"Attaging" with QR Codes - The security threat for mobile recruitment


Posted By: Thomas Shaw, 9:21pm Tuesday 04 October 2011

I love all the hype around mobile recruitment. Apparently, QR codes are all the rage at the moment. Hands up those who have a QR code reader on their phone. Most likely the answer is QR what?

QR codes have been around for a number of years. I wrote about using QR codes in the recruitment process a while back and have used them for a number of client campaigns - but even with the best execution, the %CTR is very low.

One of the best things about QR codes is that you can embed nearly any type of content into the design. But there is a downside to this. You can maliciously disrupt others recruitment campaigns, download malware onto the users device, or send them to other malicious websites/applications!

This threat has been labeled "attaging" or "attack tagging". You might be interested to read a while paper on the subject called Using QR Tags to Attack Smart Phones

The user has little or no idea about what they are scanning with their phone by just looking at it. It's not until your phone reader software has processed the code and converted it into text/image that you realise what you are about to click through to.

For more information this up threat, check out these links.