How Attackers Abuse QR Codes and How to Prevent The Risk

Every restaurant I’ve been to recently doesn’t have traditional paper menus- but rather QR codes to scan with smartphones.

No alt text provided for this image

The use of QR codes has exploded this year as restaurants seek out contactless options for customer safety. Now, bad actors are taking this opportunity and the vulnerabilities of this mobile technology to launch potential attacks.

Bob Violino, in his piece for CSO Online, outlines how attackers take advantage of the increased use of QR codes to steal sensitive information and how to mitigate the risk.

Here were my key takeaways:
📊 Last month, MobileIron released a report saying that QR codes pose “significant” security risks for enterprises and end users.

⚠️ Alex Mosher, Global VP at MobileIron, says “By their very nature, QR codes are not human readable. Therefore, the ability to alter a QR code to point to an alternative resource without being detected is simple and highly effective…”

🎣 A common way bad actors exploit consumers with QR codes is a form of phishing where they cover up legitimate codes or swap them out with illegitimate ones.

Pay attention to the URL you are being directed to. All it takes is one wrong scan.