You are here

Home:Blogs:Spam Emails Link To QR Codes
X-Labs
January 9, 2012

Spam Emails Link To QR Codes

Elad Sharf Security Researcher
Mobile Security Spam

It was just a matter of time, and now it's happening. The Websense® ThreatSeeker® Network has started spotting spam messages that lead to URLs that use embedded QR codes. This is a clear movement and evolution of traditional spammers towards targeting mobile technology. 

The spam email messages look like traditional pharmaceutical spam emails (image 1) and contain a link to the Web site2tag.nl. This is a legitimate Web service that allows users to create QR codes for URLs. Once the 2tag.nl URL from the mail message is loaded in the browser, a QR code is displayed, along with the full URL that the QR code resolves to on the right (image 2). When the QR code is read by a QR reader, it automatically loads the spam URL(or asks before loading, depending on which flavor of QR reader you have installed) (images 3 and 4). 

Websense customers have been protected against this attack with ACE, our Advanced Classification Engine. 

Image 1 - An example spam email message:

 

Image 2 - When the URL is loaded in the browser, a QR code appears:

 

Image 3 -  Scanning the QR code with a QR reader loads the pharmaceutical spam URL in the browser: 

 

Image 4 - The loaded URL offers pharmaceutical drugs:

ES

Elad Sharf

Security Researcher
Read more articles by Elad Sharf

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.
Learn more about Forcepoint