You may know what a QR code is, but are you aware that there is now a new wave of QR Code cyber-attacks that are extremely successful? Basically, criminals are placing malicious QR codes in cleverly crafted phishing attack e-mails to trick users into scanning the QR code. And unlike malicious links or attachments, these malicious QR codes are often not blocked or detected by your e-mail protection service.
The attack usually works like this: the user receives an e-mail with an embedded QR code and a call to action for the user to use their mobile phone to scan the code. Since the mobile phone may not have the same protections that your e-mail or computer has set up, the scan of the malicious code often goes undetected, and the user ends up being phished through their mobile phone. Outcomes are multiple, but generally the attackers are attempting to steal user IDs and passwords, redirect the user to malicious site, or convince them to download malicious software. If you receive an e-mail with a QR code, you should be very suspicious and under no circumstances should you scan the QR code unless you are 100% certain it’s real. And can you ever be that certain?