[ad_1]
In the wake of the corona pandemic, QR codes have become one of the biggest scams, according to security experts.
Cybercriminals are constantly using new methods and tools to trick you. In 2021, we will be exposed to more fraud in the form of vaccine messages, QR codes and codes associated with your BankID, predicts the research center KnowBe4 Research, which is one of the world’s leading platforms for network security.
Criminals often send emails to trick the recipient into sharing sensitive personal information or to click links and download malicious software. This is called “phishing” and it will pose a major threat in 2021, KnowBe4 believes.
– A phishing message that we believe many will be exposed to in 2021 is the COVID-19 vaccine. For example, in the form of a message that appears to come from the health authorities, informing you that you can click on a link and find out when you can get vaccinated. We believe that many will be misled by such messages, says security expert Kai Roer, general manager of CLTRe and part of the KnowBe4 group of security experts.
Also read: Now there are changes: this is the SMS that you absolutely do not want to receive in the future
Therefore, Roer recommends that Norwegians be more skeptical about the emails and other messages they receive about the COVID-19 vaccine. Especially if the message contains a link that you are encouraged to click on.
Hans Marius Tessem works as a senior advisor at NorSIS: Norwegian Center for Information Security. He tells Nettavisen that scammers often bet on current events:
– Scammers have been doing this for as long as I can remember. It is a recurring theme.
Also read: The Norwegian Post warns after a fraud attempt: – Be suspicious
According to Roer, there are a number of holes in fully updated operating systems that have not been discovered or fixed by the developer himself. These are called “zero days.”
– If used by hackers and scammers, they bypass all antivirus and security mechanisms, Roer warns.
This, plus out-of-date machines and software, is the biggest security threat Norwegians face.
QR codes
As a result of, among other things, the corona pandemic, QR codes have recently become a “hit” in the catering industry. These are codes that you scan with your mobile phone to access, for example, restaurant menus. The problem with these is that you can’t say for sure where you end up.
– I personally do not use QR codes, says Roer.
Also read: Police filed a case against 16 party participants: – Not familiar enough with infection rules
Paint the following picture:
– What you can imagine is that before reaching a restaurant, criminals have pasted another QR code on the person who is physically at your table, and instead of linking to the menu, instead of linking it to a fake copy of the restaurant. website. Here you can order wine and a hamburger, provide the card information and pay. Then it won’t be full, but your bank account will be emptied, warns the security expert.
The case continues during the vote.
If Roer goes to a restaurant and is not allowed to order without using QR codes, he is consistent:
– Then I beg your pardon, but then I can’t eat here.
Also read: The head of the NHO with a gloomy message: – Unfortunately, he was right
He tells Nettavisen that everyone should be as skeptical of QR codes as he is.
Tessem tells Nettavisen that he sees the point of Roer and the potential for QR code fraud, but emphasizes:
– We must make an assessment of how dangerous it is. I am not aware of any examples in the NorSIS context where QR codes have been used for this. If you were exposed to something like that, you would find out early, by not eating or drinking. So it is important to contact the bank as soon as possible to block the card.
Tessem says that a QR code in, for example, a restaurant is basically a URL replacement. Instead of entering a long URL, you can scan the code.
– The practicality of a QR code outweighs the risk, says Tessem, who however agrees that one does not know in advance where the QR codes lead. He has the following tips to check if a website is authentic or not:
– If you are asked to log into a site with your username and password, and enter a customs username and customs password, and still enter the “page”, then I can guarantee that it is a fraud. Because then they try to steal your real username and password, but they don’t know if it’s correct because they have nothing to compare with.
Also read: The defendant Tesla will receive free charge
Tessem also says that this verification cannot be done with the card information, so you just have to make sure that you are in the right place.
Who are they kidding?
KnowBe4 has done a lot of research on online scams and who is duped most often.
– Young people, those who have grown up with technology and we like to think that they are very good at it, tend to be misled more often. They are less good at security and do not understand what technology really allows. You just see the benefits and expect a usage pattern and behavior that makes you click and share rather than stop before opening. Install apps that often look great that your friends have before checking to see if they’re safe, Roer says.
But it’s not just the young who fail here:
– The other group we see are slightly older people, who may not be used to using technology, but who may have a pad or an old PC that they use to communicate with their family. There we see that several of these machines are not so updated, because the elderly do not know that it is necessary.
Also read: Klæbo opens to leave the WC in Oberstdorf
– If a grandparent receives an email, which is apparently from the grandchild, perhaps with a picture and the text ‘Hello, grandpa! Open up and look at the photos of me here: ‘then Grandpa does. And if there is a message from the computer that says ‘Are you sure you want to run this software?’ Then curiosity and joy in communicating with the grandchild will override the security mechanisms. So hit yes and run software that maybe it shouldn’t have done.
The safest way to avoid online scams is not to use the computer at all, but since Roer says this is not an option, he has three clear tips:
– Make sure your computers are up to date at all times, use antivirus, use modern operating systems that have built-in security mechanisms, and be generally skeptical of unfamiliar attachments, links, and websites, says Roer.
Third threat
It has also become increasingly common to use multi-factor authentication (MFA), most often in the form of having to enter a code that you receive via mobile phone in addition to a password, because this is more secure. BankID is an example of this.
– More and more people are using this, but many are not aware that this is not enough to stop hackers and scammers. When a hacker finds out what kind of MFA you are using, they will take advantage of this and try to trick you into circumventing the protection it provides. For example, in the way of calling you and trying to trick you into entering the code that you get on your mobile. Only you should know the codes associated with your BankID and the codes you receive at other MFAs. You should never report this to others, advises Kai Roer.
Also Read: Good News For Electric Car Buyers – You Can Keep A Profitable Scheme
Tessem at NorSIS recommends everyone to use two-step login. This makes life more difficult for scammers:
– Those who cheat must then find new methods to get around that problem, and then resort to social manipulation to get people to hand over the code, so that they have both factors. We have seen examples of this.
Advertising
Great summary: these stores have started Christmas sales
