Tag: #phishing

ESET bulks up its ESET HOME consumer protections against identity theft, ransomware, phishing, and more

ESET, a global leader in cybersecurity solutions, has announced the launch of its upgraded consumer offering ESET HOME Security, introducing new features such as ESET Folder Guard and Multithread Scanning, together with an overall improvement of its capabilities. Identity Protection featuring Dark Web Monitoring is now globally available.

These enhancements to ESET HOME Security, as an all-in-one solution for consumers, correspond to the increasing number of advanced, automated, and AI-driven threats targeting individuals and address growing concerns about data privacy, ransomware attacks, phishing, and scams.

Despite being packed with the latest technology, ESET HOME Security remains easy to use thanks to ESET HOME, a comprehensive security management platform available across all major operating systems — Windows, macOS, Android, iOS — and covering all typical smart home devices. Now ESET HOME Security offers even more formidable protection for entire households.

“As a progressive digital life protection vendor, ESET is dedicated to always being one step ahead of adversaries. Our team of experts created a powerful digital life protection solution that blends more than 30 years of human expertise with artificial intelligence, multilayered security technology, and live cloud protection. Following a prevention-first approach that stops threats before they can do any harm, ESET HOME Security brings peace of mind regarding privacy and security, while staying user-friendly, powerful, light, and fast,” said Viktória Ivanová, Vice President of Consumer and IoT Segment at ESET.

To complement the long list of already existing layers of protection, including Antivirus & Antispyware, Firewall, Ransomware Shield, Anti-Phishing, Safe Banking, Safe Browsing, Password Manager, VPN, and Anti-Theft — to name just a few — new features and upgrades have been added:

New Dark Web Monitoring — ESET Identity Protection* scours websites on the dark web, black market chat rooms, blogs, and other data sources to detect the illegal trading and selling of users’ personal information. ESET technology sends prompt alerts so users can take immediate action.

New ESET Folder Guard — This technology helps protect Windows users’ valuable data from malicious apps and threats, such as ransomware, worms, and wipers (malware that can damage users’ data). Users can create a list of protected folders — files in these folders can’t be modified or deleted by untrusted applications.

New Multithread Scanning — Improves scanning performance for multi-core processor devices using Windows by distributing scanning requests among available CPU cores. There can be as many scanning threads as the machine has processor cores.

New Link Scanner — This feature improves ESET Mobile Security Anti-Phishing that, in general, blocks potential phishing attacks coming from websites or domains listed in the ESET malware database. The Link Scanner is an additional layer of protection for Android smartphone users that allows ESET Mobile Security to check every link a user tries to open, not only those coming from supported websites and social network apps. For instance, if a user receives a phishing link in a game app and opens it, the link is first redirected to the ESET Mobile Security app, where it is checked, before being redirected to the browser. If the user is using an unsupported browser, the Link Scanner will block the malicious link in this case.

Improved Gamer Mode — This feature is for users who demand uninterrupted usage of their software without pop-up windows and want to minimize CPU usage. The improved version allows users to create a list of apps automatically starting gamer mode. For cautious players, there is also a new option to display interactive alerts while gamer mode is running.

Improved Password Manager — ESET Password Manager now includes an option to remotely log out of Password Manager when it is logged in on other devices. Users can check their password against the password breach list and view a security report that informs users if they use any weak or duplicate passwords for their stored accounts. Password Manager has an integrated option to use third-party programs as an optional two-factor authentication (2FA).

Improved Cyber Security for Mac users — ESET HOME Security tiers for Mac users now have a new unified Firewall with both basic and advanced setup options in the main Graphical User Interface (GUI). This means the solution is tailored to the needs of users from basic to more advanced, without unnecessary settings.

This robust all-in-one security product is an ideal solution for all who have concerns beyond general cybersecurity, and it includes privacy protection, identity protection, performance optimization, device protection, and smart home protection. Because in a world of advanced cyberthreats, quality matters.

More information about the consumer offering and subscription tiers can be found here.

AI to supercharge Deepfakes, Ransomware and Phishing Attacks.

Every 39 seconds a cyberattack is happening somewhere in the world. And, while cybercrime involving large organisations, like the HSE or Sony, makes headlines; in reality, small and medium businesses are three-times more likely to be victims of attack, due to weak defences.

Current cyber threats facing businesses in Ireland, and what can be done to manage them, is the subject of the annual Irish Reporting and Information Security Service cybercrime conference, in Dublin in November.

IRISSCON 2024 takes place on November 6th next, at The Aviva Stadium in Dublin, featuring expert speakers and delegates from all over the world, as well as the popular Cybersecurity Challenge, testing the skills of would-be hackers to break the system!

Jake Moore, global cybersecurity advisor for security software company, ESET, is a keynote speaker. With a 14-year background in the UK police force, in digital forensics and cybercrime, Moore now helps businesses bolster their cybersecurity, blending real-world crime insights and social engineering techniques, with advanced digital security strategy, to combat ever-evolving cyber threats.

Attackers have been known to spend over 200 days in an organisation’s network, unnoticed, before launching any sort of attack, he says.

“Once a hacker has breached an organisation’s network through unprotected endpoints, like a mobile phone, laptop or IoT device, it takes around one minute, 84 seconds on average, to move laterally and get deeper into the network.

“That is not a lot of time for any network security to react, and, once the harm is done, it takes 73 days, on average, to contain the breach. So, the objective is to prevent the network access in the first place.”

Ransomware and phishing attacks remain top threats, according to the ESET software developers. Cybercriminals use AI algorithms to analyse vast amounts of their target segments’ data. They look at social media profiles, online behaviour, recent purchases and other publicly available information to create very personalised phishing and social engineering attacks.
Your Voice is my Password

With Artificial Intelligence affecting every single industry, AI obviously benefits cybercriminals too, Jake Moore says.

“From text and image creation tools, to audio and video generation, the newest wave of cyberattacks is AI supercharged. New defences are needed to protect companies from this next generation of attacks.”

The ESET expert’s work with clients begins with some very telling practical examples of their vulnerabilities. Jake Moore has hacked businesses using AI voice cloning technology, stealing money, completely unnoticed, in minutes.

He has also, in the guise of work, hacked a police station. Having socially engineered his way into the police station, he was able to steal a laptop, break the encryption, hack into the entire network, and change the password of the Head of Professional Standards, without being caught.

Moore also engineered a targeted phishing attack, via LinkedIn, on the CEO of a company, illustrating how easy it is to manipulate people into handing over their account credentials, and data, using hacking tools widely available on the internet, (if you know where to look).

Simple social engineering techniques, like psychological manipulation, tricks users into making security mistakes, or giving away sensitive information, so the criminal can take over their email account, website, or even their life, the cybersecurity pro says.

Conference updates and bookings are available on the IRISSCON website: https://iriss.ie/irisscon/#about

Infographic + data – phishing is more prevalent via email than SMS/voice, plus latest on mobile connections

𝐌𝐄𝐅 𝐃𝐚𝐭𝐚 𝐈𝐧𝐬𝐢𝐠𝐡𝐭 – 𝐇𝐚𝐫𝐦 𝐨𝐧 𝐌𝐨𝐛𝐢𝐥𝐞

Most incidents of Phishing or Spoofing on smartphones still occur via Email, according to MEF’s (Mobile Ecosystem Forum) 9th Annual Trust Study, with 52% of users reporting personal experience of data harm via this channel. Surprisingly, 39% of those users still took no preventative measures to protect their online data.

SMS and Voice (phone calls) were the joint second most reported channels for Phishing and Spoofing attempts for 39% of users, followed by WhatsApp (30%). However, more users are taking protective action against breaches on these channels – perhaps highlighting the acceptance of Email as a ‘dirty’ channel.

Full details are available to download at https://mobileecosystemforum.com/mefs-9th-annual-trust-study/

 

𝐌𝐄𝐅 𝐃𝐚𝐭𝐚 𝐈𝐧𝐬𝐢𝐠𝐡𝐭 – 𝐌𝐨𝐛𝐢𝐥𝐞 𝐂𝐨𝐧𝐧𝐞𝐜𝐭𝐢𝐨𝐧𝐬

The total number of cellular connections worldwide with mobile data (excluding M2M) has risen 75% since the end of 2016 – from 3.89 billion to 6.82 billion. Mobile data connections comprise both Talk, Text & Data SIMs and Data-only SIMs.

Over the same time, the total number of cellular connections rose from 7.25 billion to 8.44 billion meaning that cellular connections with mobile data now comprise almost 81% of the total versus just 54% at the end of 2016.

Mobile connection data and user data for over 200 countries worldwide is available to view at MEF Data https://mobileecosystemforum.com/mef-data/

Cybercrime is the number one threat when it comes to financial crime in Ireland

Hacking, phishing, online scams, and other variations of cybercrime are thought to be the most prevalent financial crimes in Ireland, as found in a new survey by the Compliance Institute, which polled 230 compliance professionals working primarily in Irish financial services organisations nationwide.

When asked what they consider to be the most prevalent financial crime in Ireland, respondents to the Compliance Institute Financial Crime answered as follows:

  • Cybercrime (hacking, phishing, online scams)                                                      34%
  • Tax evasion                                                                                                                    21%
  • Fraud                                                                                                                               21%
  • Money laundering                                                                                                         19%
  • Bribery and corruption                                                                                                  4%
  • Insider trading                                                                                                                 1%

Michael Kavanagh, CEO of the Compliance Institute commented on the findings:

While financial crimes from tax evasion to insider trading could be classed as the “traditional” criminal pursuits, cybercrime is more new-age and is developing and advancing at a pace so fast that organisations and legislators cannot keep up.

From the mid-term review of the 2019-2024 Cyber Security Strategy launched in the middle of 2023, we learned of the Government’s plans to create a national anti-ransomware organisation and offer cash subsidies to small businesses to help fight cybersecurity threats. The timelines for this are unclear, but there’s no doubt that the move would be laudable and welcomed with open arms by many businesses that continue to be plagued by ransomware attacks.

These attacks can have catastrophic consequences not just for those whom they are perpetrated against, but for the wider public. We only have to look at the devastation that was caused to patients following the 2021 hacking of the HSE to understand the severity of the crimes”.

Fraud

Mr. Kavanagh continued, “Banking & Payments Federation Ireland (BPFI) stats show fraudsters stole nearly €85 million (€84.6m) through frauds and scams in 2022, an increase of 8.8% on 2021. As a New Year commences, there’s a real concern that we will see an uptick in these figures”.

Mr. Kavanagh concluded,

“Ireland is now Europe’s largest data hosting cluster, putting the need for elevated cybercrime and data protection systems into sharp focus.

Regulators in Ireland, and around the world, are constantly updating and issuing new guidance to firms in response to emerging cyber security issues, such as fake documentation and the reliability of information sources.

Regulators need to ask themselves how they can regulate and supervise without stifling innovation. Businesses and organisations need to ask how can they best prepare and respond, and the general public also needs to know what measures they can take to protect themselves”

6 Ways To Protect Yourself From Hackers

Hacking has been making waves in the tech world, especially since the rise of cryptocurrency. It’s a realm where brilliant minds seek innovation and disruptors try to cause chaos. Shockingly, recent data show that Ireland saw a 37% surge in cryptocurrency theft, totalling about €1.8 billion. Here’s the reality: the risk of getting hacked is greater than ever as these cunning cybercriminals evolve. However, you can fortify your defences by understanding their tactics. Here are six ways you could fall victim to hacking. 

  1. Smartphone apps 

Many people have and love those handy apps that make life easier. In today’s digital world, they’ve become essential. However, your smartphone could be more vulnerable if you’re an Android user without two-factor authentication (2FA). Android’s open-source operating system, while offering flexibility, can be a playground for viruses, making it less secure than the iPhone. When you open an app, you often share sensitive information, potentially giving hackers an open door. The solution is to be picky with your app choices, focus on the ones with credible ratings and reviews, and beef up your security with Two-Factor Authentication on all apps and devices. Don’t forget to double-check your links too. 

    2. Sites-cloning and phishing

Site cloning and phishing are a classic that has been around since the ‘dot-com revolution.’ As they say, ‘the old ones are the best.’ In one scenario, the cyber tricksters create a near-perfect replica of a legitimate website, hoping to trick you into entering your password or secret key. They might even slightly alter the website’s domain, so be vigilant. In the second scenario, they send emails that look identical to official communications but aim to trick you into clicking a malicious link and giving away your data. Trust your instincts, and if something feels off, delete it. Stick to websites with genuine HTTPS protocol. 

   3. Beware of public Wi-Fi

Public Wi-Fi is a hacking scenario that many naturally fear. Your device can connect to a hacker’s Wi-Fi network through a misleading link or accidentally choosing the wrong network. Anything you download or send while connected to that network is fair game for hackers. They can access your private keys from crypto wallets, online banking details, email passwords, and more. This issue is especially critical when using public Wi-Fi in railway stations, airports, hotels, or any crowded spot. Hackers can lurk incognito, waiting for an unsuspecting victim. The rule of thumb here is never to use public Wi-Fi for financial or sensitive transactions, not even with a VPN. Also, keep your router firmware updated, as manufacturers frequently release updates. Meanwhile, you can use SSID as an alternative. But what is SSID? It stands for Service Set Identifier, enabling you to learn more ways to protect yourself on Wi-Fi networks. 

   4. Malicious USB sticks 

You’ve probably heard stories of people finding USB sticks in parking lots and trying to do the right thing by returning them. However, there’s a darker side to this scenario. Sometimes, these USB sticks are loaded with malware and intentionally left by criminals. You don’t need to be the target of a specific attack to fall victim to malware. Inserting random devices like CDs, DVDs, USB drives, or any other found peripherals, such as a mouse or keyboard, puts you at risk of getting hacked. To protect yourself, use reputable antivirus software and make sure it scans all connected devices. While it’s not foolproof and can’t catch every threat, it significantly reduces the chances of falling prey to random malware or malware created by less skilled attackers. 

    5. SMS authentication 

SMS for authentication may seem like a quick and familiar way to confirm your identity, but it’s not as secure as you think. Positive Technologies, a cybersecurity company, has shown how easy it is for attackers to intercept SMS messages containing password confirmations, thanks to the Signalling System 7 (SS7) protocol used worldwide. They demonstrated that any system relying solely on SMS can be accessed by hackers, even if 2FA is used. To protect yourself, turn off call forwarding to prevent data access and consider using a software-based authentication solution instead. 

    6. Malicious documents

Hackers often hide malware in seemingly harmless Office documents like Word or Excel. When you open these files, your computer can get instantly infected. These malicious documents typically arrive in your inbox, disguised as seemingly secure emails. Upon opening, you might receive a pop-up message prompting you to enable macros to view the document’s content. If you allow macros, your computer becomes susceptible to malware attacks. So, avoid enabling macros and never open attachments from suspicious emails or unknown contacts. 

HP Wolf Security report: Daily QR “Scan Scams” Phishing Users on their Mobile Devices

HP Ireland has today issued its latest quarterly HP Wolf Security Threat Insights Report, showing hackers are diversifying attack methods, including a surge in QR code phishing campaigns. By isolating threats on PCs and mobile devices that have evaded detection tools, HP Wolf Security has specific insight into the latest techniques being used by cybercriminals in the fast-changing cybercrime landscape. To date, HP Wolf Security customers have clicked on over 25 billion email attachments, web pages, and downloaded files with no reported breaches.

From February 2022, Microsoft began blocking macros in Office files by default, making it harder for attackers to run malicious code. Data collected by the HP Threat Research team shows that from Q2 2022, attackers have been diversifying their techniques to find new ways to breach devices and steal data. Based on data from millions of endpoints running HP Wolf Security, the research found:

  • The rise of QR scan scams: Since October 2022, HP has seen almost daily QR code “scan scam” campaigns. These scams trick users into scanning QR codes from their PCs using their mobile devices – potentially to take advantage of weaker phishing protection and detection on such devices. QR codes direct users to malicious websites asking for credit and debit card details. Examples in Q4 included phishing campaigns masquerading as parcel delivery companies seeking payment.
  • HP noted a 38% rise in malicious PDF attachments: Recent attacks use embedded images that link to encrypted malicious ZIP files, bypassing web gateway scanners. The PDF instructions contain a password that the user is tricked into entering to unpack a ZIP file, deploying QakBot or IcedID malware to gain unauthorised access to systems, which are used as beachheads to deploy ransomware.
  • 42% of malware was delivered inside archive files like ZIP, RAR, and IMG: The popularity of archives has risen 20% since Q1 2022, as threat actors switch to scripts to run their payloads. This is compared to 38% of malware delivered through Office files such as Microsoft Word, Excel, and PowerPoint.

We have seen a rise in scan scams, malvertising, archives and PDF malware recently, and we would encourage everyone to look out for emails and websites that ask to scan QR codes and give up sensitive data, as well as PDF files linking to password-protected archives. Being aware of the signs to watch out for is the first line of defense when it comes to detecting and eliminating any breaches, it ensures these threat actors don’t gain access to sensitive data and move throughout systems,” explains Val Gabriel, Managing Director of HP Ireland.

In Q4, HP also found 24 popular software projects imitated in malvertising campaigns used to infect PCs with eight malware families – compared to just two similar campaigns in the previous year. The attacks rely on users clicking on search engine advertisements, which lead to malicious websites that look almost identical to the real websites.

While techniques evolve, threat actors still rely on social engineering to target users at the endpoint,” comments Dr. Ian Pratt, Global Head of Security for Personal Systems, HP Inc.

Organisations should deploy strong isolation to contain the most common attack vectors like email, web browsing and downloads. Combine this with credential protection solutions that warn or prevent users from entering sensitive details onto suspicious sites to greatly reduce the attack surface and improve an organisation’s security posture.”

HP Wolf Security runs risky tasks like opening email attachments, downloading files and clicking links in isolated, micro-virtual machines (micro-VMs) to protect users, capturing detailed traces of attempted infections. HP’s application isolation technology mitigates threats that might slip past other security tools and provides unique insights into novel intrusion techniques and threat actor behavior.

The full report can be found here: https://threatresearch.ext.hp.com/hp-wolf-security-threat-insights-report-q4-2022/

How to avoid getting scammed with cryptocurrency?

Scammers always try to steal your money, for which they keep on finding new ways all the time. The cryptocurrency industry is spread on a large scale, which has led to the development of frauds that have created a lot of opportunities for fraud. The past year has broken its records in terms of cryptocurrency crime. If you too are more interested in crypto, then it will be important for you to be aware of the many ways the risks are involved. Read on if you want to know more about crypto scams, how to prevent them, and how to avoid them. If you are looking for a safe and secure trading platform for Bitcoin, you may visit https://quantum-ai.trading/  which will make your trading journey hassle-free.

How to spot cryptocurrency scams?

Let’s first of all you should know how you can detect crypto scams:

 

  • Non-existent whitepaper: A cryptocurrency may have its whitepaper as this is one of the most important aspects whenever the initial coin is introduced. Through the whitepaper, we need to be clear about how the cryptocurrency is designed as well as how it works. If you don’t understand that white paper, you have to tread very carefully. 

 

  • Guaranteed Returns: If you make financial investments, they can never guarantee you returns for the future, because that investment can go down or up. If someone promises to offer crypto, then understand that it will be a risky way for you to earn money, in which only you will have to face loss. 

 

  • Anonymous Member: Many investments are made only with businesses, you may be able to trace who is behind them. This means that anyone looking to drive an investment can easily get an active social media presence. Even if you can’t find out who is running the system, you have to be very careful.

 

  • Excessive Marketing: All businesses that want to promote themselves. But at the same time, many people commit fraud with these digital currencies that it attracts – such as offline promotions, payment influencers, and online advertisements etc. It is intended to reach the greatest number of people in an amount of time and raise money quickly. Stop and do more study if you believe a cryptocurrency offering’s marketing is pushy or makes grandiose claims sans any evidence.

Cryptocurrency investment scams

 

  • Giveaway scam: This is a place where scammers promise to multiply the crypto sent, which is considered a form of giveaway scam. A sense of authenticity and urgency can be created with clever messaging that mimics a legit account on social media. Users may transfer money rapidly in the expectation of immediate rewards because they believe this occasion is a “once in a long life” occurrence.

 

  • Cloud mining scams — Cloud mining simply refers to those companies that allow you to rent mining hardware for a fixed fee that is considered part of the projected revenue. Theoretically, this would enable individuals to mine remotely sans having to invest in costly mining hardware. But a lot of cloud mining businesses are frauds or, at worst, unproductive, meaning you waste money or make less than they promise.

 

  • Phishing Scams — Phishing scams Crypto are scamming that purport to be related to your wallet online and that target your information. Your wallet i.e., private keys is targeted by scammers so that they can access your wallet and steal your funds. The same main way they work is that it can be similar to many phishing attacks and can also be related to fake websites. To entice readers to an especially designed website, they send an email asking for their private key data. The digital coin that is stored in those wallets is stolen once the hackers have access to this information.

 

Phishing emails revealed as biggest cybersecurity threat to SMEs but 50% don’t have security solution in place

A brand-new Cyber Security Pack has been created by Magnet+, Ireland’s largest connectivity network, to help Irish businesses protect themselves against the significant rise in phishing emails as well as other types of vulnerabilities, threats or breaches.

This new product was especially devised by Magnet+ and its security partner Exponential-e, following research conducted by the company which revealed that almost one in four businesses say that email attachments pose the greatest cyber security threat to their business. However, the survey also revealed that 50% of businesses have not implemented an email security solution to prevent this.

So, what does “Phishing” actually mean?

“Phishing” occurs when a cybercriminal impersonates a reputable business or person in an email or other form of communication such as SMS or direct message on social media. Phishing emails often contain malicious links or harmful attachments that can be used to steal confidential user data such as login credentials or credit card numbers. Opening an unknown and potentially unsafe email attachment can have a detrimental impact on any business – not only in terms of financial loss and loss of business, but also reputational damage.

How will the Magnet+ Cyber Security Pack help businesses?

One element of the new product involves engaging a simulated Email Phishing Campaign that will test employee’s security awareness and see if they open a phishing attachment or not. Results will be reported, highlighting any areas for improvement while follow-up training videos will also be offered to staff.

Other elements of the new Cyber Security Pack from Magnet+, which brings a unique mix of services together for the first time making it a beneficial tool if you are planning to invest in cyber security insurance include:

  • A monthly vulnerability scan which will identify weaknesses within your existing security systems by mimicking the actions of the most effective cybercriminals and offer advice on where your business should implement any extra required precautions.
  • A one-off three-day penetration test where intensive attempts are made to break through your cyber defences over a three-day period employing the same tactics used by attackers. This is crucial to identifying weak spots and gaps in your cyber security system already in place.
  • A one-off Cyber Essentials self-assessment which will act as a baseline certification for IT architects and consultants. Magnet+ help secure and protect what you value most 24/7, allowing you to focus on your core business services.

The new product currently being rolled out by Magnet+ is in partnership with international IT, communications and technology innovator Exponential-e.  Magnet+ customers can now be secure in the knowledge that as well as benefiting from world class technical expertise, their business will have the highest level of cyber security controls possible.

Criminals are using QR codes to scam people in restaurants!

There has been a massive increase in the use of QR code restaurant menus over the past two years, and now it seems criminals are using this development to scam innocent people out of their money and data.

According to TitanHQ, an Anti Phishing Platform based in Galway and with offices in Connecticut, almost 84% of smartphone users have scanned a QR code at least once, and over 34% scan a QR code once a week. Cybercriminals love popular technologies and focus on them to scam, hack, and cause malware infection.

This popularity has led to a rise in “QR code phishing” and in the US the FBI even issuing a warning about QR codes, highlighting their use for data phishing. Here is how hackers use QR codes to hack your network and how you can prevent it:

Types of QR Code Phishing Scams

QR codes work by embedding instructions into a black and white dot-based image. They work a little like the barcodes you see on food in a store. A smartphone camera, app, or QR code scanning device scans the QR code. The scan then translates the data into human-readable information.

QR codes usually contain web links or links to media such as videos or links to download an app. This use of links in a QR code provides a cybercriminal with the opportunity to perform phishing.

During the pandemic, many restaurants switched to using QR code menus and have kept them. With a smartphone you can easily access the menu removing the need for  paper menus. The customer simply scans the barcode using their phone’s camera app, and a link to the online menu becomes available.

With a QR code scam the scammer replaces the legitimate menu QR code with a malicious one. Instead of taking the customer to the restaurant website, the fake QR codes takes them to a fake website designed to mimic the real account and have the customer divulge personal data.

QR-Phishing

Quishing is a mashup of QR codes and email phishing. The fraudsters embed a malicious QR code into a legitimate-looking email. A recent example of a quishing attack was a Microsoft Office 365 phishing campaign that used QR codes to steal log-in credentials. Researchers identified spoof Office 365 emails that offered access to missed voicemail messages by scanning a QR code. Scanning the QR code took the user to a fake Office 365 page, which requested credentials to gain access to the message.

QR codes are also being used in various regular scam types, such as tax scams. The UK tax department, HMRC, recently added support for QR codes on their website. However, fraudsters have now used this new feature as a basis for a new QR code tax phishing scam. The spoof HMRC email asks the recipient to scan the code to pay overdue tax. The QR code takes the taxpayer to a spoof site where their financial information is then stolen.

QRL Jacking

This is an older version of the more recent Quishing scam, but one that has phishing implications. QR codes are very convenient for users, and some companies have extended this convenience to their log-in systems, where users scan a QR code to log-in to an account. In QRL Jacking, an attacker navigates to a legitimate site, initiating a session and generating the QR code to log in. The attackers then capture this QR code (for example, using screen scraping) and places this legitimate QR code on a spoof site.

The attacker then uses spear-phishing to target an individual, tricking them into going to the spoof site. The target then uses the captured QR code to log-in; this logs into the original session, thus logging the attacker into the legitimate account. This scam is more challenging to carry out as it is time-sensitive; however, it will be worth the effort if this is a high-value or sensitive account.

QR crypto scams

QR codes are often used to make it more convenient to download a legitimate app. However, they can be used to encourage people to download malicious apps, including crypto-wallets. For example, the QR crypto-quishing scam involves capturing persistent consent (prior authorization) to use the wallet; this allows the fraudster to drain the wallets of cryptocurrency.

Drive-by-QR Code Phishing

Drive-by-downloads of malware are one of the most insidious forms of malware infection. A person must land on an infected site, and a flaw in any software they use can open the door to malware infection. QR code phishers take advantage of drive-by-download opportunities by sending phishing emails with QR codes that take the recipient to an infected website: one scan of the code and their mobile device may become infected with a trojan.

Ways to Prevent QR Code Phishing:

QR codes are one method in a long line of phishers’ favorites. No matter what technology comes along, fraudsters will find a way to exploit it if it is popular. Moreover, a single-point solution cannot capture all possible cyber-attack scenarios. Clever attack chains require a creative response, comprising a mix of security awareness training with advanced AI-enabled spam and content filers.

  1. Know your stuff: Education is key, use behavior-based security awareness training to limit the risks. If you’re worried about your working information, ensure that you include QR code phishing templates in your simulated phishing exercises so employees understand what these phishing emails look like and the different methods used to steal credentials and other data.
  2. Use a DNS filter: This will break the phishing cycle by stopping users from navigating to a malicious website. The DNS filter creates a ‘blocklist’ of URLs, using a dynamic system based on a “threat corpora”, based on the data from millions of subscribers. These data are used to train Machine Learning algorithms. The result is that even emerging malicious URLs are spotted and added to the blocklist.
  3. Apply email filters: Email filters such as SpamTitan use multiple mechanisms to catch difficult-to-detect phishing messages. These mechanisms include advanced AI-based algorithms to spot difficult-to-detect spam.