Gerry Morley - Director of Cyber Security No Comments

Threat Alert: QR Code Scams

What are QR Codes?

QR codes are digital images that when scanned by a smart phone app, allow rapid access to a certain document or website. They are often used for restaurant menus, business cards, links to videos in adverts, access to sporting events etc. They are fast becoming the norm as they help facilitate the move to contactless communications.

QR codes however are quickly becoming another way cybercriminals can trick users into accessing a website or document as it can be more difficult for a user to verify (in advance) the website address, the QR code will take them to.

Cyber attackers however can interfere with QR Codes and lead victims to malicious websites where their financial and personal information is stolen.

QR Code Scams

Some criminals have begun sticking fake QR Codes to parking meters enticing unwitting drivers to scan the code, and hand over their credit/debit card information in the belief they were paying for parking when they the money went straight to the criminals. Earlier this year the FBI published an advisory to warn people.

Many paid and free sites exist that will allow one to create their own QR code allowing bad actors to come up with elaborate attacks or techniques. 

This QR Code we generated above allows someone to quickly and easily connect to a Wi-Fi connection. While this is convenient in a shop/restaurant/café, or to provide guests access to your wireless network, it could be very easily abused and used to entice users into connecting to a malicious network. 

There are many other types of QR codes and all of these are relatively simple to repurpose for malicious activities. 

A recently reported phishing email utilises a QR code while posing as DHL. The criminals behind this scam are exploiting QR codes in a unique way to avoid detection.

A fake DHL themed email begins the attack and although the sender’s address in this scam has nothing to do with the courier service’s name, the message body has a corporate logo, an order number and the purported date of package arrival, all of which are very convincing.

The reported scam notes: An order has arrived at a nearby post office, and the courier was unable to deliver it personally. Normally a link to “resolve the issue” would be included, but this time there is a QR code for the user to scan.

Albeit this scam email below is directed at companies with Spanish employees, the same scam could apply no matter the language or country.

The attackers are counting on the victim using their smartphone to read the QR code. This will cause the malicious website to load on a small screen where the URL is not fully visible and other phishing scam signs are more difficult to identify.

How to thwart an attack? 

The best ways to help thwart such attacks is to:

  1. Always Stop, Look and Think. Are you expecting the email? Does the context indicate an unexpected or unforeseen problem has suddenly arose? Does the email infer a sense of urgency or a negative consequence if not actioned?
  2. Verify an emails sender address to ensure it is genuine.
  3. If you need to use a QR Code scanning app, use one that offers a preview where a QR code will take you before it takes you there. If this is not possible or if in doubt, don’t scan the QR Code. It is best practice to instead visit the genuine website via a web browser.
  4. If you’re expecting a shipment, be sure to make a note of the tracking code and check  the status of the shipment on the official website.
  5. Where possible, save genuine links to work and personal cloud-based services (including courier services) in your PC and phones bookmarks. Access these sites via your bookmarks and avoid clicking links to these services in an email.

If in doubt, before you take any action, understand and follow your company approved policy/procedures for reporting suspicious email activity. The sooner an incident is reported, the sooner measures can be put in place to prevent a breach.

More info:

QR Codes in the Time of Cybercrime (knowbe4.com)

Criminals steal payment details of DHL customers | Kaspersky official blog

Shane Chambers No Comments

Mid-Size Businesses at Increased Risk of Cyber Attacks & Data Breaches

Cyber crime has cost mid-size businesses more than €33 million in the UK in 2018, according to a recently-released report by financial services firm Grant Thornton. More than 500 UK businesses were surveyed as part of the study, Cyber Security: the board report.

Reputation loss was the most commonly reported impact of a cyber attack, according to 58% of respondents.
Read more
Shane Chambers 1 Comment

Equifax Replaces CEO After Poor Response to Data Breach

Equifax, one of the “big three” credit bureaus in the US, is in hot water at the moment after suffering a data breach which has exposed personal data for 143 million people. Social security numbers, birth dates, addresses and even some driver’s license numbers are believed to have been compromised, making this one of the largest data breaches to date. While most of the data exposed to “unauthorised access” belonged to US citizens, Equifax stated that that “limited personal information for certain UK and Canadian residents” had also been compromised.

Equifax made a series of mistakes following the data breach, culminating in replacement of the CEO, Richard F. Smith

Read more

Shane Chambers No Comments

Irish National Teachers Organisation Hit by Cyber Attack, Exposing up to 30,000 Teachers’ Data

INTO, the Irish National Teachers Organisation, has reported that it was the target of a cyber attack in recent days, notifying up to 30,000 teachers and retired staff who may have had their personal data compromised. The organisation has stated that any user who has completed online courses on their website (intolearning.ie) may be affected, which includes not only current teaching staff but also past staff who had booked retirement planning courses.


INTO, the Irish National Teachers’ Organisation, does not believe any financial data was accessed during the attack

Read more

Gerry Morley - Director of Cyber Security No Comments

Worldwide disruption of Internet services due to Amazon Web Services Outage

If your favourite website or internet related service wasn’t accessible or working right yesterday it may not have been just you.

Amazon Web Services

Yesterday, Amazon Web Services S3 system which hosts well over a hundred thousand websites experienced a major outage for between 4 and 5 hours yesterday. Many popular websites (Netflix, Instagram, Spotify, Pinterest, Slack, Trello, Buzzfeed, Reddit, IFTTT, Quora, Splitwise and Medium to name a few) use Amazon’s S3 system and users of these popular sites may have experienced slowness in accessing such services.

Unbeknownst to users familiar with Amazon’s online shopping website, Amazon Web Services is a giant provider of the back-end of the Internet. It provides cloud-based storage and web services for companies so they don’t have to build their own server farms, allowing them to rapidly deploy computing power without having to invest in infrastructure.

While not all AWS customers were affected by the outage at one of AWS’s main storage systems, many experienced slowdowns in website reaction times, after a big portion of its S3 system went offline. Amazon wasn’t able to update its own service health dashboard for the first two hours of the outage because the dashboard itself was hosted on AWS.

“We’ve identified the issue as high error rates with S3 in US-EAST-1,” Amazon explains on its services tracking page, adding that the issue “is also impacting applications and services dependent on S3.

The issue appears to have been resolved but these instances are always a great reminder of how much of the internet relies on just a handful of huge companies to keep it up and running and even massive companies like Amazon can have unforeseen issues which cause downtime.  Unfortunately, there will always be “ghosts” in the machine, and just like cyber-attacks, downtime at some stage is inevitable for nearly every business. It’s a case of “when” not “if” it will happen to you. That’s why it’s so important to have a backup, disaster recovery and business continuity plan for your own business so you can be best prepared to continue to maintain operations and service your customers even when issues happen.

Sources: USA Today, Engadget, Verge, BGR