More threat actors have been exploiting QR codes to facilitate advanced phishing attacks, reports SiliconAngle.
Aside from integrating phishing links and malware into QR codes, which have become more prevalent since the COVID-19 pandemic, attackers have also been abusing apps' and websites' QR code login functionality with the new QRLJacking technique in a bid to enable session hijacking, a report from SlashNext revealed. Evolving cyber threats involving QR codes should prompt the implementation of more robust security protocols against malicious QR codes, as well as QR threat awareness campaigns, according to SlashNext.
Meanwhile, users have been urged by Tanium Chief Security Advisor Timothy Morris to be wary of emails that include QR codes.
"As we see with any phishing attempt, be suspicious of anything from unknown sources or that instills a sense of urgency. Report it as a phish, delete it or ignore it. For enterprises, it is of the utmost importance to employ good email security, use web content filtering, and provide user training," Morris added.