5 ways to avoid phishing and cyberattacks via QR Code-Information Technology

Hackers can use different tactics to deceive users by scanning the malicious QR code.

On April 14, information from the Portal of the Ministry of Information and Communications (TT&TT) said that since the outbreak of the COVID-19 pandemic, digital transactions have had a drastic change. Globally, Quick Response (QR code or QR code) technology is more widely used.

However, it is the proliferation of digital transactions through QR code technology that poses potential and unpredictable cyber threats. Grasping the trend, hackers have quickly researched and found ways to exploit this technology for various fraudulent purposes.

QR Code. (Illustration)

A QR code is a barcode that allows users to instantly access information using a digital device. This code will store data as a string of pixels in a square grid and becomes an efficient solution for live data capture.

“Now, QR codes are being abused by hacker groups to exploit and pose serious security threats to the systems and data of many organizations. Some hackers exploit QR codes through through Quishing and QRLjacking attacks to infiltrate targeted devices and steal sensitive information,” said the warning from the Ministry of Information and Communications’ e-Portal.

Like known phishing attacks, Hackers can use different tactics to deceive users by scanning the malicious QR code.

Types of QR code attacks include:

Quishing

In a Quishing attack, the hacker sends a phishing email containing a malicious QR code attachment. When scanning this code, it will redirect the user’s access to a phishing page that the hacker controls, thereby stealing sensitive data information.

QRLjacking

Most organizations use Quick Response Code Login (QRL) as an alternative to password-based authentication. QRL allows users to log into their accounts by scanning a QR code, which is encrypted with the user’s credentials.

QRLJacking is like a social engineering attack, capable of session hijacking and affecting all accounts based on QR code login. In a QRLjacking attack, hackers trick the user into scanning a specially designed QRL instead of a legitimate QRL. When a malicious QRL is scanned, the device is compromised, allowing hackers to take full control.

In addition, some methods of baiting can be mentioned, such as enticing users with a free Wi-Fi network to scan a QR code. Hackers also replace QR codes in public places with malicious ones to redirect users to fraudulent websites. This QR code can connect the user’s device to a malicious network to reveal the location and perform payment fraud.

Most malicious QR codes can easily evade traditional security detection, by simply scanning email or web page content rather than suspicious and unusual barcodes.

How to prevent QR code attacks

While it may not be practical to avoid scanning QR codes, taking certain proactive measures can help reduce the risks associated with QR code technology.

– Do not log in to unusual apps or services through QR codes.

– Beware of rewards. For example, scan a QR code to receive a certain amount of money.

– Avoid random QR code scanning from suspicious and unknown sources.

– Make sure the QR code is original and not overwritten.

– Use the software to pre-determine the URL of the code before performing a QR scan.