Security Architecture, Application security, Endpoint/Device Security, Endpoint/Device Security, Threat Management, Threat Management, Malware, Phishing, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Spam with QR code targets mobile users

Researchers have revealed a new type of spam campaign that appears to be a test run to find out how mobile users will respond to social engineering attempts on their smartphones and tablets.

According to a Tuesday blog post from security firm Websense, the emails look like typical spam trying to hawk male enhancement drugs. However, in this case, they contain a link to a legitimate site -- 2tag.nl -- that generates quick response (QR) codes for URLs.

The link leads to an already-created QR code, which can be scanned by a mobile reader application available in places like the Android Market. After the code is recognized, a URL is loaded that advertises the counterfeit goods, including Viagra and Cialis.

"This is a clear movement and evolution of traditional spammers toward targeting mobile technology," Elad Sharf, a Websense Security Labs researcher, wrote in the blog post.

Patrik Runald, senior manager of security research at Websense, told SCMagazine.com that this is the first time his team has seen QR codes being used in spam. He added that the culprits may be trying out this tactic to see how people respond, with the goal of eventually evolving it to foist malware.


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.