The Cybersecurity Threat No One Talks About Is A Simple Code
By Louis Columbus
QR code adoption is soaring this year as every business pursues touchless selling, service and customer experience strategies to protect their customers and employees during the pandemic.
- An estimated 11M households in the U.S. will scan a QR code this year and the majority of them, 71%, will not know if it is the start of a malicious hack.
- QR-based coupon codes are among the fastest-growing threat vectors globally, with 5.3B codes predicted to be redeemed by 2020.
- Last month Instagram joined Twitter as the second social network to universal QR codes to link back to personal profiles.
QR codes are going through a renaissance today. All businesses are focusing on how they can protect employees, customers and suppliers during the pandemic by adopting touchless transactions and services to provide a safer, more streamlined buying experience. Fraudsters are quick to capitalize on the opportunity QR codes’ soaring popularity present too. Combining social engineering with QR codes that can be created in a second, fraudsters are using them to open victims’ bank accounts and drain it within seconds, install malware, penetrate entire corporate networks and more.
QR Codes Are the Perfect Threat Vector for Fraudsters
Just as the pandemic has accelerated digital transformation by the necessity of protecting peoples’ lives quicker than any business case could ever match, QR codes’ renaissance is just as surprising to many businesses who had written them off. What makes QR codes such a stealthy, dangerous threat vector is how trusted and misunderstood they are. Of the many surveys of QR code adoption today, MobileIron’s QR Codes: Consumer Sentiment Survey provides insights into why QR codes’ popularity is increasing and the threats associated with them. The study is based on interviews with over 2,100 consumers across the U.S. and the U.K. Please see page 22 of the study for additional details on the methodology.
Key insights from the study include the following:
- 71% of respondents cannot distinguish between a legitimate and malicious QR code and nearly 17% have had a QR code misdirect their mobile device to a suspicious site. While three-quarters of respondents can’t easily identify a malicious QR code, it’s fascinating to see that 67% can identify if a URL is legitimate or malicious. One in five respondents has had a QR code misdirect them to a suspicious site. The majority (60.7%) believe that hackers can target victims with QR codes. The following is a summary of the survey’s findings.
- According to American Express, QR Codes have seen record growth in 2020, making payments the most widespread use of the technology today, further attracting fraudsters. The Asia-Pacific region has led the world in QR code adoption before the pandemic, with Japan and China dominating transaction revenue. MobileIron’s survey reflects the current QR code usage levels for payments in the U.S. and the U.K., with 27% having used QR codes to complete a transaction and 43% planning to soon. The study found that in the last six months, 38% of respondents have scanned a QR code at a restaurant, bar, or café; 37% of respondents have scanned a QR code at a retailer and 32% have scanned a QR code on a consumer product.
- MobileIron’s research found ten ways a simple QR code generated in seconds can hack your mobile device and life with a quick scan. MobileIron’s research uncovered ten ways QR codes can initiate actions that appear to come from you when in fact, they’re designed to hack your contact lists, e-mail, texts, location, hack your bank account and more. With 71% of respondents unable to distinguish a malicious QR code, the severity of this threat surface becomes clear.
Mobile devices are everyone’s identity, doubling as a digital lifeline to family, friends, jobs, social media and financial accounts. At the same time, employees are using mobile devices – and in many cases, their own unsecured devices – more than ever before to connect with others, interact with a variety of cloud-based applications and services and stay productive as they work from anywhere. Many employees are also using their mobile devices to scan QR codes in their everyday lives, putting themselves and enterprise resources at risk.
Alex Mosher, MobileIron’s Global Vice President of Solutions, says that “companies need to urgently rethink their security strategies to focus on mobile devices while at the same time prioritizing seamless user experience.” Alex advises businesses on how they can improve their unified endpoint management cybersecurity strategies to monitor every device, user, app and network being used to access business data while maximizing productivity. Of the many cybersecurity providers offering UEM solutions, MobileIron’s unique approach of combining unified endpoint management (UEM) with passwordless multi-factor authentication (Zero Sign-On) and mobile threat defense (MTD) is noteworthy. Their customers can validate security to the device level, establish user context, verify the network and detect and remediate threats to ensure that only authorized users, devices, apps and services can access business resources in a “work from everywhere” world.