Duca issued the warning when noting that there has been a significant increase in use of QR codes over the last year, “helping organisations to operate safely during the pandemic”.
“They (QR codes) are vital in terms of the speed, scale and cost effectiveness for reducing touchpoints and contact tracing, providing convenient and contactless data sharing," said Duca.
“QR code technology is safe in itself, but as reliance on it grows, cybercriminals are taking note.
“During the pandemic, Unit 42 has observed cyber criminals in underground online forums discussing ways to abuse QR codes and target the everyday consumer. We also found open-source tools and video tutorials offering training on how to conduct attacks by using QR codes.
“There are numerous ways cyber criminals could leverage QR codes for their own malicious objectives. For example, hacking into a business’s website and replacing the QR code with their own. This could automatically route unsuspecting consumers to a phishing URL, where cyber criminals could request user credentials and then take control of email or social media accounts.”
For protection yourself, Duca provides three key tips:
- Think before you scan
“Don’t scan a QR code if you don’t know where it will lead. There are many secure QR code scanning apps which allow users to preview websites before they visit them.”
- Check after you scan
“Check the website is where you expected to be directed to.”
- Be aware and alert
“Make sure you only download apps from trusted sources such as Apple’s App Store or Google Play Store, and continuously update all smart devices to benefit from the latest security protections.”