Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label QR code. Show all posts
QR code security
2FA Cyber Security cybercriminals Gmail Google Google Security Tools QR code QR code security

Google to Introduce QR Codes for Gmail 2FA Amid Rising Security Concerns

 

Google is set to introduce QR codes as a replacement for SMS-based two-factor authentication (2FA) codes for Gmail users in the coming months. While this security update aims to improve authentication methods, it also raises concerns, as QR code-related scams have been increasing. Even Google’s own threat intelligence team and law enforcement agencies have warned about the risks associated with malicious QR codes. QR codes, short for Quick Response codes, were originally developed in 1994 for the Japanese automotive industry. Unlike traditional barcodes, QR codes store data in both horizontal and vertical directions, allowing them to hold more information. 

A QR code consists of several components, including finder patterns in three corners that help scanners properly align the code. The black and white squares encode data in binary format, while error correction codes ensure scanning remains possible even if part of the code is damaged. When scanned, the embedded data—often a URL—is extracted and displayed to the user. However, the ability to store and quickly access URLs makes QR codes an attractive tool for cybercriminals. Research from Cisco Talos in November 2024 found that 60% of emails containing QR codes were spam, and many included phishing links. While some emails use QR codes for legitimate purposes, such as event registrations, others trick users into revealing sensitive information. 

According to Cisco Talos researcher Jaeson Schultz, phishing attacks often use QR codes for fraudulent multi-factor authentication requests to steal login credentials. There have been multiple incidents of QR code scams in recent months. In one case, a 70-year-old woman scanned a QR code at a parking meter, believing she was paying for parking, but instead, she unknowingly subscribed to a premium gaming service. Another attack involved scammers distributing printed QR codes disguised as official government severe weather alerts, tricking users into downloading malicious software. Google itself has warned that Russian cybercriminals have exploited QR codes to target victims through the Signal app’s linked devices feature. 

Despite these risks, users can protect themselves by following basic security practices. It is essential to verify where a QR code link leads before clicking. A legitimate QR code should provide additional context, such as a recognizable company name or instructions. Physical QR codes should be checked for tampering, as attackers often place fraudulent stickers over legitimate ones. Users should also avoid downloading apps directly from QR codes and instead use official app stores. 

Additionally, QR-based payment requests in emails should be verified through a company’s official website or customer service. By exercising caution, users can mitigate the risks associated with QR codes while benefiting from their convenience.
Read more »
User Security
Cyber Fraud phishing QR code Quishing User Security

Quishing On The Rise: Strategies to Avert QR Code Phishing

 

QR codes are already ubiquitous: from restaurant menus to public transportation schedules, everyone wants you to scan theirs. This normalisation of scanning random QR codes is being exploited, resulting in a new cybersecurity threat known as Quishing. 

What is Quishing? 

Quishing (QR code phishing) is the process of placing a malicious URL into a QR code. Rather than linking to a legitimate website, the code will load a page that attempts to steal information, infect your device with malware, or execute another malicious act.

It's a goofy name, but it poses a serious threat. While we're all aware that you shouldn't browse suspicious websites or download unfamiliar files, the nature of QR codes makes it impossible to tell what's on the other side. With a scan and a tap, you're whisked away to a website that may contain material you don't want to see, or routed to a malware download. 

It's also possible to be duped into scanning a QR code: many businesses build their QR codes using third-party services and URL shorteners, which means that the embedded links may not always redirect to their actual websites. This makes it challenging to determine whether a QR code has been tampered by someone carrying out a quishing assault.

Is quishing a real threat? 

Yes. It is already happening and has proven to be beneficial. QR codes for parking meters, restaurant payments and tip systems, and phoney advertisements are being tampered with all across the world to perpetrate quishing frauds, typically by simply sticking a sticker with a bogus QR over an already existing official code.

These trick codes then lead to false login pages and payment sites, where you can either pay the scammer directly or give them your information (which can be used to steal your money later or push further scams). 

Safety tips 

There are a few efficient strategies to safeguard yourself from quishing: 

  • Make use of your device's built-in QR code scanner. App shops' QR scanners have a bad reputation for security and privacy.
  • Avoid clicking on links that employ URL shorteners and make sure the destination a QR code is attempting to direct you to is genuine before clicking on the link. 
  • Avoid paying with QR codes whenever you can, especially if the payment link takes you to an unidentified address. 
  • Additionally, be aware that phoney websites often use names that sound similar to legitimate ones, so double-check your spelling.
Read more »
QR code
browser isolation Cyber Security Hacking HTTP QR code

Here’s How Hackers Are Using QR Codes to Break Browser Security

 



Browser isolation is a widely used cybersecurity tool designed to protect users from online threats. However, a recent report by Mandiant reveals that attackers have discovered a novel method to bypass this measure by utilizing QR codes for command-and-control (C2) operations.

How Browser Isolation Works

Browser isolation is a security technique that separates a user's browsing activity from their local device. It streams only visual content from web pages into the user's browser, preventing direct interaction with potentially harmful sites or exploits. This can be implemented through cloud-based, on-premises, or local solutions.

Traditionally, attackers rely on HTTP requests to communicate with a C2 server and issue commands to compromised systems. However, browser isolation disrupts this process by streaming only webpage pixels, effectively blocking HTTP-based attack methods.

The QR Code Workaround

To bypass browser isolation, Mandiant researchers devised a technique that embeds command data within QR codes. The process works as follows:

  1. The attacker’s server generates a web page containing a QR code embedded with command data.
  2. A headless browser on the victim’s compromised system renders the page and takes a screenshot of the QR code.
  3. The system decodes the QR code to extract and execute the command.

This approach exploits browser isolation’s reliance on transmitting visual data, allowing the QR code to be captured and decoded without triggering traditional security defenses.

Real-World Proof of Concept

Mandiant demonstrated the attack using tools like Puppeteer and Chrome in headless mode. They further integrated the technique with Cobalt Strike’s External C2 feature, showcasing its practicality. However, the technique has certain limitations:

  • Data Size: QR codes have a limited storage capacity, with a practical limit of about 2,189 bytes per code.
  • Latency: Each operation introduces a delay of approximately five seconds, making it unsuitable for high-bandwidth tasks such as proxying.

Mitigation Strategies

Despite this new attack vector, browser isolation remains a valid and essential security measure. Mandiant recommends a layered defense strategy to mitigate such threats:

  1. Monitor Network Traffic: Detect abnormal low-bandwidth activity, such as iterative HTTP requests.
  2. Identify Automation Tools: Watch for specific flags associated with headless mode in browser sessions.
  3. Layered Security: Combine browser isolation with other cybersecurity measures to strengthen defenses.

Conclusion

This novel attack demonstrates the evolving nature of cybersecurity threats and the need for constant vigilance. Organizations should adopt a comprehensive approach, including education and robust protection strategies, to defend against emerging threats effectively. Browser isolation remains an important tool when integrated into a layered security framework.

Read more »
Web Community
Cyber Attacks CyberCrime Cybersecurity efvt Malware attacks Microsoft Office Netskope Phishing Attacks QR code Quishing Quishing Campaign URL Web Community

Quishing Scams Exploit Microsoft Sway Platform

 


It has been discovered that a new phishing campaign is being run using Microsoft Sway, which has been found by researchers. A series of attacks have been called the "Quishing" campaign to describe what is happening. The practice of "squishing" is a form of phishing that uses QR codes to lead people to malicious websites. An example of Quishing is embedding malicious URLs into a QR code to commit phishing. 

A few groups of victims in Asia and North America are primarily focusing on the campaign. In late December, researchers noticed that an unexpected spike in traffic to unique Microsoft Sway phishing pages arose as a result of a campaign called "quishing," which targeted Microsoft Office credentials.  As defined by Netskope Threat Labs, quishing is essentially phishing to trick users into opening malicious pages by presenting them with QR codes, which are commonly used in many forms of phishing. 

According to a spokesperson for the campaign, the campaign mainly targets victims in Asia and North America, across multiple industries such as the technology, manufacturing, and finance sectors. A researcher from the University of California, Davis, reported that "attackers instruct their victims to scan QR codes with their mobile devices, in the hope that these portable devices do not possess the strict security measures found on corporate-issued devices," according to an article written by the researchers. 

This QR phishing campaign utilizes two techniques that have been discussed in previous articles: transparent phishing in conjunction with Cloudflare Turnstile" Those who operate phishing websites use Cloudflare Turnstile to ensure that their malicious websites are protected from static analysis tools so that they can hide their malicious payloads, prevent web filtering providers from blocking their domains, and maintain a clean reputation among the web community. 

This is known as an attack-in-the-middle phishing technique, which is more sophisticated than traditional phishing techniques. The attackers not only attempt to gain access to the victims' credentials but also attempt to log them into the legitimate service using those credentials, bypassing multi-factor authentication, so they can steal sensitive tokens or cookies which can be used to gain further unauthorized access to the system. 

This is a massive QR code phishing campaign, which abused Microsoft Sway, a cloud-based tool for creating presentations online, to create landing pages that scammed Microsoft 365 users into handing over their credentials in exchange for money. According to Netskope Threat Labs, these attacks were spotted in July 2024 after detecting an increase of 2,000-fold in attacks exploiting Microsoft Sway to host phishing pages that allegedly steal access credentials for Microsoft 365 accounts. 

Interestingly, this surge of activity dates back to the first half of the year when minimal activity was reported. So, it comes as no surprise that this campaign has been so widespread. Essentially, they were interested in targeting users in Asia and North America, concentrating primarily on the technology, manufacturing, and finance sectors, which were the most likely to present themselves to them. A free application, called Sway, is available in Microsoft 365 for anyone with a Microsoft account who has a Microsoft account. 

Attackers, however, utilize this open access as an opportunity to fool users by misrepresenting them as legitimate cloud applications, thus defrauding them of the money they are paid to use them. Furthermore, Sway is accessed once an individual logs into their Microsoft 365 account, adding a layer of legitimacy to the attack, since it is accessible once the victim has already logged into the account, thus increasing the chances of them opening malicious links. 

Netskope Threat Labs identified a new QR code phishing campaign in July 2024, marking a significant development in cyber threats. This campaign primarily targets victims in Asia and North America, affecting various sectors, including manufacturing, technology, and finance. Cybercriminals employ diverse sharing methods, such as email, links, and social media platforms like Twitter, to direct users to phishing pages hosted on the sway. cloud.Microsoft domain. 

Once on these pages, victims are prompted to scan QR codes that subsequently lead them to malicious websites. Microsoft Sway, a platform known for its versatility, has been exploited in the past for phishing activities. Notably, five years ago, the PerSwaysion phishing campaign leveraged Microsoft Sway to target Office 365 login credentials. This campaign, driven by a phishing kit offered through a malware-as-a-service (MaaS) operation, was uncovered by Group-IB security researchers.

The attacks deceived at least 156 high-ranking individuals within small and medium-sized financial services companies, law firms, and real estate groups. The compromised accounts included those of executives, presidents, and managing directors across the U.S., Canada, Germany, the U.K., the Netherlands, Hong Kong, and Singapore. This escalation in phishing tactics highlights the ongoing battle between cybercriminals and cybersecurity professionals, where each defensive measure is met with a corresponding offensive innovation. 

The need for a comprehensive approach to cybersecurity has never been more apparent, as malicious actors continue to exploit seemingly innocuous technologies for nefarious purposes. With the rising popularity of Unicode QR code phishing techniques, security experts emphasize the importance of enhancing detection capabilities to analyze not just images but also text-based codes and other unconventional formats used to deceive users and infiltrate systems. This sophisticated phishing method underscores the continuous vigilance required to safeguard digital environments against increasingly cunning cyber threats.
Read more »
Technology
Payments QR code QR Code Phishing Quishing Technology

QR Code Phishing: How Cybercriminals Exploit Trust via Quishing


Today, QR codes have become a familiar sight. And why not, it makes our daily tasks easy. From making payments to accessing websites, these square patterns of black and white squares offer convenience and efficiency. However, cybercriminals have found a way to exploit this very convenience through a technique known as "quishing."

What is Quishing?

Quishing, short for "QR code phishing," involves using QR codes to deceive victims. Here's how it works:

Cybercriminals generate seemingly harmless QR codes that lead to fraudulent websites or initiate downloads of malicious software. These malicious QR codes can be distributed via emails, social media, printed materials, or even by placing stickers over legitimate QR codes in public spaces.

When someone scans the malicious QR code, they are directed to a deceptive website. The site may appear legitimate, offering discounts, special deals, or other enticing content. However, victims are unwittingly prompted to provide sensitive information, such as login credentials or financial details. In some cases, malware is downloaded, compromising the victim's device and network.

Recent Trends

One notable trend involves the use of crypto ATMs and QR codes. The FBI has reported an increase in scammers instructing victims to use physical crypto ATMs for payment transactions. Fraudsters manipulate victims into making payments and guide them to cryptocurrency ATMs. The given QR code automatically fills in the recipient's address, making the process seem legitimate.

Prevention Tips

Be Cautious: Only scan QR codes from trusted sources. Avoid scanning random codes in public places. Double-check the URL before providing any information on a website. If something seems too good to be true, it probably is.

Use a QR Code Scanner App: Opt for a reputable QR code scanner app that checks URLs for authenticity. Some apps provide warnings if a code leads to a suspicious site.

Stay Informed: Keep up with security news and trends. Educate yourself and your team about the risks of quishing.

Moving Forward

QR codes—those pixelated portals to convenience—can also harbor danger. As you scan, tread cautiously. Verify sources, question context, and guard your trust. Remember, not all codes lead to safety. 

Read more »
Vishing Campaign
Cyber Security cybercriminals Information Security Personal Data QR code Quishing Scams Vishing Vishing Campaign

Understanding Vishing and Quishing: Protecting Yourself Against Telephone and QR Code Scams

 

In our digitally interconnected world, cybercriminals continuously devise new methods to exploit technology for their malicious intents. Two prevalent schemes gaining traction are vishing and quishing scams. These fraudulent activities capitalize on telephone calls and QR codes to deceive unsuspecting individuals into revealing sensitive personal and financial information. 

Vishing, derived from "voice" and "phishing," entails perpetrators posing as trusted entities over the phone to trick individuals into sharing confidential data like bank account details or passwords. Employing tactics such as urgent requests or threats of repercussions, these scammers manipulate victims into compliance. For instance, a vishing scam might involve a caller impersonating a bank representative, claiming an account issue that necessitates immediate action from the victim. 

Alternatively, fraudsters may masquerade as technical support agents from reputable companies, coercing victims into paying for unnecessary services or software under false pretenses of fixing non-existent computer problems. Another vishing variant, the "police officer tactic," targets vulnerable individuals, particularly the elderly, by feigning as law enforcement officers. Fabricating stories about imminent criminal threats, these scammers persuade victims to surrender valuables or cash, ostensibly for protection. 

On the flip side, quishing represents a newer cybercrime form exploiting QR codes to entice victims to fraudulent websites for data compromise. With QR code prevalence in daily life, quishing has become an increasingly insidious threat. Cybercriminals send deceptive emails containing QR codes, enticing recipients to scan them with their smartphones under false pretenses. Once scanned, these QR codes redirect users to malicious websites designed to distribute malware-infected files or capture login credentials entered by unsuspecting victims. 

Seamless QR code scanning integration into daily activities makes it easy for individuals to fall prey to quishing attacks without recognizing the danger. Protecting against vishing and quishing necessitates heightened vigilance and adherence to cybersecurity best practices. When receiving unsolicited phone calls, it's crucial to verify the caller's identity by independently contacting the organization they claim to represent using official contact information. 

Refrain from divulging personal or financial information over the phone unless legitimacy is verified. To guard against quishing scams, exercise caution when scanning QR codes, especially from unfamiliar or suspicious sources. Verify the website URL before entering sensitive information and ensure it's encrypted (https). Additionally, consider enabling multi-factor authentication for online accounts to add an extra security layer against unauthorized access. 

By staying informed about vishing and quishing tactics and implementing proactive security measures, individuals can safeguard themselves from falling victim to these malicious schemes. Awareness and caution remain paramount in protecting personal and financial well-being in today's digital landscape.
Read more »
QR code
Bank Hacking cyber attack Cyber Security malware Phishing Attack Privacy QR code

Here's How To Steer Clear Of QR Code Hacking

 



QR codes, present for years and widely embraced during COVID-19, offer great benefits. Yet, cybercriminals exploit them, creating malicious QR codes to unlawfully access your personal and financial data. These tampered codes pose a threat, potentially leading to unauthorised access, financial loss, and malware on your smartphone. 

Used extensively for contactless payments, paperless menus, and quick information access, QR codes are embedded in modern phone systems. Scanning a code takes seconds, but the ease of tampering has led to a surge in QR phishing attacks. Stay vigilant against potential threats when using QR codes to protect your digital safety. 

Let's see how it works 

QR code hacking is surprisingly uncomplicated, thanks to the abundance of generator tools available. In just a couple of minutes, scammers can create fake QR codes that mimic authentic ones found in public spaces. The challenge lies in the fact that the human eye struggles to distinguish between a genuine and a malicious QR code. Exploiting this, scammers trick users into scanning their fraudulent codes, leading them to malicious websites. 

Once a user scans the tampered QR code, the potential for harm escalates. Cybercriminals often replace legitimate QR codes in public areas, like cafes or parking lots, with their malicious counterparts. The ultimate goal is to gain access to personal information, and financial details, or even compromise the security of the user's device. These deceptive QR codes might redirect users to payment sites, unauthorised social media profiles, or initiate actions such as sending emails without consent, all of which can result in the theft of login credentials and damage to one's reputation. Staying alert and recognizing warning signs before interacting with unfamiliar QR codes is crucial to avoid falling victim to these scams. 

Let's explore practical measures to strengthen our protective measures. 

 1. Public Vigilance: 

Stay alert in public spaces, refraining from scanning QR codes where tampering is more likely. Be watchful for deceptive stickers replacing genuine codes. 

 2. URL Scrutiny: 

Before proceeding, meticulously inspect the URL revealed by the QR code. Shortened URLs should trigger heightened caution, prompting a thorough review. 

 3. Language Alerts: 

Keep an eye out for grammatical errors and poor English when interacting with QR codes. Scammers often neglect language quality on fraudulent websites. 

 4. Package Precaution: 

Exercise caution when scanning QR codes on unexpected packages. Confirm orders through official channels to avoid potential scams. 

 5. Crypto-Smart Practices: 

Approach QR codes linked to cryptocurrency transactions with scepticism. Verify such communications through official channels to safeguard personal information. 

 6. App Awareness: 

Say no to downloading apps from QR codes, particularly if not from official stores. Stick to Google Play or the App Store to ensure app legitimacy and preserve your device's security. 


 Stay Alert to the Surge in QR Code Scams

As QR code scams proliferate, be on high alert for potential threats. If you fall victim to one of these hacks, take immediate action. Change your account passwords, notify your bank of the incident, and bolster your security with two-factor authentication (2FA) for crucial services like Google and Microsoft. Safeguard your sensitive information by utilising a reliable password manager to deter prying eyes.

Read more »
URLs
Cyber Fraud Data Theft FTC Mallicious URLs Online Scams Personal Data QR code Scammers Scams URLs

FTC Warns: QR Codes May Result in Identity Theft


One might want to reconsider before scanning QR codes.

The codes, which are a digital jumble of white and black squares that are frequently used to record URLs, are apparently commonplace; they may as well be seen, for example, on menus at restaurants and retail establishments. The Federal Trade Commission cautioned on Thursday that they could be dangerous for those who aren't cautious.

According to a report by eMarketer, around 94 million US consumers have used QR scanner this year. The number is only increasing, with around 102.6 million anticipated by 2026. 

As per Alvaro Puig, a consumer education specialist with the FTC, QRs are quite popular since there are endless ways to use them.

“Unfortunately, scammers hide harmful links in QR codes to steal personal information,” Puig said.

Why is Stolen Personal Data a Threat? 

The stolen data can be misused by threat actors in a number of ways: According to a separate report by FTC, the identity thieves can use victim’s personal data to illicitly file tax returns in their names and obtain tax refunds, drain their bank accounts, charge their credit cards, open new utility accounts, get medical treatment on their health insurance, and open new utility accounts.

In some cases, criminals cover the legitimate QR codes with their own, in places like parking meters, or even send codes via text messages or emails, luring victims into scanning their codes. 

One of the infamous tactic used by scammers is by creating a sense of urgency in their victims. For example, they might suggest that a product could not  be delivered and you need to reschedule or that you need to change your account password because of suspicious activity.

“A scammer’s QR code could take you to a spoofed site that looks real but isn’t,” Puig wrote. “And if you log in to the spoofed site, the scammers could steal any information you enter. Or the QR code could install malware that steals your information before you realize it.”

How can User Protect Themselves?

According to FTC, some of the measures one can follow to protect themselves from scams are:

  • Inspect URLs before clicking: Even if a URL looks familiar, it is advisable to check for any misspelling or switched letters in order to ensure it is legit. 
  • Do not scan a QR code in a suspicious/unexpected message: This is particularly valid when the text or email demands a quick response. If a user believe this to be a genuine message, it is advisable to get in touch with the business using a reliable channel, such as a working phone number or website. 
  • Protect devices and online accounts: Users are advised to use strong passwords and multifactor authentication and keep their phones’ OS in their latest versions.  

Read more »
Subscribe to: Posts (Atom)