QR codes have become a mainstay of modern life due to their convenience, but the fact that millions of Americans scan them with their smartphones have also made them a prime target for cybercriminals.
CNBC reports that QR codes have moved far beyond accessing restaurant menus and are now used for more urgent aspects of life, such as boarding passes and parking payments. However, as QR codes have become more prevalent, hackers have exploited their ubiquity to scam millions of Americans through a technique known as “quishing,” a new term combined “QR” and “phishing.”
According to Dustin Brewer, senior director of proactive cybersecurity services at BlueVoyant, attackers are using QR codes to trick people into visiting malicious websites or unknowingly sharing private information. The FTC has warned about unwanted or unexpected packages showing up with a QR code that, when scanned, could lead to a phishing website that steals personal information or downloads malware onto the user’s device.
The appeal of QR code scams lies in their ease of execution. Cybercriminals can simply slap a fake QR code sticker on a parking meter or a utility bill payment warning and rely on urgency to do the rest. Gaurav Sharma, a professor at the University of Rochester, expects QR scams to increase as the use of QR codes spreads and traditional email phishing campaigns become less effective due to increased safeguards.
A study by KeepNet Labs found that 26 percent of all malicious links are now sent via QR code, and according to NordVPN, 73 percent of Americans scan QR codes without verification, with more than 26 million already directed to malicious sites. To combat this issue, Sharma is working on developing a “smart” QR code called SDMQR that has built-in security, but he needs buy-in from Google and Microsoft to implement it.
Institutions like the Children’s Museum of Indianapolis are also taking steps to fortify their QR codes against intrusion by using stylized codes with their logo and colors and regularly inspecting them for tampering. However, QR code scams are likely to hit both Apple and Android devices, with iPhone users potentially being slightly more vulnerable due to their higher trust in their devices.
Breitbart readers can protect themselves from quishing by only scanning codes provided by trusted sources. Avoid scanning QR codes in public places where legitimate codes can easily be tampered with, and when in doubt, ask a service provider or worker to provide a fresh copy of a code.
Read more at CNBC here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship.
Read the full article here