QR Awareness

So, you just scanned me, right? While I'm harmless, this could have been very dangerous for you.

Did you know the FBI is warning that cybercriminals have been tampering with legitimate QR codes to try and trick unsuspecting users into loading up scam websites? Well, that's a start.

Quishing is the practice of using QR codes for phishing attacks. While this technology is not harmful by nature, it's widely abused by criminals.

Attackers can easily embed a malicious URL containing custom malware into a QR code that could then exfiltrate data from a mobile device when scanned. Malicious QR codes may also contain embedded malware, allowing a criminal to gain access to the victim's mobile device and steal your geolocation as well as personal and financial information.

QR stands for "Quick Response" and was invented in 1994 by the Japanese company Denso Wave. The QR code can include up to 4,000 characters of text, which can be anything from a plain message to a link to follow or a file to download. Due to its fast readability, it is now widely accepted by individuals and organizations.

Tips For You:

• Ensure that the linked website is legitimate before you provide your personal information. Check for any misspellings on the URL itself.
• If you receive a QR code that you believe to be from someone you know, reach out to the person through a known number or email to verify that the code is genuinely from them.
• When transacting on a merchant or service provider's premises, check the QR code to ensure it's not pasted over an original, legitimate one.
• If possible, don't make payments to a site accessed by a QR code.
• Think twice before you scan a QR code, even if they seem to come from organizations or people you know.
• Enable multifactor authentication (MFA) with your banking, enterprise, and other accounts to prevent theft of login credentials.
• Use QR codes to pay only when transacting directly with trusted merchants, service providers, or persons you know.
• Be careful about granting permissions when an app asks for them, as some of the requested permissions could be dangerous.
• Do not download a QR code scanner app: Use the default camera app on your device to scan QR codes. (Most operating systems' default camera apps have built-in QR code readers.)