Hackers exploit QR codes to steal from victims via Qshing attacks

April 21, 2022
Hackers QR Codes Data Theft Qshing Cyberattacks Phishing

As convenient as the QR codes for its users worldwide, the tool is also currently being exploited for cybercrimes. Many threat actors abuse QR codes to deploy Qshing attacks or QR code phishing to steal sensitive info and money from victims or spread malware by tampering with it.

The QR code technology was initially intended for quickly tracking car parts and details. Over time, people used it for several other uses, such as facilitating payment transactions and downloading mobile applications.

Since the pandemic began, QR codes have also been useful for the health sector, especially for reporting COVID-19 test results and confirming patients’ vaccination status.

However, cybercriminals have taken advantage of the tool to launch their attacks and victimise people. Experts explained that the QR codes could not be harmed directly but could be replaced for malicious ones where victims could be baited and get redirected to harmful websites that the threat actors established to perform their attack.

 

These operations exploiting the QR code technology are dubbed Qshing attacks.

 

Past reports that detected Qshing attacks include threat actors leveraging a fake password reset page using a malicious QR code to steal sensitive data from its targeted victims. Hence, the US Federal Bureau of Investigation (FBI) has warned users about the increased reports under the Qshing attack campaigns that caused data and monetary loss to people.

Since it could be easy for many users to be lured into the Qshing campaign, cybersecurity experts prepared some guidance so people would be more aware of not falling victim to the malicious operation.

One crucial piece of advice is that users must install antivirus detection applications on their devices capable of scanning QR codes to detect if it is malicious or showing malicious traits. Experts also recommend that users be wary of the QR codes’ credibility before accessing them by evaluating their context or contacting an organisation that issued them.

If a user has already scanned a QR code and opened a site that seemed suspicious, it is strongly advised to immediately close the browser page, clear the site cache and cookies, and delete the browser history. Doing these may help minimise the impact the malicious activity could cause on the victim.

About the author