This post is also available in: heעברית (Hebrew)

Based on a recent research report, more than 1.5 billion people utilized QR codes for digital transactions globally, and threat actors have made sure to exploit this trend as well.

A QR code (an initialism for quick response code) is a type of matrix barcode (or two-dimensional barcode) invented in 1994 by Japanese company Denso Wave. In practice, QR codes often contain data for a locator, identifier, or tracker that points to a website or application. A QR code consists of black squares arranged in a square grid on a white background, including some fiducial markers, which can be read by an imaging device such as a camera, and processed until the image can be appropriately interpreted. The required data is then extracted from patterns that are present in both horizontal and vertical components of the image.

So how do cyber criminals exploit these codes? Similarly to phishing attacks, threat actors use different methods to trick users into scanning malicious codes, according to For example, threat actors can send a phishing email containing a malicious QR code attachment. Once the user scans the QR code, it will direct the user to a phishing page that captures sensitive data like users’ login credentials.

Additionally, threat actors can entice users with a free Wi-Fi network that scans the QR Code. Malicious actors can also replace QR codes in public places with malicious ones that redirect users to phishing sites. As a result, the malicious QR codes can connect the victim’s device to a malicious network to reveal the user’s location and initiate fraudulent payments.

Prepared to dive into the world of futuristic technology? Attend INNOTECH 2023, the international convention and exhibition for cyber, HLS and innovation at Expo, Tel Aviv, on March 29th-30th

Interested in sponsoring / a display booth at the 2023 INNOTECH exhibition? Click here for details!