Gerry Morley - Director of Cyber Security No Comments

Threat Alert: QR Code Scams

What are QR Codes?

QR codes are digital images that when scanned by a smart phone app, allow rapid access to a certain document or website. They are often used for restaurant menus, business cards, links to videos in adverts, access to sporting events etc. They are fast becoming the norm as they help facilitate the move to contactless communications.

QR codes however are quickly becoming another way cybercriminals can trick users into accessing a website or document as it can be more difficult for a user to verify (in advance) the website address, the QR code will take them to.

Cyber attackers however can interfere with QR Codes and lead victims to malicious websites where their financial and personal information is stolen.

QR Code Scams

Some criminals have begun sticking fake QR Codes to parking meters enticing unwitting drivers to scan the code, and hand over their credit/debit card information in the belief they were paying for parking when they the money went straight to the criminals. Earlier this year the FBI published an advisory to warn people.

Many paid and free sites exist that will allow one to create their own QR code allowing bad actors to come up with elaborate attacks or techniques. 

This QR Code we generated above allows someone to quickly and easily connect to a Wi-Fi connection. While this is convenient in a shop/restaurant/café, or to provide guests access to your wireless network, it could be very easily abused and used to entice users into connecting to a malicious network. 

There are many other types of QR codes and all of these are relatively simple to repurpose for malicious activities. 

A recently reported phishing email utilises a QR code while posing as DHL. The criminals behind this scam are exploiting QR codes in a unique way to avoid detection.

A fake DHL themed email begins the attack and although the sender’s address in this scam has nothing to do with the courier service’s name, the message body has a corporate logo, an order number and the purported date of package arrival, all of which are very convincing.

The reported scam notes: An order has arrived at a nearby post office, and the courier was unable to deliver it personally. Normally a link to “resolve the issue” would be included, but this time there is a QR code for the user to scan.

Albeit this scam email below is directed at companies with Spanish employees, the same scam could apply no matter the language or country.

The attackers are counting on the victim using their smartphone to read the QR code. This will cause the malicious website to load on a small screen where the URL is not fully visible and other phishing scam signs are more difficult to identify.

How to thwart an attack? 

The best ways to help thwart such attacks is to:

  1. Always Stop, Look and Think. Are you expecting the email? Does the context indicate an unexpected or unforeseen problem has suddenly arose? Does the email infer a sense of urgency or a negative consequence if not actioned?
  2. Verify an emails sender address to ensure it is genuine.
  3. If you need to use a QR Code scanning app, use one that offers a preview where a QR code will take you before it takes you there. If this is not possible or if in doubt, don’t scan the QR Code. It is best practice to instead visit the genuine website via a web browser.
  4. If you’re expecting a shipment, be sure to make a note of the tracking code and check  the status of the shipment on the official website.
  5. Where possible, save genuine links to work and personal cloud-based services (including courier services) in your PC and phones bookmarks. Access these sites via your bookmarks and avoid clicking links to these services in an email.

If in doubt, before you take any action, understand and follow your company approved policy/procedures for reporting suspicious email activity. The sooner an incident is reported, the sooner measures can be put in place to prevent a breach.

More info:

QR Codes in the Time of Cybercrime (knowbe4.com)

Criminals steal payment details of DHL customers | Kaspersky official blog

Shane Chambers No Comments

Large Increase in BEC Scams in 2020, as the Business World Shifts Online

These days, most people are aware that cybercrime is a very real and ever-increasing threat. Due to the Covid-19 pandemic, many workers were forced to work remotely for the first time, from their bedrooms, living rooms and kitchen. Terms like ‘phishing’ and ‘ransomware’ are now frequently seen and heard, but there is another type of threat that has seen a huge increase in frequency in 2020 – Business Email Compromise.

Business Email Compromise (BEC) scams, also known as ‘CEO Fraud’, stole billions of dollars from businesses in 2020 alone.
Read more
Shane Chambers No Comments

Thousands of Organisations Compromised by ‘Hafnium’ Email Hack

As the saying goes, there’s no rest for the wicked. Just a few months after behemoth IT management solutions provider SolarWinds was the victim of a major cyber attack, IT professionals across the globe are scrambling to patch their Exchange servers against a new zero-day exploit.

Earlier this month, it was announced that hundreds of thousands of organisations (at least 30,000 in the US alone) had potentially been compromised by a group called Hafnium, who are based out of China and believed to be state-sponsored.

The Hafnium Exchange hack dwarfed the SolarWings hack, which was itself one of the largest organised hacks in recent years.
Read more
Shane Chambers No Comments

Many SolarWinds Customers Still Exposed Online, Despite Well-Publicised Breach

IT management software giant Solarwinds were the victims of what is believed to be one of the largest cyber attacks yet late last year, sending shivers down the spine of much of the tech world. The attack breached SolarWinds monitoring tool Orion, which allowed the hackers to deliver malicious updates to unsuspecting users of the tool for several months.

Now, two months after the breach was discovered, an alarming number of SolarWinds customers still have vulnerable Orion servers exposed to the internet.

SolarWinds, a behemoth IT management solutions provider with over 300,000 customers, was revealed to be the target of a major cyber attack in December 2020.
Read more