QRishing: The Susceptibility of Smartphone Users to QR Code Phishing Attacks (CMU-CyLab-12-022)

نویسندگان

  • Timothy Vidas
  • Emmanuel Owusu
  • Shuai Wang
  • Cheng Zeng
  • Lorrie Cranor
چکیده

The matrix barcodes known as Quick Response (QR) codes are rapidly becoming pervasive in urban environments around the world. QR codes are used to represent data, such as a web address, in a compact form that can be readily scanned and parsed by consumer mobile devices. They are popular with marketers because of their ease in deployment and use. However, this technology encourages mobile users to scan unauthenticated data from posters, billboards, stickers, and more, providing a new attack vector for miscreants. By positioning QR codes under false pretenses, attackers can entice users to scan the codes and subsequently visit malicious websites, install programs, or any other action the mobile device supports. We investigated the viability of QR-code-initiated phishing attacks, or QRishing, by conducting two experiments. In one experiment we visually monitored user interactions with QR codes; primarily to observe the proportion of users who scan a QR code but elect not to visit the associated website. In a second experiment, we distributed posters containing QR codes across 139 different locations to observe the broader application of QR codes for phishing. Over our four-week study, our disingenuous flyers were scanned by 225 individuals who subsequently visited the associated websites. Our survey results suggest that curiosity is the largest motivating factor for scanning QR codes. In our small surveillance experiment, we observed that 85% of those who scanned a QR code subsequently visited the associated URL.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

QRishing: The Susceptibility of Smartphone Users to QR Code Phishing Attacks

The matrix barcodes known as Quick Response (QR) codes are rapidly becoming pervasive in urban environments around the world. QR codes are used to represent data, such as a web address, in a compact form that can be readily scanned and parsed by consumer mobile devices. They are popular with marketers because of their ease in deployment and use. However, this technology encourages mobile users ...

متن کامل

School of Phish: A Real-Word Evaluation of Anti-Phishing Training (CMU-CyLab-09-002)

PhishGuru is an embedded training system that teaches users to avoid falling for phishing attacks by delivering a training message when the user clicks on the URL in a simulated phishing email. In previous lab and real-world experiments, we validated the effectiveness of this approach. Here, we extend our previous work with a 515-participant, real-world study in which we focus on long-term rete...

متن کامل

A Framework to Prevent QR Code Based Phishing Attacks

Though the rapid development and spread of Information and Communication Technology (ICT) making people's life much more easier, on the other hand it causing some serious threats to the society. Phishing is one of the most common cyber threat, that most users falls in. This research investigate on QR code based phishing attacks which is a newly adopted intrusive method and how to enhance the aw...

متن کامل

Anti-Phishing framework based on Extended Visual Cryptography and QR code

Nowadays Online transactions are become very common and there are various attacks occur behind this. In these types of various attacks, phishing is very common attack. For detecting this attack various anti-phishing mechanisms are used. Propose a new authentication scheme for se-cure OTP distribution in phishing website detection through EVC and QR codes. The Website Detection using extended vi...

متن کامل

QR Codes and Security Concerns

It is important to differentiate between various objects and places in the real world. Any Smartphone equipped with a camera can read the content of QR code directly. QR codes being a two dimensional codes are useful in storing the information .This information isn’t present in human readable form hence an individual cannot anticipate whether this is a valid information or a maliciously manipul...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2012