February 2, 2022
Good morning, everyone!
The latest critical vulnerabilities:
Patch All the Things!
The dangers of QR codes
I was reading this article “ Surge in Malicious QR Codes Sparks FBI Alert” and thought, hmmmm, I wonder how many of my newsletter readers realize that QR codes can be quite dangerous? Maybe I should talk about that this week!
First of all, what is a QR code? I think most people have seen them by now, either in an advertisement, on a restaurant menu, on a coupon … it’s a square symbol with odd shapes and lines inside that looks vaguely like some sort of computer-speak (actually it kinda reminds me of a sophisticated version of punch cards – how many people remember those?) QR codes have grown in popularity during the current pandemic for “contactless” tasks. So naturally the cyber criminals have upped their game again!
The FBI said it has also observed threat actors using malicious QR codes to download malware giving them access to a victim’s device, where they then accessed financial data to steal money. Cybercriminals are also swapping out genuine QR codes for their own, intercepting payments, collecting cash and data, the FBI added.
The FBI offers several tips for protecting yourself against this kind of attack:
- Once you scan a QR code, check the URL to make sure it is the intended site and looks authentic. A malicious domain name may be similar to the intended URL but with typos or a misplaced letter.
- Practice caution when entering login, personal, or financial information from a site navigated to from a QR code.
- If scanning a physical QR code, ensure the code has not been tampered with, such as with a sticker placed on top of the original code.
- Do not download an app from a QR code. Use your phone's app store for a safer download.
- If you receive an email stating a payment failed from a company you recently made a purchase with and the company states you can only complete the payment through a QR code, call the company to verify. Locate the company's phone number through a trusted site rather than a number provided in the email.
- Do not download a QR code scanner app. This increases your risk of downloading malware onto your device. Most phones have a built-in scanner through the camera app.
- If you receive a QR code that you believe to be from someone you know, reach out to them through a known number or address to verify that the code is from them.
- Avoid making payments through a site navigated to from a QR code.
Happy February, everyone!
Talk to you again soon!
Security Awareness Training Available Here, There, Everywhere!
Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.
Contact me to schedule your employee training sessions. They're fun! ☺