Senior IT Security Analyst Joe Heiden discusses new scams and threats taking place with quick response (QR) codes.
Selected Podcast
Be Cyber Aware: Safe Scanning of QR Codes
Joseph Heiden: Welcome to IT Security Talk today, your trusted source for the latest in cybersecurity topics at San Juan Regional Medical Center. I'm Joe Heiden, the San Juan Regional Medical Center Senior Security Analyst and Security Engineer. And today, I'll be diving into a topic that's become increasingly relevant in our digital age, the use and exploitation of quick response codes, otherwise known as QR codes.
QR codes or quick response codes have become a staple in our daily lives. From restaurant menus to payment systems, these little squares are everywhere. But with their rise in popularity, there's also been a rise in security concerns. A recent popular attack used by criminals is called Quishing, that's Q-U-I-S-H-I-N-G, otherwise known as QR Code phishing. Today, we'll explore how QR codes work, the potential risks they pose, and how you can protect yourself. Plus, I'll share some real time examples of QR code security breaches to highlight the importance of staying cyber aware.
First, let's break down what a QR code is. Essentially, it's a type of matrix barcode that can store a variety of data, such as URLs, contact information, or even payment details. When you scan a QR code with your smartphone, it quickly decodes the information and directs you to the intended content. But here's where the security issues come in, because QR codes are so easy to create, they can also be easily manipulated by malicious actors. For instance, a hacker could place a legitimate QR code with one that directs you to a phishing site where your personal information could be stolen.
So, let me tell you about some real life examples to understand the risk better. Parking meter scams. In several cities, scammers have placed fraudulent QR codes on parking meters. When unsuspecting victims scanned the QR codes to pay for parking, they were directed to fake payment sites. These resulted in financial losses and, in some cases, vehicles being towed or ticketed because the payment was never received.
Retail data breach, a major retail chain experienced a QR code phishing attack when cybercriminals placed fake QR codes on their products. Customers who scanned these codes were redirected to malicious websites designed to steal their personal and payment information. Even though the retail chain was not directly responsible for the attack, their reputation and ultimately their bottom line was affected.
Restaurant menu scams. And this is very important for all of you. During the COVID 19 pandemic, many restaurants switched to QR code menus to reduce physical contact. In some instances, attackers replaced legitimate QR codes with malicious ones, leading diners to phishing sites where their personal data could be compromised. Again, even though the restaurant was not directly responsible for the attack, their reputation and bottom line was affected.
Email phishing with QR codes. Attackers have embedded QR codes in phishing emails, bypassing traditional email security filters. When a recipient scans these codes, they are taken to fake login pages designed to steal their credentials.
So, how can you protect yourself? Well, here's a few tips. Verify the source. Always make sure the QR code is from a trusted source. If you're unsure, don't scan it. Use a QR scanner with security features. Some QR scanner apps have built in security features that can detect malicious links. Check the URL. After scanning, the URL will show up on your phone screen. Check the URL before clicking on it. If it looks suspicious, don't click on it. If you've received an email with a QR code, and you've scanned it, and it seems suspicious, report the email as a phishing email. And let the San Juan IT security team investigate it.
Safety and security of the San Juan digital environment, including business and patient data, depends on how well you, the caregivers of San Juan, are educated about the potential risks when receiving or using QR codes.
That's all I have for today's episode of IT Security Talk Today. Remember, while QR codes are convenient, it's crucial to stay cyber aware and protect your personal information, as well as keep the San Juan Regional Medical Center safe from prying eyes and tactics used by cyber criminals. I hope you found this information helpful. And for other helpful hints, tips, and alerts, feel free to visit the cybersecurity intranet site located under the departments tab. Until next time, I'm Joe Heiden. And by all means, stay cyber aware.