What is a QR code?
A QR Code (Quick Response code) is a two-dimensional barcode. It links to a web page or other content that is normally optimized for mobile and tablet access. The QR code consists of modules, usually black, arranged in a square with a white background.
It was invented in 1994 by Denso Wave, a Japanese company that used to work for Toyota. It appears on flyers, business cards, posters, magazines, and even, since the pandemic, on tables in bars and restaurants. It can be used to access additional information, audio or video content, participate in a contest, or even make a purchase from a smartphone.
In recent years, QR codes have become customizable, allowing brands to promote themselves or integrate QR codes into their graphic design guidelines.
QR codes, a popular cyber threat.
Omnipresent in our lives, users are not fully aware of the risks associated with using QR codes. Hackers exploit this technology by sharing a malicious URL to a phishing site. They can also spread malware or collect personal data.
These malicious actions can trigger various responses:
- Add a list of contacts and use it to launch phishing campaigns
- Make phone calls to premium rate services
- Sending text messages to individuals with a bad reputation or who are wanted by law enforcement agencies
- Writing emails
- Make payments
- Access your bank accounts
- etc.
The difficulty lies in not knowing where this code will lead before scanning it.
An attack of this kind also affects organizations. For example: when an employee scans a QR code at a restaurant during their personal time, they may be phished. This will not only affect them personally, but could also compromise the infrastructure of their organization.
In a study conducted by MobileIron, “71% of respondents cannot distinguish between a legitimate QR code and a malicious QR code, while 67% claim to be able to distinguish between a legitimate URL and a malicious URL." (source: informatiquesnews.fr).
Simple and quick, this new threat is a real boon for cybercriminals. The figures show a lack of lack of user awareness and the urgent need to remedy this situation.
How can you protect yourself?
80% of users own a smartphone and almost all of them can read QR codes natively, i.e. without the need for a third-party application.
To do this, here are a few recommendations:
- Be careful before scanning a QR code on a table in a bar or restaurant. Before scanning, make sure it is actually from the establishment and not a trap set by a cybercriminal.
- Check the URL shown on the notification before clicking to be redirected. If the URL looks different or is not from a reliable source, exit the notification immediately.
- For organizations that provide their employees with mobile devices: prevent the automatic installation of applications.
- Encourage multi-factor authentication for accessing business applications, or opt for the cloud.
- Install a defense solution against mobile threats.
In reality, to protect yourself from this increasingly frequent threat, the watchword is vigilance.
