Technology has made seemingly everything fast, convenient and easily accessible. This is certainly true of quick response (QR) codes, those ubiquitous symbols you can find on everything from restaurant menus to product packages to advertisements. When you scan QR codes with a smartphone, you can access prices, instructions, product information and even payment apps.
But as with most technologies, fraud perpetrators have found ways to exploit QR codes — and steal from consumers and businesses. Here’s what you need to know.
How thieves use them
Last year, the FBI issued an alert about QR code tampering. Fraudsters replace or alter QR codes so that users are directed to malicious websites or inadvertently download malware onto their devices. Such schemes enable fraudsters to access victims’ account usernames and passwords and personal and financial information.
Unfortunately, it’s very easy for criminals to create QR codes using online tools. They replace the codes of legitimate businesses with their own by, for example, placing stickers over existing codes. Such stickers have been found on menus, parking meters, signs in front of businesses and packaging of all kinds. Fraudsters might also include them in phishing emails or printed advertisements, coupons or surveys sent through the U.S. Post Office.
Preventing QR fraud is similar in many ways to foiling phishing schemes. When you’re directed to a website, scrutinize it for authenticity. Fraudulent sites often look amateurish and feature misspellings and typos. The site’s name may be similar — but not quite the same — as the site you intended to visit. If you’re suspicious, don’t type in a username, password or payment information. Leave the site immediately.
Other ways to avoid QR code traps are to:
- Inspect physical objects for stickers or other signs the original QR codes have been replaced.
- Be careful about scanning any QR code included in an email. Try to verify the authenticity of the email first.
- Use only your phone’s camera to scan codes. You shouldn’t download a QR code app.
- Don’t make payments via QR codes. Go directly to the website by typing in the URL and only use payment processing systems that encrypt your information with SSL or TLS protocols.
Businesses can help protect themselves by routinely checking online and physical sites where they’ve placed QR codes for signs of tampering. Include a message with your QR code telling customers that they should notify you if scanning your code takes them to a suspicious site.
Be on guard
Not even QR codes are safe from fraud perpetrators. As with all types of fraud, your best defense is a good offense. Look closely at QR codes before you scan them and scrutinize the sites they lead to.
The latest data from Dark Reading’s annual Strategic Security Survey shows phishing continues to be an organization’s biggest problem. With 53% of organizations citing phishing as the cause of a security breach, organizations are keenly aware of the problem when mixing users, social engineering and phishing emails.
According to the survey:
- 58% say users being socially engineered via phishing or other scams is the most significant endpoint security concern.
- 48% of respondents say that if their organization experiences a major data breach in the next 12 months, the most likely cause will be a negligent end user.
So, users are the weak link in the security chain in most organizations. This requires some shoring up of security efforts around users, including Security Awareness Training to turn the user from a security liability to an asset who aids in protecting the organization.
According to the survey of those organizations that experienced a cybersecurity breach in the last 12 months:
- 23% reported network disruptions and application unavailability.
- 17% say they experienced a major financial loss.
- 15% reported fraud.
Phishing and the user have been proven to be an effective initial attack vector. And with the potential damage an attack can have, it’s imperative to strengthen every part of your security stance – including the user.
Information used in this article was provided by our partners at KnowBe4.
Having a robust customer relationship management (CRM) system has proven valuable to companies as they navigate the changing sales landscape. During the pandemic, route sales and customer visits were put on hold. Now that we are turning the corner, tools to assist with the transition back to route sales and outside sales will play a key role.
Making sales more efficient with maps and CRM software
Integrating a mapping application, like Google Maps, with your CRM system provides powerful efficiencies. We all know how amazing the Google Maps data is, especially when you can zoom in to street level on any business in the world. Now is the time to leverage that information.
Integrating maps with CRM allows you to display customer or prospect companies as pinpoints on a map. Pinpoint colors can also be customized based on the type of company (customer, prospect, etc).
Clicking pinpoints provides you with additional CRM-related information on that company (status, primary contact, industry segment, last invoice date, etc).
What are the benefits?
If your company has route or territory sales processes in place, then seeing those records on a map can be a great tool for the route salesperson. The salesperson targets a few key accounts on their trip and schedules visits with those accounts. With a map interface, the salesperson can quickly and strategically fill in the gaps between those appointments by selecting companies from the map.
Some map applications will allow you to create pre-defined routes that include multiple days with designated stops for each day. You can give these routes names and then reuse or clone when you visit that route again in a few months. Some applications even let you add all of those stops to your calendar with a single click!
In a nutshell, the ability to visualize the CRM records on a map gives the sales team a unique and more efficient perspective on how they should call on their accounts and in what order.
Ready to get started?
Information used in this article was provided by our partners at Sage.
In one recent cybercrime scheme, a mortgage company employee accessed his employer’s records without authorization, then used stolen customer lists to start his own mortgage business. The perpetrator hacked the protected records by sending an email containing malware to a coworker.
This particular dishonest worker was caught. But your company may not be so lucky. One of your employees’ cybercrime schemes could end in financial losses or competitive disadvantages due to corporate espionage.
Why would trusted employees steal from the hand that feeds them? They could be working for a competitor or seeking revenge for perceived wrongs. Sometimes coercion by a third party or the need to pay gambling or addiction-related debts comes into play.
Although there are no guarantees that you’ll be able to foil every hacking scheme, your business can minimize the risk of insider theft by implementing several best practices:
Restrict IT use. Your IT personnel should take proactive measures to restrict or monitor employee use of email accounts, websites, peer-to-peer networking, Instant Messaging protocols and File Transfer Protocol.
Remove access. When employees leave the company, immediately remove them from all access lists and ask them to return their means of access to secure accounts. Provide them with copies of any signed confidentiality agreements as a reminder of their legal responsibilities for maintaining data confidentiality.
Don’t neglect physical assets. Some data thefts occur the old-fashioned way — with employees absconding with materials after hours or while no one is looking. Typically, a crooked employee will print or photocopy documents and remove them from the workplace hidden in a briefcase or bag. Some dishonest employees remove files from cabinets, desks or other storage locations. Controls such as locks, surveillance cameras and restrictions to access can help prevent and deter theft.
Treat workers well. Create a positive work environment and treat employees fairly and with respect. This can encourage loyalty and trust, thereby minimizing potential motives for employee theft.
In addition to the previously named threats, your office’s wireless communication networks — including Wi-Fi, Bluetooth and cellular — can increase fraud risk. Fraud perpetrators can, for example, use mobile devices to gain access to sensitive information. One way to deter such activities is to restrict Wi-Fi to employees with special passwords or biometric access.
For more tips on preventing employee-originated cybercrime, or if you suspect a fraud scheme is underway, contact us for help.
Did you know that 91% of successful data breaches start with a spear phishing attack?
IT pros have realized that simulated phishing tests are urgently needed as an additional security layer. Today, phishing your own users is just as important as having antivirus and a firewall. It is a fun and an effective cybersecurity best practice to patch your last line of defense: USERS
Find out what percentage of your employees are Phish-prone™ with your free phishing security test from our partner, KnowBe4.
Here’s how it works:
- Immediately start your test for up to 100 users.
- Customize the phishing test template based on your environment.
- Choose the landing page your users see after they click.
- Show users which red flags they missed, or a 404 page.
- Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management.
- See how your organization compares to others in your industry.