QR Codes Open the Door to Cyber ​​Threats

24/10/2023 GENERAL, TECHNOLOGY
QR Codes Open the Door to Cyber ​​Threats
QR Codes Open the Door to Cyber ​​Threats

📩 24/10/2023 14:10

QR, or “Quick Response” codes, which are rapidly expanding in use to share information, make payments and speed up business processes, have recently opened the door to cyber threats.

Stating that users should be aware of the potential risks brought by QR codes that make life easier, İnfrasis Cyber ​​Engineering General Manager Can Sobutay said: "The cyber fraud incident targeting Istanbul vehicle drivers with fake QR code labels with the İSPARK logo is a result of cyber criminals who see the opportunity in the increasing use of QR codes in the world and in our country." "It revealed the damage it could cause through these codes," he said.

Pointing out that the security threat in QR codes is different from traditional phishing, Can Sobutay said, “Unfortunately, QR codes pose a unique cyber security threat. There is no URL or verification path to verify the legitimacy of the code before scanning it. Avoiding QR code scans can be difficult, but taking some proactive precautions will help you minimize the dangers associated with QR code technology. It is difficult to identify a fake QR code. While the use of QR codes in daily life for both professional and personal purposes continues to increase, most users are unaware that by scanning the QR code they can expose themselves to clever cyber attacks. Users need to raise their awareness about the seriousness of the damage that cybercriminals can cause by using fake QR codes.” he said.

While technological development makes life easier, it also brings risks. QR, or "Quick Response" codes, which are rapidly expanding in the technology age we live in to share information, make payments and accelerate business processes, have recently opened the door to cyber threats. Today, QR codes touch our lives to access websites, mobile applications, restaurant menus, make payments, make phone calls, connect to Wi-Fi without a password, send e-mail, add contact information and many more functions.

“We brought the issue to the agenda in August”

Stating that users should be aware of the potential risks brought by QR codes that make life easier, İnfrasis Cyber ​​Engineering General Manager Can Sobutay said: "The cyber fraud incident targeting Istanbul vehicle drivers with fake QR code labels with the İSPARK logo is a result of cyber criminals who see the opportunity in the increasing use of QR codes in the world and in our country." "It revealed the damage that could be caused through these codes."

Emphasizing that QR codes scanned without making sure of their legitimacy pose a serious cyber threat, Can Sobutay said, “We brought it to the agenda in August with the aim of raising awareness. The method used by fraudsters in İSPARK is one of the methods mentioned in the warning about the QR code threat published by the FBI in recent months. Here, it could be a sticker stuck on vehicle windows, a billboard placed in a public place, or a fake sticker giving the impression of a promotional code. "When someone scans the code, it may lead them to a website that appears to be a legitimate login page or other online service, but is fake and designed to steal the user's login credentials or personal information," he said.

A unique security threat

Pointing out that the security threat in QR codes is different from traditional phishing, Can Sobutay said, “Unfortunately, QR codes pose a unique cyber security threat. There is no URL or verification path to verify the legitimacy of the code before scanning it. "Avoiding QR code scans can be difficult, but taking some proactive precautions will help you minimize the dangers associated with QR code technology," he said.

Stating that it is difficult to identify a fake QR code, Can Sobutay continued his words as follows:

“While the use of QR codes in daily life for both professional and personal purposes continues to increase, most users are unaware that by scanning the QR code they can expose themselves to clever cyber attacks. Users need to increase their awareness about the seriousness of the damage that cybercriminals can cause by using fake QR codes. Malware such as ransomware and trojans are used to redirect downloads or other malicious content. These viruses can spy on you, steal sensitive information or files such as photos or videos, and even encrypt your device until you pay a ransom. Can open financial applications, social media accounts and email accounts. You can create and send messages to your contacts using your email or social media accounts.”

Check the redirect URL

İnfrasis Cyber ​​Engineering General Manager Can Sobutay listed the points that QR code users should pay attention to to protect themselves as follows:

-Do not scan the code if it is on a label, appears to have been altered, or is covered up.

-Check to see if the URL you are redirected to is a secure URL that starts with “https”.

-Check the web address to make sure it is the intended site and appears genuine, be wary of possible spelling errors.

-If possible, instead of scanning a code that will take you to a specific website, type the URL of that website.

-Do not log in to an application or service with a QR code.

-Never initiate payment if you receive a notification to enter any sensitive information when you scan a QR code.

-Avoid scanning QR codes from suspicious or unknown sources and QR codes received via email from unknown sources.