Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II
‎07-02-2019 08:29 PM
‎07-02-2019 08:29 PM

QR codes being used in phishing campaign

Researchers have discovered a new phishing campaign that doesn't tell you, in words, where it is sending you.  (Imagine that.  Scammers trying to fool you.  Who woulda thunk it?)

 

They use QR codes.

 

Oh, you didn't know you could store URLs in QR codes?

 

Well, here is an example that I, as a long time specialist in malware and social engineering, guarantee is completely safe.

 

 

Rob Slade qrcode.png

 

I mean, you trust me, don't you?


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Reply
4 Replies
MikeGlassman
Contributor II
‎07-03-2019 12:03 AM
‎07-03-2019 12:03 AM

Not sure why anyone would be surprised at this, since this sort of mechanism has been used for quite some time to push people to links without the person really knowing where it is they will be going to.

 

This is even more obvious when the link you get is a shortened link (which in general I dislike immensely, even if I can understand the need for it).

 

From there the steps to phishing, or even downloading malicious code is a short one.

Sincerely,

Mike Glassman, CISSP
Iguana man
Reply
AppDefects
Community Champion
‎07-03-2019 09:01 AM
‎07-03-2019 09:01 AM

@rslade wrote:

 

I mean, you trust me, don't you?

Click bait!

Reply
rslade
Influencer II
‎07-03-2019 02:16 PM
‎07-03-2019 02:16 PM

> MikeGlassman (Contributor I) posted a new reply in Industry News on 07-03-2019

> Not sure why anyone would be surprised at this, since this sort of mechanism has
> been used for quite some time to push people to links without the person really
> knowing where it is they will be going to.

I know. I try to point it out whenever I can: my conference presentations,
whatever the actual topic, always begin with a slide with "my" QR code on it.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Experience is a hard teacher because she gives the test first,
the lesson afterwards. - Vernon Law
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Reply
rslade
Influencer II
‎07-03-2019 04:23 PM
‎07-03-2019 04:23 PM

> AppDefects (Contributor II) posted a new reply in Industry News on 07-03-2019

 

> Click bait!

 

Well, scan bait, maybe ...


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Reply