The Jersey IT Group Blog

Phishing Scam In New Jersey Using QR Codes

Person holding a phone and scanning a QR code from an email phishing scam

Share This Post

Be on the lookout for a dangerous email phishing scam involving QR codes.

The New Jersey Cybersecurity & Communications Integration Cell recently issued a warning about a QR code scam that’s landing in inboxes of NJ businesses.

In 2022, the FBI issued a Public Service Announcement with tips to protect against QR code scams. This tactic is being used effectively today.

Here’s How It Works

The email appears legitimate as phishing scams often do. This is why they’re so effective at stealing information like passwords and getting access to banking information.

This phishing email appears to be a typical email but includes a QR code either in the body of the email or in an email attachment. And there’s more…

According to the recent NJ alert, those who received the QR code phishing scam reported that they looked like real emails from their IT department requesting to click the QR code to run necessary updates or maintenance for 2FA (two-factor authentication).

What Happens After You Click The QR Code

  • You could land on what appears to be a legitimate web site where your login credentials could be stolen. Then, the hacker gains access to your system or accounts.
  • It could trigger a download of a dangerous application like malware, providing the hacker with access to confidential company information.
  • Your now stolen password may be attempted on sites where you may have an account. Since many people use the same passwords for different logins (a major no-no but we know it happens), the hacker may try to get access to as many accounts as possible. The more the merrier as far as hackers are concerned.
  • Money may be stolen from accounts where they gain access.
  • Your personal or business information may be sold on the dark web (where the hackers make their deals).
  • Stolen information is often published to a public web site for all to see before the hacker requests a ransom.
  • Files may become encrypted and no longer accessible. This can stop business in its tracks. How much work could you get done if you couldn’t access your files?

The Red Flags To Look For In A Phishing Scam

  • Ask yourself, were you expecting this email?
  • Is it from someone you know or work with?
  • If you hover over the email, is the email address the one you recognize and known to be real or is it questionable?
  • Are there any misspellings in the email?
  • Are you addressed by name as you typically are or is the greeting unusual?

What To Do If You Get A Suspicious Email

  1. Contact the sender in person if they’re within your organization.
  2. If the sender isn’t from within your organization, confirm by calling using the number you already have, not the phone number listed in the email. Use the company’s actual web site if you need to look it up.
  3. Don’t click any links in the email.
  4. Don’t open any attachments.
  5. Never reply to the email.

What To Do If You Click And It’s a Phishing Scam

  1. Contact your IT department immediately.
  2. Don’t let your fear get in the way of good decisions.

How To Stop The Spread of A Phishing Scam

With cyber threats on the rise, sharing this scam alert will help protect colleagues, friends and vendors.

An email or text phishing scam, known as SMiShing, is a hugely successful strategy hackers use. The best defense against accidentally turning over the company’s keys to the kingdom is to enroll in ongoing security awareness training.

Security awareness training is critical and can be the most effective tool to implement. If a phishing email gets past all of the security filters, the action taken by the email recipient can prevent or trigger serious problems within an organization. Done right, security awareness training is continual. Annual training isn’t enough. Hacking trends and tactics change regularly and the messages look more and more authentic. Training should include samples of scams along with the red flags to look for. Training should include quizzes to test knowledge levels. Simulated phishing emails should be sent regularly to test for weak spots and guide future training.

Conclusion

QR Code email scams are a sneaky way to disrupt business and add unnecessary costs. By looking for the signs, regularly training your entire organization and reporting phishing scams quickly, you’re helping to keep your information and your company’s safe.

For the full post from the NJ Cybersecurity & Communications Integration Cell and the FBI’s announcement, click the links below.

Warning from NJCCIC – New Jersey Cybersecurity & Communications Integration Cell

https://www.cyber.nj.gov/garden_state_cyber_threat_highlight/qr-code-phishing-campaigns

FBI’s PSA – “Cybercriminals Tampering with QR Codes to Steal Victims Funds”

https://www.ic3.gov/Media/Y2022/PSA220118

Startups need managed IT, cybersecurity, and cloud services to support growth and protect sensitive data.

Local providers understand the regional market and industry demands, making them better equipped to meet specific needs.

Managed IT services allow startups to focus on core business activities by outsourcing IT management to experienced professionals, reducing costs and minimizing risks.

Look for scalability, security, and affordability when selecting cloud solutions. A flexible cloud environment can grow with your business.

Cybersecurity is crucial for protecting sensitive data, avoiding financial loss, and preventing reputational damage.

An IT audit helps startups assess their current technology needs and plan for future projects. It’s essential for developing a strategy that supports long-term growth.

Startups should plan for IT upgrades as they grow, ideally 12-18 months in advance, to anticipate future technology needs and budget appropriately.

IT consulting helps startups make informed technology decisions, align IT with business goals, and stay competitive by adapting to changing market conditions.

Jersey IT Group has a deep understanding of the New Jersey market and specializes in delivering customized IT solutions for local startups.

Start by scheduling a consultation to discuss your IT needs and explore how Jersey IT Group’s tailored solutions can support your business growth.

Companies often struggle with measuring their tech ROI. Jersey IT Group’s podcast, Smart Tech Spending, provides valuable insight to help organizations overcome this challenge. The podcast offers tips on avoiding unplanned tech expenses, and advice on how to make technology investments that drive profitability and reduce costs.

Share This Post

More To Explore