QR Codes Offer Easy Cyberattack Avenues as Usage Spikes

[Gandalf_The_Grey]

Content source

https://threatpost.com/qr-codes-cyberattack-usage-spikes/165526/

Usage is way up, but so are cyberattacks: Mobile phishing, malware, banking heists and more can come from just one wrong scan.

To prevent from succumbing to an attack, basic, good security hygiene is a good place to start. For instance, users should be wary of QR codes in public places that look like they’ve been hastily pasted or taped up, potentially replacing a legitimate QR code.

The Army’s alert recommended the following best practices:

• Do not scan a randomly found QR code.
• Be suspicious if, after scanning a QR code, a password or login information is requested.
• Do not scan QR codes received in emails unless you know they are legitimate.
• Do not scan a QR code if it is printed on a label and applied atop another QR code. Ask a staff member to verify its legitimacy first. The business might simply have updated what was their original QR code.

 

[ForgottenSeer 85179]

Secure scanner apps are also first display the content and if it's a URL, don't open if automatically.
But that's sadly not in common used apps and end-user doesn't care anyway