The pandemic has forced the user to embrace technological tools more strongly than ever. This is demonstrated by the development of Covid-19 tracking tools, the rise of platforms like Zoom, or the growing importance of QR codes, that you may find them in a Covid Passport that stuck to the table of a bar where they function as a substitute for the letters of a lifetime. Cybercriminals are not unaware of this situation, so they are making an effort to exploit it.
Recently the National Police has alerted about a scam campaign in which cybercriminals used QR codes with the aim of trick victims and steal their personal data and money. Specifically, the case was detected by the Malaga Police Station, as shared a few days ago ‘
Be that as it may, cybersecurity experts emphasize that cybercriminals have various mechanisms at their disposal to take advantage of QR codes. In this regard, the National Cybersecurity Institute (Incibe),
stand out the ‘qrishing‘, a technique that is combined with social engineering to trick the user into providing their credentials by scanning the code, which can appear content on a web page, message or email.
Likewise, the institute points out that this type of code can be used to infect terminals with malicious code in order to extract data, subscribe the victim to premium services and gain access to different elements of the device, such as the microphone or the camera. .
Finally, it is alerted about the ‘qrljacking‘, a type of attack that also uses social engineering and getting him to read the code with his terminal’s camera. In this case, they try to hijack the account of a service that accepts the ‘Login with QR code’ function, as happens, for example, with WhatsApp Web. To do this, they try to trick the victim into scanning a modified QR code that impersonates the original one that has been previously captured by cybercriminals. Upon scanning, the attacker captures the victim’s session credentials and covertly accesses the information contained within the account.
To avoid being a victim of any of these scams, from Incibe it is recommended that workers check frequently that the QR codes present in their businesses have not been changed or modified. With regard to users, it is important that they notice that the QR code redirects to the indicated page, that they disable the automatic opening of links when scanning one and that they verify that the page to which it redirects them is safe. .