Today, cybercriminals have the ability to devise attacks and deceptions using any form of technology available. This implies that, when browsing the internet and also in the offline world, we must be careful in our actions, since we could fall into traps. In this article we will focus on the phenomenon known as QRishing or the fraudulent use of QR codes.
A QR code, which stands for “Quick Response”, is a modern version of a barcode that our smartphone can read to access various types of information. These codes are used for a variety of purposes, such as accessing a restaurant menu, purchasing train tickets, identifying yourself or obtaining the password for a Wi-Fi network, among others.
It is precisely in these applications that cybercriminals find opportunities to hide malware or carry out scams. In recent months there has been an increase in these types of attacks. These can manifest themselves, for example, through fake traffic ticket notifications pointing to a fraudulent website or by placing fake stickers over a genuine QR code. This last type of attack has been detected on numerous occasions in vehicles available for rental such as electric scooters or on restaurant menus, for example.
This criminal methodology leads the victim user to take a photo of the image and navigate to the resulting fake login page. Obviously, this action is pernicious for several reasons, two of which are immediately evident: there is no known security solution that, while reading the QR code, is capable of analyzing it to determine if the resulting URL is malicious or No. Which brings us to the second reason: many of the integrated systems, when reading the QR, directly open the URL it contains, so they do not give the option to carefully examine whether the domain they direct to is legitimate or not. Other integrated systems or QR reading apps do offer an intermediate step in which you can view this web address and analyze it if desired, but unfortunately, it is cumbersome for the average user to copy this URL and run it through a detector (such as it may be virustotal.com) to find out if it has been incorporated into the databases of the most famous antiviruses as a potentially dangerous URL.
Due to these difficulties that arise in verifying the legitimacy of QRs, this type of social engineering is successful, otherwise cybercriminals would not be using this method. This type of attack highlights the fact that people need to be continuously educated through next-generation security awareness training, so that anything out of the ordinary, in this case something as outlandish as That a QR redirects to a website where access credentials are requested, raises alerts around the world.
How to avoid it
Fortunately, if you are a foresighted person, it is quite likely that you will be able to avoid falling for any of these deceptions. The first and most crucial thing is to verify that the solution to read QR codes on our device shows the URL to which they direct us; If not, we must get an application, one of the many in the different app stores, that does.
Once we have this factor covered, the next thing we must do is know how to recognize if the address to which the QR code redirects us is a secure address. At this point our skills in recognizing fraudulent web addresses come into play. These skills are something that is trained when we train people in phishing detection, so these skills can be used to also detect these hidden URLs, in this case, behind a malicious QR code.
For example, it is essential to observe if the web page to which we are being directed begins with “https”, which represents a minimum level of security and protection. Reliable pages usually meet this requirement, although it is important to mention that this factor is not absolutely decisive and the mere fact that the address begins with https should not be perceived by users as a guarantee of 100% safe browsing.
What we can do to find out if the URL offered by the QR corresponds to a legitimate URL is to perform a simple search on Google. In this way we will see which are the first “non-sponsored” results (that is, they are not advertisements) that correspond to that brand, we navigate to the specific website and verify that the domain is exactly like the one offered by the QR. If not, it could be a scam and we must remain vigilant. It deserves special attention if on the website we access using the QR code we are being asked for any type of data related to our credit card, personal data or access credentials.
In relation to links, if we find a shortened link, it is advisable to extend it before opening it to verify its legitimacy and rule out any suspicion. For this, there are also various online solutions that will help us in this task.
Finally, if you own a business and use QR codes for your customers, it is crucial to carry out regular reviews of your QR codes to ensure that they have not been fraudulently altered.
If you want to learn more about how to protect your organization and its members from cyber risks, we invite you to learn more about Kymatio by visiting our website.