QR codes can be dangerous as they allow cybercriminals to direct their attack from a secure computer to the victim’s mobile device.
The use of QR codes in companies, businesses and establishments has become more frequent today, which has generated a significant increase in cyber attacks of identity theft or phishing through these codes over the past year, according to recent Cisco Talos studies.
97% of workers access their work accounts from their personal devices, according to the No (Cyber) Safe for Work 2023 report. This, in turn, has increased the probability of attacks at the corporate level through codes QR.
“QR codes can be dangerous because they allow cybercriminals to direct their attack from a secure computer to the victim’s mobile device. These devices usually have fewer security protections and contain confidential information,” explained Pablo Herrera, Cisco cybersecurity specialist.
Corporate computers and devices often have security tools to detect phishing and protect users from malicious links. “But when scanning a malicious QR code from a personal device, security is reduced, and not all email solutions can detect these codes as they would malicious attachments,” Herrera added.
With the widespread use of QR codes, not only in the workplace but also in people’s daily routine to access information about events, procedures or in restaurants, the exposure of confidential data through this means has become a threat. real without adequate security measures.
Therefore, Cisco provides organizations and users with some tips to defend against these types of threats:
- Deploy a mobile device management platform or mobile security tools on all devices with access to corporate information.
- Use an email security solution capable of detecting malicious QR codes.
- Educate and train staff on the dangers of phishing attacks and the increasing use of QR codes in emails.
- Adopt multi-factor authentication protocols to prevent credential theft.
The attacks of phishing Traditional attacks use emails designed to trick users into opening malicious attachments or links, while QR code attacks insert one into the email so it can be scanned with a mobile device.
This link may lead to a fake page or download malware to your device. Therefore, it is crucial to verify emails and QR codes before interacting with them.
“Phishing attacks that take advantage of QR codes are worrying at the enterprise level because by using mobile devices as input, defenses lose visibility and cannot detect malicious QR codes. Therefore, it is essential that organizations train their employees to prevent these types of threats and implement stronger cybersecurity measures,” Herrera pointed out.
