Kaspersky Urges Users To Be Alert To Email Containing QR Code
JAKARTA - Currently, cyber crime modes are getting more and more in shape. Not infrequently, users may have received emails that appear to come from official companies like Microsoft, which contain QR codes.
Based on Kaspersky's findings, this type of email typical usually contains a notification saying that your account password will expire soon, so that passwords must be changed and QR code scans are required in the email and follow the instructions.
Or, other cases may be that the email may warn the recipient that the featuring session has ended today''. To avoid this, users are advised to immediately scan the QR Code, otherwise, access to the ballot box can be lost.
Then, after you scan the QR code, what will happen? Links in QR codes will usually take you to a fairly convincing replica Microsoft login page.
In this case, Kaspersky found interesting details, where some phishing links in QR codes lead to IPFS resources.
IPFS (InterPlanetary File System) itself is a communication protocol for sharing files that have a lot in common with Trerents. This allows you to publish any files on the internet without domain registration, hosting, or other complications.
In other words, the phishing page is directly located on the perpetrator's phishing computer and can be accessed via a link via the special IPFS gateway.
"If you receive an email asking to, say, confirm something, or log into an account, or reset passwords, or perform similar actions, and this email contains only QR codes, you may be dealing with fraud," said Roman Dedenok, security expert at Kaspersky.
That way, you can safely ignore and delete the email. Because according to Kaspersky, there is no legitimate authentication system that recommends scanning the QR code as your only option.
And if necessary scanning the QR code from an unknown source, we recommend Kaspersky's security solution with a secure QR code scanner function. This will check the contents of the QR code and warn you if something is fake in it," he concluded.