Security

Can a QR Code Be Used in a Phishing Attack

QR codes, or Quick Response codes, are an easy method for companies to transmit data to customers. Similar to a bar code, users can scan the QR code to save contact information, visit a URL, or compose a message. These codes are useful for companies and consumers, as they save time and prevent users from manually typing out texts. Unfortunately, relying on QR codes means trusting that the link is safe, an assumption which is sometimes not true. Make sure that the QR code you scan is trustworthy and free of malware by running the Full Virus Scan feature after:

Rather than taking a chance with an unknown code, you should rely on this complete virus scan to check for threats on your smartphone and SD card. Although QR codes cannot be hacked, they’re often plagued by phishing attempts, spelling out trouble for mobile users.

Read More: 9 Tips to Enhance the Security of Your Android Phone

Phishing Tactics
Though more involved than phishing through emails or false site links, QR phishing is still the biggest security breach when it comes to QR codes. These codes are most often displayed in public places, used to direct smartphone users to a company’s website. Hackers will replace these QR code posters or produce their own false posters, both with fake codes which will redirect mobile users to phishing websites. These websites will often appear identical to the real deal; the layout of mobile websites will make it difficult to check the website’s full address.

In one instance, a malicious QR code in Russia sent a text message to premium numbers, an attack which charged each number $5 per text message. In these and similar instances, most attacks targeted Android devices. In other situations, websites that users were directed to ran browser exploits, a malicious code which takes advantage of vulnerabilities in operating systems. Browser exploits are able to enable microphone and camera access, send emails, and join a botnet in order to carry out a DDoS attack on a website. Due to the nature of browser exploits, Android users will be unable to tell that their device is being attacked.

Protect Yourself
To protect yourself, and your phone, from malicious QR codes, make sure to fully examine the poster from which you’re scanning the code. Many times scammers will place the fake QR code above the real one, which can be checked by touching the poster. Be suspicious of the page you land on through the QR code and never share personal or login information. While manually typing in the URL may be more time consuming, this is often the safest way to access a website.

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.

Recent Posts

Why Updating Android Helps Protect Your Phone, Even When Nothing Looks Different

Have you ever put off an Android update because you figured nothing would really change…

57 years ago

Your Phone Knows Where You’ve Been. Here’s Why That Matters More Than Ever

Do you know how many places your phone can remember from just one ordinary week?…

57 years ago

Does Changing Your Password Every Week Make Your Account Safer? Myth or Fact

You’ve probably heard that changing your password every week is a smart way to keep…

57 years ago

What Happens When You Tap “Allow” on an Android App?

You install a new app, open it for the first time, and the screen pops…

57 years ago

5-Minute Monthly Phone Check: What to Review on Android

You unlock your phone to answer a quick text and, without even noticing it, pass…

57 years ago

What Happens to Your Data After You Close an App?

You open an app to order food, check your bank balance, chat with friends, or…

57 years ago