QRishing: The Susceptibility of Smartphone Users to QR Code Phishing Attacks (CMU-CyLab-12-022)
نویسندگان
چکیده
The matrix barcodes known as Quick Response (QR) codes are rapidly becoming pervasive in urban environments around the world. QR codes are used to represent data, such as a web address, in a compact form that can be readily scanned and parsed by consumer mobile devices. They are popular with marketers because of their ease in deployment and use. However, this technology encourages mobile users to scan unauthenticated data from posters, billboards, stickers, and more, providing a new attack vector for miscreants. By positioning QR codes under false pretenses, attackers can entice users to scan the codes and subsequently visit malicious websites, install programs, or any other action the mobile device supports. We investigated the viability of QR-code-initiated phishing attacks, or QRishing, by conducting two experiments. In one experiment we visually monitored user interactions with QR codes; primarily to observe the proportion of users who scan a QR code but elect not to visit the associated website. In a second experiment, we distributed posters containing QR codes across 139 different locations to observe the broader application of QR codes for phishing. Over our four-week study, our disingenuous flyers were scanned by 225 individuals who subsequently visited the associated websites. Our survey results suggest that curiosity is the largest motivating factor for scanning QR codes. In our small surveillance experiment, we observed that 85% of those who scanned a QR code subsequently visited the associated URL.
منابع مشابه
QRishing: The Susceptibility of Smartphone Users to QR Code Phishing Attacks
The matrix barcodes known as Quick Response (QR) codes are rapidly becoming pervasive in urban environments around the world. QR codes are used to represent data, such as a web address, in a compact form that can be readily scanned and parsed by consumer mobile devices. They are popular with marketers because of their ease in deployment and use. However, this technology encourages mobile users ...
متن کاملSchool of Phish: A Real-Word Evaluation of Anti-Phishing Training (CMU-CyLab-09-002)
PhishGuru is an embedded training system that teaches users to avoid falling for phishing attacks by delivering a training message when the user clicks on the URL in a simulated phishing email. In previous lab and real-world experiments, we validated the effectiveness of this approach. Here, we extend our previous work with a 515-participant, real-world study in which we focus on long-term rete...
متن کاملA Framework to Prevent QR Code Based Phishing Attacks
Though the rapid development and spread of Information and Communication Technology (ICT) making people's life much more easier, on the other hand it causing some serious threats to the society. Phishing is one of the most common cyber threat, that most users falls in. This research investigate on QR code based phishing attacks which is a newly adopted intrusive method and how to enhance the aw...
متن کاملAnti-Phishing framework based on Extended Visual Cryptography and QR code
Nowadays Online transactions are become very common and there are various attacks occur behind this. In these types of various attacks, phishing is very common attack. For detecting this attack various anti-phishing mechanisms are used. Propose a new authentication scheme for se-cure OTP distribution in phishing website detection through EVC and QR codes. The Website Detection using extended vi...
متن کاملQR Codes and Security Concerns
It is important to differentiate between various objects and places in the real world. Any Smartphone equipped with a camera can read the content of QR code directly. QR codes being a two dimensional codes are useful in storing the information .This information isn’t present in human readable form hence an individual cannot anticipate whether this is a valid information or a maliciously manipul...
متن کامل