Abstract
The current era of contactless operations and transactions, the use of Quick Response or QR codes has become more important than before for delivering information to a large group of people. Marketing enterprises commonly use QR codes to quickly deliver information to the intended customers. However, malicious actors also use QR codes to direct potential victims to malicious websites. This research evaluates the potential use of QR codes for delivering malware to targeted users. The objective of the study is to examine if participants who have some cybersecurity awareness training identify fraudulent QR codes. The study was also designed to analyze if the subject of the QR code and poster design affect the ability to determine the validity of QR code. Thirty college students who have taken some level of computer security courses participated in the study. The participants were tasked with examining the poster carefully and scanning the QR code with their phones. They were told to not go to the websites that the QR code contained as this would reveal the validity of the link. Overall, this study shows that participants are very likely to trust QR codes as legitimate source of information even if they are not. This could expose the user to a litany of possible cyber-attacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Soon, T J.: QR code. Synth. J. 2008, 59–78 (2008)
Dou, X., Li, H.: Creative use of QR codes in consumer communication. Int. J. Mob. Mark 3(2), 61–67 (2008)
Kharraz, A., et al.: Optical delusions: a study of malicious QR codes in the wild. In: 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. IEEE (2014)
https://owasp.org/www-community/attacks/Qrljacking. Accesed 9 Aug 2022
Vidas, T., Owusu, E., Wang, S., Zeng, C., Cranor, L.F., Christin, N:. QRishing: the Susceptibility of Smartphone Users to QR Code Phishing Attacks. In: Adams, A.A., Brenner, M., Smith, M. (eds.) Financial Cryptography and Data Security. FC 2013. Lecture Notes in Computer Science, vol. 7862, pp. 52–69, Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-41320-9
Focardi, R., Luccio, F.L., Wahsheh, H.A.M.: Usable security for QR code. J. Inf. Secur. Appl. 48(2019), 102369 (2019). https://doi.org/10.1016/j.jisa.2019.102369
Tetri, P., Vuorinen, J.: Dissecting social engineering. Behav. Inf. Technol. 32(10), 1014–1023 (2013). https://doi.org/10.1080/0144929X.2013.763860
Mishra, A., Mathuria, M.: A review on QR code. Int. J. Comput. Appl.Comput. Appl. 164(9), 17–19 (2017)
OWASP. Cross-Site Scripting (XSS) | OWASP. Foundation. Retrieved 13 Feb 2020 https://owasp.org/www-community/attacks/xss/
Musuva, P., Chepken, C., Getao, K.: A naturalistic methodology for assessing susceptibility to social engineering through phishing. Afr. J. Inf. Syst. 11(3), 157–182 (2019)
https://www.ibm.com/analytics/spss-statistics-software. Accessed Aug 2022
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Cargrill, K., Abegaz, T., Parra, L.C., DaSouza, R. (2023). Scan Me: QR Codes as Emerging Malware Delivery Mechanism. In: Arai, K. (eds) Proceedings of the Future Technologies Conference (FTC) 2023, Volume 2. FTC 2023. Lecture Notes in Networks and Systems, vol 814. Springer, Cham. https://doi.org/10.1007/978-3-031-47451-4_44
Download citation
DOI: https://doi.org/10.1007/978-3-031-47451-4_44
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-47450-7
Online ISBN: 978-3-031-47451-4
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)