Dubai, UAE – November 27, 2024 — With an anticipated increase of shopping activity in the UAE during White Friday, Cisco shares an advisory for consumers regarding the prevalence of malicious QR codes, based on insights from Cisco Talos.

Cisco Talos is a trusted global threat intelligence research team comprising world-class researchers, analysts, and engineers with unmatched visibility across the threat landscape, seeing more than 800 billion security events per day.

The Challenge

Whether ordering at a restaurant, purchasing a concert ticket, or even watching a football game, QR codes are everywhere. However, new data from Cisco suggests that consumers should be wary and not trust every QR code by default.

Spammers are always looking for innovative ways to circumnavigate spam filters, and using QR codes has emerged as a valuable technique to accomplish this. QR codes are disproportionately effective at bypassing anti-spam filters, as most filters are not designed to recognize that a QR code is present in an image and decode it. According to data by Cisco Talos, roughly 60% of all emails containing QR codes are spam.

QR Codes – The Lesser-known Threat

Security professionals have long advised consumers to avoid clicking on unfamiliar URLs to prevent phishing or malware exposure. However, many users do not apply the same caution when scanning unknown QR codes, despite the similar risks involved.

This concern is heightened during White Friday, with many sales already underway and more expected through the holiday season. Scammers are increasingly using QR code scams featuring fake package delivery updates, aiming to exploit the online shopping surge. As consumers anticipate numerous packages, they may unknowingly scan malicious QR codes that threaten their security.

Putting Up Defenses

The ideal defense against this type of scam is to avoid scanning any QR codes, however, this can be difficult, so users must exercise caution. Scanning a QR code is essentially the same as clicking on an unknown hyperlink, but without the ability to see the full URL beforehand.

Cisco shares several tips for consumers to protect themselves against the impact of malicious QR codes:

  • Use QR code decoders that are freely available online. Save a screenshot of the QR code, upload this image to the decoder, and it will tell you what data was encoded inside the QR code. This will enable you to inspect the link more closely.
  • Once you know the URL, navigate to it using an anti-virus defender application like Cisco Secure Malware Analytics (Threat Grid). This will allow you to view the content behind the URL from a safe place, without jeopardizing the security of your computer or mobile device.
  • Never enter your username and password into an unknown site. It is better to navigate directly to the site you wish to log in using its official web address, rather than clicking on a URL presented by an unknown third party.

Fady Younes, Managing Director for Cybersecurity at Cisco Middle East, Africa, Türkiye, Romania and CIS, said: “As QR codes become more prevalent, attackers are increasingly deploying them in phishing and email-based attacks. These types of attacks are particularly dangerous because they move the attack vector off a protected computer onto the target’s personal mobile device, which usually has fewer security protections in place and contains the type of sensitive information that malicious actors are after. To defend against QR code-based attacks, consumers must remain vigilant and verify the legitimacy of each QR code before scanning. This will help them ensure that anticipated short-term savings via White Friday sales do not come at the risk of exposing personal data and incurring potential financial burden.”