cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

QR codes being used in phishing campaign

Researchers have discovered a new phishing campaign that doesn't tell you, in words, where it is sending you.  (Imagine that.  Scammers trying to fool you.  Who woulda thunk it?)

 

They use QR codes.

 

Oh, you didn't know you could store URLs in QR codes?

 

Well, here is an example that I, as a long time specialist in malware and social engineering, guarantee is completely safe.

 

 

Rob Slade qrcode.png

 

I mean, you trust me, don't you?


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
4 Replies
MikeGlassman
Contributor II

Not sure why anyone would be surprised at this, since this sort of mechanism has been used for quite some time to push people to links without the person really knowing where it is they will be going to.

 

This is even more obvious when the link you get is a shortened link (which in general I dislike immensely, even if I can understand the need for it).

 

From there the steps to phishing, or even downloading malicious code is a short one.

Sincerely,

Mike Glassman, CISSP
Iguana man
AppDefects
Community Champion


@rslade wrote:

 

I mean, you trust me, don't you?


Click bait!

rslade
Influencer II

> MikeGlassman (Contributor I) posted a new reply in Industry News on 07-03-2019

> Not sure why anyone would be surprised at this, since this sort of mechanism has
> been used for quite some time to push people to links without the person really
> knowing where it is they will be going to.

I know. I try to point it out whenever I can: my conference presentations,
whatever the actual topic, always begin with a slide with "my" QR code on it.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Experience is a hard teacher because she gives the test first,
the lesson afterwards. - Vernon Law
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
rslade
Influencer II

> AppDefects (Contributor II) posted a new reply in Industry News on 07-03-2019

 

> Click bait!

 

Well, scan bait, maybe ...


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468