Estimated reading time: 5 minutes
According to the last one Cisco Talos quarterly report, the world's largest private intelligence organization dedicated to cybersecurity, recorded a Significant increase in phishing attacks via QR code scanning. Cisco Talos had to manage a phishing campaign that tricked victims into scanning malicious QR codes embedded in emails, leading to the unknowing execution of malware.
Another type of attack is the sending of spear-phishing emails to an individual or an organization, emails containing QR codes that pointed to fake Microsoft Office 365 login pages in order to steal the user's login credentials. It is more important than ever to underline that QR code attacks are particularly dangerous, since they use the victim's mobile device, which very often has less protection, as an attack vector.
A traditional phishing attack involves the victim opening a link or attachment so that they land on a page controlled by the attacker. They are usually messages intended for people who are familiar with using email and who normally open attachments or click on a link. In the case of QR code attacks, the hacker inserts the code into the body of the email with the aim of having it scanned via an application or via the camera of the mobile device. Once you click on the malicious link, a login page specifically developed to steal credentials opens, or an attachment that installs malware on your device.
Many business computers and devices come with built-in security tools designed to detect phishing and prevent users from opening malicious links. However, when a user uses a personal device, these defense tools are no longer effective. This is because corporate security and monitoring systems have less control and visibility over personal devices. Additionally, not all email security solutions can detect malicious QR codes.
But there's more. With the rise of remote working, more and more employees are accessing company information through mobile devices. According to the recent Not (Cyber) Safe for Work 2023 report, a quantitative survey conducted by the cybersecurity company Agency, the 97% of respondents access work accounts using personal devices.
Here some advice from Cisco Talos to defend against QR code-based phishing attacks:
BlogInnovazione.it
Google DeepMind is introducing an improved version of its artificial intelligence model. The new improved model provides not only…
Laravel, famous for its elegant syntax and powerful features, also provides a solid foundation for modular architecture. There…
Cisco and Splunk are helping customers accelerate their journey to the Security Operations Center (SOC) of the future with…
Ransomware has dominated the news for the last two years. Most people are well aware that attacks…
An ophthalmoplasty operation using the Apple Vision Pro commercial viewer was performed at the Catania Polyclinic…
Developing fine motor skills through coloring prepares children for more complex skills like writing. To color…
The naval sector is a true global economic power, which has navigated towards a 150 billion market...
Last Monday, the Financial Times announced a deal with OpenAI. FT licenses its world-class journalism…