Page 158 - Cyber Defense eMagazine December 2023
P. 158

Now, hackers are embedding malicious QR codes into shopping coupons, phishing emails, payment
            sites, and social media accounts – also known as “quishing” attacks.

            As technology becomes smarter, so do hackers, and individuals need to be mindful of these new methods
            so they can stop attackers in their tracks. With proper cybersecurity training and the help of AI, quishing
            can be avoided, and QR code technology can be used to its advantage.




            QR Code Attacks’ Secret Weapon: Creating a False Sense of Trust
            Imagine you receive an email from your bank, informing you about a security update for your mobile
            banking app. The email explains that you need to update the app immediately to prevent any potential
            security breaches and keep your finances safe, so you scan the QR code with your mobile device –
            redirecting you to a site that replicates your bank's interface and prompting you to enter your login details.
            The update is seemingly “successful.” A couple days later, you have several unauthorized transactions,
            your account has been compromised, and you realize you are a victim of a QR code attack.

            Quishing attacks utilize social engineering tactics that make individuals more susceptible to the threat.
            These  attacks  frequently  exploit  the  trust  of  people  who  use  their  mobile  devices  for  regular  digital
            interactions,  such  as  emails,  messages,  or  payment  sites.  This  creates  a  false  sense  of  familiarity,
            directing victims into a deceptive comfort zone to give out their credentials. Specifically, attackers mainly
            use quishing attacks to spread phishing links, malware downloads, or compromise a device.



            QR Code Attacks: Emails, Malicious Downloads,  and Compromised Devices

            QR code attacks can manifest in different ways which present unique threats to individuals' security.
            Quishing often comes in the form of a malicious email link, prompting recipients to scan a QR code and
            redirecting them to a counterfeit website that masquerades as a trusted application or service. Individuals
            are then encouraged to submit their personal information or login credentials, unknowingly offering their
            personal data to the attacker. Additionally, quishing attacks can also come in the disguise of surveys that
            ask victims for their personal information, including their social security number. These malicious links
            and forms serve as bait for victims, making it easy for attackers to receive personal information.

            Malware  from  malicious  websites  can  also  automatically  be  downloaded  to  a  victim’s  device.  The
            dangerous malware can range from spyware to ransomware, granting attackers the ability to pilfer data
            or even seize control of a victim's device – serving as a huge threat to individuals' security.

            Additionally, scanning a QR code can be used to open payment sites, follow social media accounts, or
            send malicious email messages from a  compromised victim's account. This tactic allows hackers to
            impersonate their victims or target others in their network.









            Cyber Defense eMagazine – December 2023 Edition                                                                                                                                                                                                          158
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   153   154   155   156   157   158   159   160   161   162   163