https://community.isc2.org/t5/Industry-News/QR-codes-being-used-in-phishing-campaign/m-p/24561#M3098 <P>Researchers have discovered a new phishing campaign that doesn't tell you, in words, where it is sending you.&nbsp; (Imagine that.&nbsp; Scammers trying to fool you.&nbsp; Who woulda thunk it?)</P><P>&nbsp;</P><P><A href="https://www.bleepingcomputer.com/news/security/phishing-security-controls-fully-bypassed-using-qr-codes/" target="_blank" rel="noopener">They use QR codes</A>.</P><P>&nbsp;</P><P>Oh, you didn't know you could store URLs in QR codes?</P><P>&nbsp;</P><P>Well, here is an example that I, as a long time specialist in malware and social engineering, guarantee is completely safe.</P><P>&nbsp;</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Rob Slade qrcode.png" style="width: 200px;"><img src="https://community.isc2.org/t5/image/serverpage/image-id/3320i621570E5F3EDA6AD/image-size/large?v=v2&amp;px=999" role="button" title="Rob Slade qrcode.png" alt="Rob Slade qrcode.png" /></span></P><P>&nbsp;</P><P>I mean, you trust me, don't you?</P> Wed, 03 Jul 2019 00:29:52 GMT rslade 2019-07-03T00:29:52Z https://community.isc2.org/t5/Industry-News/QR-codes-being-used-in-phishing-campaign/m-p/24561#M3098 <P>Researchers have discovered a new phishing campaign that doesn't tell you, in words, where it is sending you.&nbsp; (Imagine that.&nbsp; Scammers trying to fool you.&nbsp; Who woulda thunk it?)</P><P>&nbsp;</P><P><A href="https://www.bleepingcomputer.com/news/security/phishing-security-controls-fully-bypassed-using-qr-codes/" target="_blank" rel="noopener">They use QR codes</A>.</P><P>&nbsp;</P><P>Oh, you didn't know you could store URLs in QR codes?</P><P>&nbsp;</P><P>Well, here is an example that I, as a long time specialist in malware and social engineering, guarantee is completely safe.</P><P>&nbsp;</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Rob Slade qrcode.png" style="width: 200px;"><img src="https://community.isc2.org/t5/image/serverpage/image-id/3320i621570E5F3EDA6AD/image-size/large?v=v2&amp;px=999" role="button" title="Rob Slade qrcode.png" alt="Rob Slade qrcode.png" /></span></P><P>&nbsp;</P><P>I mean, you trust me, don't you?</P> Wed, 03 Jul 2019 00:29:52 GMT https://community.isc2.org/t5/Industry-News/QR-codes-being-used-in-phishing-campaign/m-p/24561#M3098 rslade 2019-07-03T00:29:52Z https://community.isc2.org/t5/Industry-News/QR-codes-being-used-in-phishing-campaign/m-p/24569#M3099 <P>Not sure why anyone would be surprised at this, since this sort of mechanism has been used for quite some time to push people to links without the person really knowing where it is they will be going to.</P><P>&nbsp;</P><P>This is even more obvious when the link you get is a shortened link (which in general I dislike immensely, even if I can understand the need for it).</P><P>&nbsp;</P><P>From there the steps to phishing, or even downloading malicious code is a short one.</P> Wed, 03 Jul 2019 04:03:13 GMT https://community.isc2.org/t5/Industry-News/QR-codes-being-used-in-phishing-campaign/m-p/24569#M3099 MikeGlassman 2019-07-03T04:03:13Z https://community.isc2.org/t5/Industry-News/QR-codes-being-used-in-phishing-campaign/m-p/24578#M3101 <BLOCKQUOTE><HR /><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1324864413">@rslade</a>&nbsp;wrote:<BR /><P>&nbsp;</P><P>I mean, you trust me, don't you?</P><HR /></BLOCKQUOTE><P>Click bait!</P> Wed, 03 Jul 2019 13:01:18 GMT https://community.isc2.org/t5/Industry-News/QR-codes-being-used-in-phishing-campaign/m-p/24578#M3101 AppDefects 2019-07-03T13:01:18Z https://community.isc2.org/t5/Industry-News/QR-codes-being-used-in-phishing-campaign/m-p/24599#M3106 &gt; MikeGlassman (Contributor I) posted a new reply in Industry News on 07-03-2019<BR /><BR />&gt; Not sure why anyone would be surprised at this, since this sort of mechanism has<BR />&gt; been used for quite some time to push people to links without the person really<BR />&gt; knowing where it is they will be going to.<BR /><BR />I know. I try to point it out whenever I can: my conference presentations,<BR />whatever the actual topic, always begin with a slide with "my" QR code on it.<BR /><BR />====================== (quote inserted randomly by Pegasus Mailer)<BR />rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org<BR />Experience is a hard teacher because she gives the test first,<BR />the lesson afterwards. - Vernon Law<BR />victoria.tc.ca/techrev/rms.htm <A href="http://twitter.com/rslade" target="_blank">http://twitter.com/rslade</A><BR /><A href="http://blogs.securiteam.com/index.php/archives/author/p1/" target="_blank">http://blogs.securiteam.com/index.php/archives/author/p1/</A><BR /><A href="https://is.gd/RotlWB" target="_blank">https://is.gd/RotlWB</A> Wed, 03 Jul 2019 18:16:39 GMT https://community.isc2.org/t5/Industry-News/QR-codes-being-used-in-phishing-campaign/m-p/24599#M3106 rslade 2019-07-03T18:16:39Z https://community.isc2.org/t5/Industry-News/QR-codes-being-used-in-phishing-campaign/m-p/24615#M3111 <P>&gt; AppDefects (Contributor II) posted a new reply in Industry News on 07-03-2019</P><P>&nbsp;</P><P>&gt; Click bait!</P><P>&nbsp;</P><P>Well, scan bait, maybe ...</P> Wed, 03 Jul 2019 20:23:48 GMT https://community.isc2.org/t5/Industry-News/QR-codes-being-used-in-phishing-campaign/m-p/24615#M3111 rslade 2019-07-03T20:23:48Z