Latest news with #Egress
Yahoo
2 days ago
- Business
- Yahoo
Encrypted QR Codes are here. Should workplaces be using them?
Companies go to great lengths to protect sensitive personal and financial information. But as cybercriminals become increasingly sophisticated, scams are on the rise, putting key information at risk of being compromised. Scammers often use phishing techniques to access secure data or personal information. Cybersecurity company Egress reports that QR Code scams in emails accounted for 12.4% of all phishing emails in 2023, jumping from 1.4% just a year prior. Health care, hospitality, education, and insurance industries are most likely to be targeted with phishing schemes, according to a 2024 report from cybersecurity firm KnowBe4. While companies have long been aware of email phishing scams, QR Code "quishing" (QR Code + phishing) scams have presented a new way to manipulate and deceive. Quishing targets businesses in a few ways: Instead of taking users to legitimate websites, QR Codes direct users to fake websites that may prompt them to provide banking access or enter personal information like passwords. Fake QR Codes can also prompt users to download malware onto their devices, which can wreak havoc. Phishing is one of the most common crimes, according to the Federal Bureau of Investigation's Internet Crime Complaint Center. Phishing crimes were reported nearly 299,000 times in 2023—a 161% increase since 2019, according to a 2023 report from the Bureau. Some of those scams include the ubiquitous black-and-white squares that people have hijacked in phishing scams, prompting the Federal Trade Commission to issue a warning about the risks of QR Codes in 2023. Savvy workers might assume they're not susceptible to scams, but those geometric codes, difficult to distinguish from one another, may appear more benign than a sketchy URL. "They want you to scan the QR Code and open the URL without thinking about it," Alvaro Puig, a consumer education specialist for the FTC, said in a statement. Quishing scams often leverage brand names or familiar emails to dupe busy employees. A common scam is phishing emails that impersonate Docusign. Bad actors ask people to access funds from a "funds settlement agreement" by scanning a QR Code, which points them to a fake Docusign website where they can fork over their sign-in credentials. Other common Quishing attempts include Zoom meeting invitations and HR reminders for policy reviews, according to KnowBe4. The company's research found that globally, nearly 49% of clicks on phishing links in the third quarter of 2024 purported to be emails about HR or IT matters. Consumers may be familiar with public-facing scams, such as fraudsters tricking people into sharing payment information on fraudulent websites using fake QR Codes stickered onto parking meters. Fraud investigations into fake QR Codes have been underway across the nation, with cities like Austin, Houston, and San Antonio in Texas, as well as Newtown, Massachusetts, for instance. Meanwhile, however, businesses may face a different kind of threat from within if employees aren't aware of the risks of QR Codes or if hackers infiltrate systems to access information protected by QR Codes that lack extra security. As workplaces grapple with new security threats, businesses may seek extra protective measures. Uniqode examined industry reports and news coverage to find out how new technologies like encrypted QR Codes and ink authentication can help protect workplaces from scams. Companies can protect themselves by using encrypted QR Codes to secure their links further. There are varying levels of encryption, but they generally utilize a secret decryption key that allows the scanner, typically a phone, to read the QR Code before moving forward. For example, Google experimented in 2012 with encrypted QR Codes that allowed people to log into their email from a public computer. Users could scan the QR Code on their smartphone with the approved credentials; once this decryption passed, the email on the public computer would automatically log in. QR Codes can also be password protected, requiring a code to open the link and proceed. Dynamic QR Codes allow users to add passwords that can be changed later, whereas static QR Codes, once created, stay the same. Encrypted QR Codes can be helpful in settings where the shared information requires confidentiality or added security, such as health care records, event tickets, and legal documentation. Encryption helps protect the data stored inside a QR Code so only authorized users can access it. Businesses can use encrypted information to protect confidential consumer information during a breach and as an extra safeguard against extortion. An extra layer of security to guard data from bad actors can also give companies greater peace of mind. Massachusetts Institute of Technology researchers pioneered Invisible ink authentication, an advanced security measure designed to hide QR Codes in plain sight, such as on documents, to prevent counterfeiting. Invisible QR Codes have fluorescence—so they cannot be seen by the naked eye or detected by a camera lens. Only users aware of the fluorescence can utilize a specialized filter to detect and scan the code, accessing key information securely. Another advancement is algorithm-driven anti-copy technology, which adds a layer of security to QR Codes by preventing counterfeiters from passing off knock-offs as the real thing. Unlike regular QR Codes, which can be copied or modified to point users to a fake website, anti-copy security QR Codes have a subtle watermark and use an algorithm for authentication that makes them extremely hard to fake. They're particularly useful when used in pairs for shipping a product, where the top QR Code can be used multiple times along the shipping route, but the bottom QR Code can only be used once—authenticating the product. Old-school, street-smart techniques should not be underestimated in their capacity to protect people from quishing scams. "The good news is that the way to [be] safe from this malicious activity is to use the steps we have already learned from phishing and other social engineering attacks, such as only scanning codes from trusted sources, verifying links are legitimate and looking out for other red flags," Garrett McManaway, chief information security officer of Wayne State University, wrote in a blog post. Duke University security guidelines recommend only using native QR Code scanners, checking the URL to see if the code sends the user to the anticipated website, and other website details that signal authenticity, such as a matching logo and color scheme. Another hallmark of a quishing scam is a false sense of urgency—attempts to push victims to act quickly without thinking, such as contacting someone immediately to deliver a package or log in to an account due to alleged suspicious activity. People can protect themselves by being wary. Take a moment to think before scanning, avoid short URLs, and, if it seems fishy, there's a good chance it is phishy. Story editing by Alizah Salario. Additional editing by Elisa Huang. Copy editing by Kristen Wegrzyn. Photo selection by Lacy Kerrick. This story was produced by Uniqode (Beaconstac) and was produced and distributed in partnership with Stacker.
Buzz Feed
16-04-2025
- Entertainment
- Buzz Feed
Professionals Are Sharing Why Their Job Isn't As Glamorous As It's Made Out To Be
Recently, u/Highscore611 asked r/AskReddit, "What profession isn't nearly as glamorous as it's portrayed?" So we thought we'd share some of the top responses. 1. "Being a musician on the road, unless you're super famous. It's fun for sure. But it's not for everyone." – therealkaiser "Toured in a van with a band for three months in 2013 and it was simultaneously the best and worst experience of all time. Got to go to many places I wouldn't normally have gone. Met a huge variety of people. Played to some awesome crowds, stayed at some wild places – one of my bandmate's uncles lived in a literal mansion with a pool and we drank top shelf liquor all night – but literally the polar opposite would regularly happen the next day. Drive 10 hours with a hangover, play to no one, have no place to crash but the van in a Wal-Mart parking lot with seven other smelly dudes who haven't showered in three days while drinking PBR and finding out your next day was cancelled (i.e. no pay). You sort of can make it what you want if you plan it right and are willing to take a few blows along the way. If you're in a mid-tier band (like 'have your own bus and crew' kind of deal) then you have it a little easier." – RunningFromSatan 3. "Event planning – I was an event professional for over a decade and everyone always says 'oh what a fun job!' picturing that its just a never ending Pinterest board. Really, it's mostly Excel spreadsheets and people being pissed about how cold a room is." – Objective_Analysis_3 4. "Architect. It's like 75 percent coordinating trades and 20 percent trying to meet code Egress requirements and stuff." – kchatman 5. "Media of any type (TV/Radio/Newspaper). Low paying, terrible hours, and a media workplace that ISN'T toxic in one way or another is a unicorn." – HelloSweetie2 6. "Attorneys. If you're going off Suits, it ain't that interesting." – RelativeMastodon82 7. "Ever seen a ballerina's feet?" – AardvarkAapocolypse Fox Searchlight Pictures 8. "Advertising. Don't get me wrong. It's been a lot of fun. I've shot commercials in places such as LA, New York, and New Zealand. I've met a lot of interesting, artsy people and done lots of interesting things." "But at the same time, it can be a serious grind, with long hours, capricious clients, and constant subjectivity. After 35 years in the business, I consider it a minor miracle that I've gotten this far without a substance abuse problem, a divorce, an affair, or a weekly chit chat with a therapist." – AnybodySeeMyKeys 9. "Librarians. TV tends to show sexy librarians, or portray librarians as just sitting all day and reading. I've had people try to get their teenagers jobs as librarians, because they don't realise it's actually a Master's degree." "We don't get to read on the job, but we do get to deal with the public, which includes drunk/high people, homeless, mentally ill, and entitled people who 'pay our salary'. We get people who steal our materials and then will throw a tantrum because they can't check anything else out. We have belligerent people or drug deals that require us to call the cops. Many libraries have started training their staff to use NARCAN. Many libraries also expect their librarians to double as social workers. That's not even mentioning the programming that we do, as well. All for $18 bucks an hour or so, because even though it's a Masters degree, it's a 'feminine' field, and don't we all have rich husbands supporting us? We're expected to work ourself to death because of vocational awe." – AntiqueGreen 10. "Firefighting. Most career departments do 90% medical runs. My town picks up the same homeless people over and over and haven't had a real fire in over a year. Still the greatest job in the world, but it's not what it's like on TV. And when you do go to fires it's heartbreaking because someone just lost everything." – dontbthatguy 11. "Chef. We age like dogs. Seven years to every one normal human year." – BobKattersCroc Open Road Films 12. "Intelligence analyst. Much less James Bond and more accountant." – ACam574 13. "Professor/academic. Even in an Oxbridge college, nominally quite glamorous, it's an endless maze of disconnected online portals and passwords and grant applications and bureaucracy. You spend an outrageous amount of time doing admin and then do even more if you're successful. The ratio between what you are earning vs what you could be earning in the private sector as you climb the ladder is wild." – undoom 14. "Photographer. There's a lot of setting up gear, pulling down gear, making sure you REMEMBERED all of it, and hauling it all around. I do mostly events like fashion shows, private parties and location shoots – which means I'm carrying maybe 10lbs of gear around on a harness/hip bag etc, for hours. Keeping a few pounds of gear in front of your face doesn't sound like much until you have to do it for five hours straight. And that gear gets hot too – so you WILL be sweaty. I love it, but it's physically taxing and nowhere near glamourous." – nionvox Sony Pictures Releasing 15. "The film industry can be absolutely soul sucking, especially for below-the-line crew. Sure, it's kind of cool seeing celebrities in person and stuff in movies that haven't come out yet, but the hours are insane. If you're lucky, you'll work 10 hour days, though normally it's more like 12-14." "Some days you're up at the crack of dawn, some nights you're working until the sun comes up. When you're on a show full time you have no time to do anything out of work. When you're day playing, they shuffle the schedule around so much you can't plan anything. When you're not working, you start to panic about money. You're constantly searching for your next job. And dealing with the egos of directors and producers can be a nightmare. You're often working out in the elements. If where you live has seasons, you're be freezing your ass off in winter and burning alive in the summer. I got out when COVID hit, and I've never looked back." 16. "Environmental biologist. Going out on a boat is fun, until you're spending 14 hours out in six foot waves getting seasick and trying to sample, soaking wet and covered in fish guts. Or out on the prairie on a 100-degree day getting eaten alive by mosquitoes. Or on a mountain during a thunderstorm trying to sample some obscure plant or animal. Or stuck waist deep in a wetland, covered in sweat and mud.""
Yahoo
02-03-2025
- Yahoo
Should You Trust That Random QR Code?
You could probably tell the difference between a real text message and one sent by a scammer. The phishing text likely has a sense of urgency, asks for payment as a gift card and might make you wrinkle your brow at some of the wording. But could you tell a fake QR code from a legitimate one? Many of us are familiar enough with phishing scams -- where thieves impersonate a trusted sender to deliver a malicious web address -- to steer clear. But it can be significantly harder to recognize QR phishing, sometimes called Quishing or QRishing. Unlike phishing, in which you can typically see the web address to identify its legitimacy, there's no way to easily distinguish between the QR code for a menu or a parking payment app with one that takes you to a fraudulent site with a malicious download. The number of QR phishing attempts soared from 0.8% in 2022 to 12.4% in 2024, according to a recent Phishing Threat Trends Report from Egress. Although you can try to avoid QR codes altogether, there are many times when we have to rely on them to pull up menus or pay for parking. "To protect yourself from QR phishing, ensure your mobile device's security settings are up to date and use trusted security software," said Lisa Plaggemier, executive director of the National Cybersecurity Alliance. Plaggemier also recommends that you only scan QR codes from reputable sources, whether on a physical sign, website or email. And if a QR code seems suspicious or directs you to a site requesting sensitive information, stop immediately. QR phishing or QRishing is a cyber attack that uses QR codes linked to sites that trick users into downloading malicious content or providing sensitive information. After the victim has downloaded the content, the attackers steal user information such as passwords, financial data and other personally identifiable information, or PII. The information can then be used to commit identity theft and financial fraud. The trouble is, with QR codes, you may not be able to tell the difference between a malicious code and a legitimate one until you've scanned it. However, use your intuition. If you're at a gas pump and there is a random QR code beneath a questionable sticker, it's likely not worth scanning. Always be skeptical of any QR codes you see and consider their source. Be extremely suspicious of QR codes in the following places: Airports Restaurants Bus stops Flyers such as fake parking tickets Phony emails and text messages And remember that it's always possible for someone to place a sticker with a malicious code over a legitimate code on a sign, parking meter or other trusted location. Take a moment to examine public QR codes for signs of tampering. Watch out for QR codes from unsolicited text messages and emails, and be extra cautious of QR codes that promise free goods or prizes. To avoid QRishing scams, always use a trusted QR code scanner app that includes security features that can detect malicious links. You could try TrendMicro's QR Code scanner, QR & Barcode Reader by Gamma Play or QR Code Reader by TeaCapps. As a last resort, be sure to double-check the URLs you are being sent before clicking on them. Particularly for URLs that include common misspellings of popular company names or ones that merely contain the name of a trusted company within an untrusted domain name. If you're the victim of QRishing scam, it's important to report the crime and protect your information. Any information you've given to the scammers may be compromised, including your name, address, Social Security number and financial accounts. Contact your bank and inform them that your account has been compromised. You should immediately change your passwords, scan your devices for malware and implement multi-factor authentication if you haven't already. Also check your credit reports for fraudulent activity and consider freezing your credit. Here are some additional resources for victims of QR code scams: Federal Trade Commission -- The FTC has an online reporting site so that consumers can report fraud. You can also call the FTC's Consumer Response Center at (877) 382-4357 to file a fraud report by phone. -- The FTC also offers this site to help consumers report cases of identity theft, get a recovery plan and put it into action. You can also call the FTC Identity Theft Hotline at 1-877-IDTHEFT (1-877-438-4338). Social Security Administration -- The Social Security Administration offers resources for those who have had their Social Security number stolen. You can also report it to the Social Security Administration at or by calling its Office of Inspector General fraud hotline at 1-800-269-0271.
