This easy-to-access and practical technology are undeniably very convenient for many people, including cybercriminals who have launched various QR-based schemes.
You need to know QR Code is just a more advanced version of the barcode. Even though it is more sophisticated, in fact, the cybersecurity vulnerabilities are quite numerous and very risky, and we cannot simply read the QR code or check the scanning process, so users can only rely on the integrity of the creator, so the system is very easy to exploit.
And it is very likely that the fake link QR code created by this cybercriminal leads to a phishing site that looks like the login page of a social network or online bank.
That’s why security experts at Kaspersky recommend always checking links, moreover cybercriminals also often use short links, making it harder to spot fake ones when smartphones ask for confirmation.
Then with a similar attack scheme, cybercriminals also often trick users into making mistakes in downloading applications, for example, initially wanting to download games, they are directed to download malware. At that point, the malware can steal passwords, send malicious messages to your contacts, and much more.
In addition to linking to websites, QR codes may now contain commands to perform certain actions, such as adding contacts, making outgoing calls, drafting emails and collecting message recipient and subject lines, sending texts to creating social media accounts.
From that broad capabilities make QR codes ready and very easy to manipulate. For example, online fraudsters may add their contact info to your address book under the name ‘Bank’ to give credibility to calls that are trying to trick you.
To escape this cyber attack
So what you need to pay attention to in order to escape this cyber attack, remember cybercriminals will always try to get access to QR codes with convincing offers and placements, for example, embedded in a website, banner, email link, or even in an ad on a paper. The point is to make the victim download a malicious application. In many cases, the Google Play and App Store logos are also placed next to the code to make it even more convincing.
What you need to do first is, don’t scan QR codes from clearly suspicious sources, pay attention to the links displayed when scanning the code. Then be careful if the URL has been shortened, because with a QR code it is not possible to shorten any link.
Then do a quick physical check before scanning the QR code on a poster or sign to make sure the code isn’t pasted over the original image.