Cybersecurity over the holiday season: guarding against QR codes and deepfake threats
As people prepare to celebrate the holiday season, they should be aware of some emerging cybersecurity concerns that have been on Crawford’s radar.
Vigilance around QR codes
QR codes are a common sight in our everyday lives. Originally created for convenient information sharing, these codes are unfortunately being increasingly used by cybercriminals, who have found innovative ways to exploit them.
It is imperative that all companies exercise caution when using QR codes, which can present a number of risks:
- Deceptive links: Cybercriminals can hide harmful URLs within QR codes that lead to fake websites, where login credentials can be stolen, or which can download malware onto your devices.
- Data theft: QR codes can also be used to steal sensitive information. An attacker might place QR codes on posters or physical items in public places. When scanned, these codes can lead to malicious websites that steal personal data or spread malware.
- Fake payment codes: In mobile payment systems, attackers can create QR codes that resemble legitimate payment requests, but which actually transfer funds to the scammer's account. Users scanning these codes may inadvertently end up making unauthorized payments.
Growing concern around deepfakes
Deepfakes are AI-generated videos or audio recordings that can convincingly mimic real individuals. This technology poses a new and evolving threat, particularly in the context of social engineering.
Deepfake attackers have been known to impersonate company CEOs to attempt to persuade other people in the organisation to carry out their wishes. If you suspect that you are the focus of a deepfake attack it’s essential to take immediate action by disconnecting the call and contacting your IT department or security advisor.
Deepfake risks can occur in a number of ways:
- Impersonations: Threat actors may use deepfake technology to create a realistic avatar of a legitimate person, such as a coworker, friend or family member. This avatar can then be used to join video calls and interact with other users. The goal of this type of attack is to gain the trust of others and then trick them into revealing sensitive information or taking actions that could compromise their security or the security of their organisation.
- Identity theft: Deepfake technology can be misused to steal someone's identity for fraudulent purposes. Attackers can create realistic videos or audio recordings of individuals for identity theft or financial fraud.
- Misleading content: Deepfakes can create convincing videos of people saying or doing things they never did, leading to misinformation and reputational harm for the individual who has been impersonated.
Holiday cybersecurity tips
As we all look forward to enjoying the holiday season, all companies should ensure their staff remain vigilant and informed about emerging cybersecurity threats, including QR codes and deepfakes, by keeping the following cybersecurity tips front of mind:
- Be aware: Spread the word among colleagues, friends, and family about the risks associated with QR codes and the growing concerns related to deepfakes.
- Verify sources: Always verify the source and authenticity of QR codes, and exercise caution if anything seems suspicious. Verify the authenticity of video or audio content by referencing it against multiple reliable sources.
- Update devices: Before taking time off for the holidays, update all devices and software to the latest security patches.
- Strengthen security: Whenever possible, enable two-factor authentication (2FA) to add an extra layer of protection to your account logins.
- Choose trusted apps: Consider using a reliable and trusted QR code scanner app with built-in security features that can detect and warn you about potential threats.
