker has set up in the hopes of the customer entering personal information like email addresses or passwords.
Once a hacker has access to the device, they can gather any and all the information that they would like. They can use the information entered by the user to start phishing attacks by email spoofing or even just gaining access to your email to read and exploit using your email address or even gain access to your financial information. There are things that you can do in order to help prevent it from happening to you or your organization.
Computer.org gathered a list of ways to prevent this from happening to you. They recommend “scanning QR codes of trusted sources only, regularly update your device’s security as well as remain vigilant.” Another way to limit your exposure is using a QR code reader. Apps like Kaspersky’s QR code Reader and Scanner offer the ability to scan QR codes with a little more confidence. Beaconstac.com has rated this app one of the best because “it offers Kaspersky’s safety checks that ensure a QR code doesn’t lead to a dangerous link or malicious content” as well as “keeps a history of all QR scans done within the app.”
Written by: Robert Johnson, EMCO Technology, Inc.