This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.
QR code attacks probably aren’t coming for your scan-to-order menus
QR code-based phishing attacks appear to be on the rise. For this “new” hacking vector, someone gets a phishing email asking them to scan a QR code, that code redirects to a malicious link (usually to steal credentials) and an account takeover occurs. Local news organizations have warned the public to watch out, security leadership publications tell executives to be careful and security companies really, really want you to call it quishing.
To be fair, there have been some notable headlines about it lately. A large-scale version of this against an unnamed “major” US energy company went after Microsoft logins, according to a Cofense report in August. Security researchers have unanimously reported some level of uptick or spike in the attack vector this year. Even the Federal Trade Commission warned consumers of the dangers.