QR codes are everywhere: you can see them on posters and leaflets, ATM screens, price tags and merchandise, historical buildings and monuments. People use them to share information, promote various online resources, pay for their goodies, and pass verification. And yet you don’t see lots of QR codes in email: users often read messages on their phones without any other device handy for scanning. As such, most letters come with ordinary hyperlinks instead. Nevertheless, the attackers increasingly turn to QR codes delivered through email.
Unlike phishing links that are easy to check and block, QR code is a headache for security solutions. It takes costly and resource-heavy computer vision technology to analyze QR codes and find out what information they contain. Worse yet, while a regular link can be sorted out just by looking at it, with QR you cannot tell where it is going to take you until you scan it.
What is a QR code?
A QR code, or Quick Response code, is a 2D matrix bar code consisting of several squares and multiple dots (modules) arranged in a square pattern on a white background. QR codes can be scanned using an image processing device. It will first identify the code’s location by the squares and then read the information encoded in the dots. In addition to the actual code, the square field can accommodate decorative elements, such as a company logo.
QR codes allow to encode more data than 1D bar codes. They are often used to encode hyperlinks to various resources, such as a store catalog, a checkout page, or a building info page.
Malevolent uses of QR codes in email
Fraudsters use QR codes to encode links to phis ..
Support the originator by clicking the read the rest link below.
