AT&T has posted a blog discussing the threat of malicious QR codes and how to mitigate them. Due to the ease of creation and the convenience of use, QR codes are a popular method organizations use to drive web traffic from the physical to the virtual. However, QR codes also engender trust, which can be abused by threat actors.
Using a QR code, criminals can take a variety of actions that help them exploit a user, including redirection to a malicious website, automatically downloading content to a device, connecting to a rogue wireless network, making phone calls, and triggering digital payments. While some of the latter options might seem outlandish, it is possible to trick users into thinking that is what is supposed to occur through clever social engineering. The blog urges the use of a mobile threat defense solution and maintaining heightened awareness when confronted with a QR code. Members are suggested to add this topic of discussion to their regularly scheduled user awareness and training programs. Read more at AT&T.