In the wake of Covid and the ubiquitousness of camera-enabled smartphones, QR codes have become increasingly popular. Even if you’re not familiar with the term, you’ve likely seen them at restaurants to connect to menus, on plane tickets, event passes, or just on stickers applied in public places. By scanning a square-shaped signal, you can quickly be directed to a website, an app, or to confirm a purchase.
Like most convenient forms of technology, they also represent a cyber threat. A recent article on BleepingComputer.com reported scams worldwide misdirecting targets to cloned websites, payment gateways and malware in the form of phony surveys and parking tickets.
The danger presented by QR codes is the fact that their destinations are opaque to their would-be victims. A code that directs someone to a ransomware-infected file and a code that directs them to a menu at their favorite restaurant are virtually indistinguishable from one another.
While the current wave of reported scams involving QR codes primarily targets individuals, there is also a risk to organizations. A compromised mobile device has the potential to infect a work network, a remote access trojan (RAT) could be used to exfiltrate company data from a device and so on. Just as we’ve seen with other forms of hacks and malware, the potential for criminal activity is limited to the creativity and skill of the cybercriminal engaging in it.
There’s no immediate way to completely block QR codes, it is possible to mitigate some of the dangers posed by them. Employees should be trained in security best practices and view QR codes in the same way as email attachments–useful for productivity, but an equally useful avenue for cybercrime. Companies should invest in anti-malware and other forms of security software to help identify malicious files or activity, and consider providing employees with work devices to avoid crossover with personal apps and files.
Concerned about your company’s cybersecurity? Nodal can help! We offer a range of security products and employee education to help bolster your defenses. Contact us today!