Study: QR usage soaring but so is fraud

New data out from MobileIron holds good news for mobile marketers and brands, also a bit of a warning. First, the good. QR codes have definitely caught on with mobile users, and more than half of mobile consumers say the codes make their lives simpler. But, the bad. As more people have begun using the codes and because many don't have good security software installed on mobile devices, the codes are a jumping off point for many fraudsters.

According to MobileIron's data fraudsters have begun taking advantage of the fact that more people are using QR codes, both on personal and on work devices. Researchers found that most people using QR codes (71%) can't distinguish between legitimate and malicious codes, and because these codes prompt a specific action like opening a URL fraudsters have taken to using fraudulent codes to get people to their sites so that they can then steal information.

"Hackers are launching attacks across mobile threat vectors, including emails, text and SMS messages, instant messages, social media and other modes of communication," said Alex Mosher, Global Vice President of Solutions, MobileIron. "I expect we'll soon see an onslaught of attacks via QR codes. A hacker could easily embed a malicious URL containing custom malware into a QR code, which could then exfiltrate data from a mobile device when scanned. Or, the hacker could embed a malicious URL into a QR code that directs to a phishing site and encourages users to divulge their credentials, which the hacker could then steal and use to infiltrate a company."

Researchers found that while most consumers can recognize a fraudulent website/URL (67%) most cannot distinguish between a real and fake/malicious QR Code (71%). And, more than half say they worry about QR codes and how they could be fraudulently but continue to use them anyway.

This is especially dangerous for companies who have more people working remotely or using personal devices for work because scanning a fraudulent code give that hacker access not only to the consumer's information but could potentially give access to company information.

"Companies need to urgently rethink their security strategies to focus on mobile devices," continued Mosher. "At the same time, they need to prioritize a seamless user experience. A unified endpoint management solution can provide the IT controls needed to secure, manage and monitor every device, user, app and network being used to access business data, while maximizing productivity. Organizations can also build upon UEM with a mobile threat defense solution to detect and remediate mobile threats, including malicious QR codes, even when a device is offline."









Tweet



No Comments

Print this article Print this article

Subscribe to BizReport




More articles from this category

More Stories on Related Topics