Vending Magazine June 2021

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

QR CODES

Can you really

trust that QR code?

The use of QR codes has skyrocketed in the past 18 months, with a recent study revealing that the number of users scanning QR code coupons is expected to quadruple to 5.3 billion by 2022 from an estimated 1.3 billion last year. Here Hank Schless, senior manager Security Solutions at Lookout explores how trustworthy QR codes are.

D

uring a time where contactless communication is

preferred and even encouraged by governments, QR codes present an additional option for users to transfer information or relay a user to another online site or application. We often see them on advertisements and restaurant menus, or we interact with them when scanning travel tickets or common social media platforms. When a QR code is scanned, the

technology works by notifying and prompting the mobile user to interact with an external website – often involving entering personal data. QR codes have numerous use cases and users are typically asked to scan them when ordering

food, obtaining access to local WiFi hotspots, and to receive marketing information on consumer products. QR codes have certainly helped organisations move into the digital age but, as with anything that is digital, there are many security risks and scams associated with this technology that can be exploited by hackers.

QR codes and cybeRattacks

Due to the popularity of QR code usage, hackers are presented with fresh opportunities to target the wider public with relatively little effort. Creating a malicious QR code follows many of the same steps a hacker would follow when making a phishing scam, which is the most popular method of attack for cybercriminals. An evolution in hacking tactics has now merged phishing with QR codes, which can be easily designed; there is even a marketplace where individuals can buy cheap and customisable QR code phishing kits. Consequently, cybercriminals can mimic many of the worlds popular brands to target and exploit their customers’ sensitive data, without much expense. For instance, scammers have been known to send SMS

messages containing fake tracking details with QR codes from legitimate delivery services. As you can see here, it is very easy for an unsuspecting user to interact with the QR code and click the associated link, which would immediately lead to compromise. Malicious QR codes are also

known as ‘call-to-action’ scams as they require victims to provide a response or interact with the code and the link that appears on the device to begin the scam. This could take the user to a dangerous website, download an illicit application or even deploy malware that could take over the device. Due to the prevalent nature of

QR code technology, cybercriminals have now been presented with another avenue to cause mass disruption with little fear of being detected.

How to stop QR code tHReats

To prevent being impacted by a QR code attack, building security awareness to these threats will help reduce the number of people being scammed. For users scanning the QR code on their device, it is of vital importance to always check and verify a link and

site. If it looks suspicious, immediately avoid. However, the ingenious nature of cybercriminals means any URL can be created to fit a QR code to deceive individuals and even security professionals. Ultimately, both the public and businesses must deploy mobile threat defences to protect against interacting with malicious websites, apps, or networks on mobile devices. Computers have their own dedicated security policies and mobile devices should be given the same level of attention. With mobile device adoption

and usage growing in prominence, the technology that surrounds these devices has become a prime target for hackers to exploit. It is therefore strongly advised to follow security best practices and update applications and systems as soon as they are available, which is a good foundation to protect not only your device but yourself.

vendinginternational-online.com | 23

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28