Anti-spam, 25.11.2024, 10:30 AM
About 60% of emails containing QR codes are spam, and a smaller part of them is “openly malicious”.
QR codes have become ubiquitous, appearing in emails, on restaurant menus, at public events, on store packaging, in museums, and even in parks. The perfect defense would be to avoid scanning QR codes altogether. However, avoiding their scans entirely can be difficult, so users must be careful. Scanning a QR code is essentially the same as clicking on an unknown link, but without the ability to preview the entire URL.
Cisco Talos analyzed the deception techniques used by attackers. Among them is the creation of “QR code art”, a method of blending functional QR codes into visually appealing designs. These QR code images don’t look like a QR code at all. The danger of QR code images lies in the fact that the user can be tricked into scanning the image with the camera and thus inadvertently accessing related content without realizing it.
The research also found that although QR codes represent only 0.01% to 0.2% of all global email traffic – roughly one in 500 emails – they are disproportionately effective at bypassing security filters.
Why are QR codes difficult to detect?
QR codes avoid traditional detection methods because they are displayed as images. Effective identification requires image decoding and data analysis, a process for which many anti-spam systems are not equipped. Attackers further complicate automatic analysis by using Unicode to create QR codes or embed them in PDFs.
A significant challenge for defenders arises when users scan malicious code on their personal devices. The traffic generated by these interactions often bypasses corporate networks and security systems, which companies’ IT teams are often unaware of.
Cisco Talos warned that users should treat QR codes with the same caution as unknown URLs. For years, security experts have advised users not to open unknown or suspicious URLs. These URLs can lead to phishing pages, malware or other harmful sites. However, many users do not exercise the same caution when scanning an unknown QR code as when clicking on a suspicious link, even though scanning an unknown/suspicious QR code is equivalent to clicking on a suspicious URL.
Before scanning QR codes, they should be decoded using an online tool to view their content. There are several QR code decoders available for free on the internet. If you can save a screenshot of the QR code, you can upload the image to one of these decoders, and the QR code decoder will tell you what data is encoded inside the QR code. This will allow you to inspect the URL more closely.
You should also avoid entering login information on unknown sites linked via QR codes and instead visit a trusted site directly.
Photo: Marielle Ursua | Unsplash
Source: www.informacija.rs
