Did you know QR (Quick Response) codes are two-dimensional barcodes that can contain various information? Using a QR code generator online, data can be easily converted into a smartphone-scannable code for instant access. These codes facilitate various transactions such as website access, online payments, and advertising. About half of U.S. industry survey respondents indicated they likely to use QR codes at hotels, movie theaters, medical offices, museums, or concerts.
NJCCIC Warning
In its recent Weekly Bulletin (Cyber Threat Highlights), the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) issued a warning, “Be Wary of QR Code Fatigue.” Given the rapid proliferation of the use of QR codes, along with this and other QR Code-related security warnings, we feel it is important to highlight these trends.
The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) is the state’s one-stop shop for cybersecurity information sharing, threat intelligence, and incident reporting. It is part of the New Jersey Office of Homeland Security and Preparedness. Its Weekly Bulletin aggregates information about cyber threats, vulnerabilities, and other resources to promote shared awareness and the adoption of best practices.
The NJCCIC is reporting that QR Code phishing and quishing attacks recently increased.
“Phishing” refers to the fraudulent practice of purporting to be from a reputable company in order to induce individuals to reveal personal information, such as passwords and credit card numbers. “Quishing” utilizes manipulated or fake QR codes, enabling hackers to carry out fraudulent activities — such as stealing personal information or spreading malicious software.
According to Abnormal Security, an IT security platform provider, executives are over 40 times more likely to be targeted by quishing attempts than an average employee. A large percentage of attacks have been associated with harvesting credentials. Executives are desirable targets as they generally have greater access to confidential information and IT networks. Often, quishing messages appear to come from legitimate companies such as Microsoft or Google. Cybercriminals can clone QR codes and trick users into scanning their malicious QR Code – facilitating stealing credentials and taking over a user’s account.
The Better Business Bureau (BBB) explains that attackers use malicious QR codes in many ways. Techniques include placing malicious codes on parking meters, government impersonation, romance scams, and other methods.
The NJCCIC recommends that users verify QR codes included in emails prior to scanning them. Look for look for signs of tampering. Review the URL before navigating to the website. Be sure to educate yourself and others on possible QR code scams to prevent future victimization. If you become a victim, it is encouraged to report the activity to the FBI’s IC3 and the NJCCIC.
QR CODE EVOLUTION
QR codes first appeared in 1994 and became more widely used in 2020 (due to the COVID-19 pandemic). Since then, use of QR Codes has continued to expand. Post-pandemic, there has been a 25x increase in the use of QR codes by restaurants and a 7x increase by hotels. In addition to marketing and advertising, QR codes are being used in product authentication, logistics, contactless payments, ticketing systems, and education.
According to Juniper Research, global spending through QR code payments will reach over $3 trillion by 2025, up by $2.4 trillion over 2022. The global QR code payment market was is projected to grow to $52 billion by 2032, up from $11 billion in 2022.
USE WITH CAUTION
Given the rapid growth of QR code usage and the proliferation of fraudulent activities by bad actors, caution has become necessary when using QR codes.
For more technology trends and topics, follow our LinkedIn page! 🖥️
➡️ Check Out Our Business Testimonials!
How is your state of IT? Call Us: (201) 493-1414 with any questions.
